A ransomware collective that attacked NHS Dumfries and Galloway is reported to have published large volumes of info on the dark web, in what leaders call an ‘abhorrent criminal act’

A ransomware group has published on the dark web a “large volume” of data belonging to NHS Dumfries and Galloway.

In March, the cybercrime gang revealed that it had already published data relating to a small number of patients as proof that they held the information and warned that more would follow unless a payment was made.

The new chief executive of NHS Dumfries and Galloway health board Julie White has confirmed a joint investigation with other national agencies including the Scottish Government, police and National Cyber Security Centre is underway to assess what information has been published.

White has called the release an “utterly abhorrent criminal act”.

Related content

• Capita admits possible compromise of customer data during cyberattack
• Hebridean council works on data recovery following cyberattack
• Cyber Security Week: Analysis – how and where are attackers getting in?

“We should not be surprised at this outcome, as this is in line with the way these criminal groups operate,” she said. “NHS Dumfries and Galloway is conscious that this may cause increased anxiety and concern for patients and staff, with a telephone helpline sharing the information hosted at our website. Data accessed by the cyber criminals has now been published onto the dark web – which is not readily accessible to most people. Recognising that this is a live criminal matter, we continue to follow the very clear guidance being provided to us by national law enforcement agencies.”

Speaking to the BBC, South of Scotland MSP Colin Smyth said “a very substantial amount of data” had been accessed, including contact details for staff and patients.

“It is important the NHS try to do what they did when the initial data was released – that is contact the individuals affected,” he said. “But if they can’t do that because the data is so substantial, it is very important the NHS make that clear at an early stage, and at the very least contact the most vulnerable people whose data may have been released onto the dark web.”

A Scottish Government spokesperson has said there are “no further incidents across NHS Scotland as a whole”.

A version of this story originally appeared on PublicTechnology sister publication Holyrood