NHS Dumfries and Galloway chief executive Julie White has contacted every household in the region to update them on the status of the investigation into the ransomware attack that hit the health board in February.
Leaflets distributed to households in Dumfries and Galloway include a letter from White with further information on what data was published and the risks facing residents as a result of the incident, describing it as “an extremely serious situation.”
White said the data published after the attack is typically individual files linked to x-rays, test results, as well as both internal and external communications, advising residents they should assume some data pertaining to them will have been exposed.
“We are advising people in Dumfries and Galloway that the best approach to take is to assume that some data relating to you is likely to have been copied and published. We are advising people in Dumfries and Galloway that the best approach to take is to assume that some data relating to you is likely to have been copied and published.”
She added that due to the volume of data accessed by the attackers, the board was forced to prioritize ‘high risk’ data related to the most vulnerable patients, stating that the board will be in touch with those affected.
White highlighted Dumfries and Galloway residents could be exposed to risks from identity theft, unauthorized access to computer systems, extortion attempts, as well as anxiety.
The health board has set up a helpline that can be used to get support both on staying secure in light of the event, and for psychological support for those struggling with stress related to the attack.
NHS Dumfries and Galloway breach was “much larger than first anticipated”
In February 2024, computer systems at NHS Dumfries and Galloway were accessed by threat actors. According to the board, the incident did not affect people’s care or treatment and no information was deleted or changed.
The hackers published some of the information stolen during the attack on the dark web on 6 May 2024. White said this was to be expected after the board refused to cooperate with the attackers’ extortion attempts.
Brian Boyd, head of technical delivery at i-confidential said the latest update from White indicates the incident is perhaps more serious than previously understood and will stoke some fear among residents.
"This update will cause serious concern among residents of Dumfries and Galloway. It is now being revealed that the breach was much larger than first anticipated and the likelihood of individual medical data being accessed by the attackers is very high,” he said.
On the attack itself, Boyd said it’s still unclear how the attackers were able to gain access to the network, but that it appears the hackers tried to grab as much data as possible once inside.
“It also sounds like the attackers have just copied as much data as they have been able to access. This sounds like an opportunistic move, but it also highlights how deep into the network they got without any barriers and without being detected by security tools. We don’t yet know how the attackers got in, but fortunately it sounds like the health board has now taken steps to mitigate this weakness.”
With attacks like this continuing with an alarming frequency, Boyd urged other organizations they need to learn from the attack, and tighten the security on their networks.
“Other organizations must learn from the incident and use it as a catalyst to improve their defenses against ransomware. Attacks are at an all-time-high and organizations must strive to harden their networks to avoid falling into a similar situation that the NHS Dumfries and Galloway is finding itself in now.”
