Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services

NHS Dumfries and Galloway, part of the Scottish healthcare system, announced on Friday it was the target “of a focused and ongoing cyber attack.”

The nature of the incident has not yet been disclosed, although the health board announced there “may be some disruption to services as a result of this situation.”

Dumfries and Galloway is the southernmost region of Scotland, sharing a border with northwestern England. It has a population of just under 150,000 people — almost all of whom are likely to be users of the country’s universal National Health Service.

A bespoke web page published to update patients about the impact of the attack references “incursions into our systems” and warns “there is a risk that hackers have been able to acquire a significant quantity of data.”

The Scottish Government — which has devolved responsibilities for the country’s health service — alongside Police Scotland and the National Cyber Security Centre have been contacted “in line with our established protocols,” the service stated.

“Work is continuing together with cyber security agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data.

“Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them,” the service announced.

The breach of medical data could be extremely distressing for patients, as happened with a ransomware attack affecting Australian health insurance business Medibank, when histories and treatment data was compromised by criminals.

The ransomware attackers, seeking to extort the Australian business and the affected patients, subsequently began publishing sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions.

Although the nature of the Scotland incident has not yet been confirmed, it comes at a time when multiple healthcare organizations in the United States have been impacted by ransomware incidents.

Earlier this month, a ransomware gang claimed to have sold data stolen from a children’s hospital in Chicago after listing it on the dark web for $3.4 million. Another attack on Change Healthcare has caused weeks of disruption to healthcare and billing operations at hospitals, clinics and pharmacies across the country. 

Earlier this week, the British government was accused by a parliamentary committee of taking the “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware.

The Joint Committee on the National Security Strategy had previously warned that the government’s failures to tackle the threat meant there was a “high risk” the country faces a “catastrophic ransomware attack at any moment.”

In a statement sent to Recorded Future News, Neil Gray, the Scottish health secretary, said: “I am aware that NHS Dumfries and Galloway has been affected by an ongoing cyber-attack.”

Gray added that Scottish Government officials “have been in close contact with the board, Police Scotland, and other partners including the National Crime Agency and NHS National Services Scotland.”

The health secretary said that there were “well established procedures for dealing with a situation of this kind,” and added: “We are providing assistance and support to NHS Dumfries and Galloway as they handle this incident, and NHS NSS is engaging with the rest of NHS Scotland and providing updates as necessary.”

A spokesperson for the National Cyber Security Centre (NCSC) said: “We are working with law enforcement, NHS Scotland and the Scottish Government to fully understand the impact of an incident.”

The NCSC provides guidance and advice for individuals and families that have been affected by a data breach.

Emma Harper, a Member of the Scottish Parliament for the local area, said: “The news of a cyber attack on NHS Dumfries and Galloway will be deeply concerning for both staff and patients. However, it is important to note that patient services are not currently affected.

“Sadly, attacks like this have grown in prevalence in recent years and the events of today highlight the pressing need to improve the security of personal data and resilience against hackers,” added the Scottish National Party politician.

“I am hopeful that there will be a swift resolution in this instance, with the culprits found and that any stolen data is retrieved,” said Harper, “but in the meantime I encourage anyone who believes they have been affected to contact Police Scotland by calling 101.”