A wake-up call for enhanced cyber security in healthcare following another breach of patient data

NHS Dumfries and Galloway was recently targeted in a cyber attack that disrupted services and compromised patient data write Abbey Wright.

It is working with police and the National Cyber Security Centre to assess the extent of the incident and the nature of data compromised.

The health trust cautioned about the potential acquisition of “a significant quantity” of patient and staff data by hackers last month. A group identifying as INC Ransom has since threatened to release three terabytes of data unless its demands are met. A portion of the breached data has already been released labelled as a “proof pack”. It includes confidential information on a select number of patients and employees and the group is now threatening to release all the stolen data.

Scotland’s First Minister Humza Yousaf said the Scottish Government was working to stop the data being released.

Despite the attack, patient services are operating effectively, according to Jeff Ace, the health trust’s chief executive. Efforts are underway to prevent similar attacks in the future, and the health board plans is contacting affected patients.

This recent breach serves as a stark reminder of the persistent threats faced by healthcare institutions globally. With healthcare data being of immense value to cyber criminals, the sector remains a prime target for malicious individuals seeking financial gain or aiming to disrupt vital services.

The incident at NHS Dumfries and Galloway is not an isolated case. In recent years, healthcare organisations worldwide have faced an onslaught of cyber attacks, each highlighting the vulnerabilities within the sector’s digital infrastructure.

As the investigation into the NHS Dumfries and Galloway cyber-attack unfolds, it serves as a wake-up call to healthcare leaders to prioritise cyber security investments, bolster defenses, and foster a culture of vigilance against evolving cyber threats.