SERVICES delivered by NHS Dumfries and Galloway are ‘generally running as normal’ this week after its IT systems were hacked.
That was the message from health bosses yesterday, however they also revealed that work is ongoing to assess the consequences of last week’s cyber attack.
And concerns remain that hackers may have acquired a significant amount of data, including patient and staff-specific information.
NHS Dumfries and Galloway chief executive Jeff Ace said: “This has been viewed as an extremely serious matter demanding a major response.
“We’ve been very busy working with partner agencies to ensure the security of our systems, to adapt to the associated disruption, and to assess the potential risk posed by the hackers’ ability to access data.
“It must be noted that this is a live criminal investigation, and we are very limited in what we can say. In addition, a great deal of work is required in order to say with assurance what data may have been obtained, and we are not yet in that position.
“However, as it has been noted, there is reason to believe that those responsible may have acquired patient and staff-specific data.”
He stressed that patient and staff confidentiality is a key priority, along with ensuring welfare and wellbeing, adding: “As such, very great effort is being made to address this situation, and to try to prevent it from being repeated.
“We will look to update as and when we can, but in the meantime would again caution staff and patients to be on their guard for anyone accessing their systems, or anyone making contact with them claiming to be in possession of any information. Any such incidents should be reported immediately to Police Scotland on 101.”
Meanwhile, the incident was raised in the Scottish Parliament on Tuesday by South Scotland
MSP Colin Smyth, who asked for reassurances from the Scottish Government.
To Health Secretary Neil Gray, My Smyth said: “So far, the attacks do not appear to have caused any major disruption to patient services, which is welcome.
“However, it is deeply worrying that there is a risk that hackers were able to acquire a significant amount of information, which could include identifying data on patients and staff.
“We know from past attacks on the NHS that the motive can often be related to extortion attempts on organisations or individuals.
“What actions are being taken to protect staff and patients from extortion attempts?
“Will the cabinet secretary give a clear assurance that there will be clear, open and transparent communication with staff and patients about the possibility that they could be approached by someone claiming to be in possession of data relating to them, so that they know what to do in such circumstances?
“People are worried, and communication so far has been very limited.”
Speaking afterwards, Mr Smyth added: “This will be a worrying time for anyone whose records are held by the NHS and it is vital the NHS Dumfries and Galloway and Scottish Government keep patients informed as much as they can.”
Meanwhile, Galloway and West Dumfries MSP Finlay Carson expressed ‘real concerns’ about the possibility of leaked personal and sensitive data.
He also spoke on the matter in Holyrood this week, saying: “There are real concerns being raised by my constituents about how the leaked personal and sensitive data may be used.
“Therefore information, guidance and support from Dumfries and Galloway Health Board will be crucial in the coming day and weeks.”
South Scotland MSP Carol Mochan has also commented on the incident and said: “I understand that patients and staff will be extremely worried to hear about the cyber-attack on NHS Dumfries and Galloway.
“I will be asking questions on your behalf about the data breach, and this should be a cautionary tale for other health boards and public sector organisations in Scotland.”
n A dedicated web-page has been established on the NHS Dumfries and Galloway website at www.nhsdg.co.uk/cyberattack