HACKERS have now published sensitive patient information after stealing it from NHS Dumfries and Galloway’s IT systems — and are threatening future releases.
It yesterday emerged that some confidential clinical data has been released online by a ransomware group following the cyber attack two weeks ago.
It is said to include biochemistry and genetics reports, as well as letters between doctors discussing patient treatments and psychological reports.
And it’s believed those behind it are threatening to publish more unless their demands are met.
After the situation was revealed by the UK Defence Journal website, NHS Dumfries and Galloway admitted they were aware and that it related to ‘a small number of patients’, who are being contacted.
Chief executive Jeff Ace said: “We absolutely deplore the release of confidential patient data as part of this criminal act.
“This information has been released by hackers to evidence that this is in their possession.
“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government and other agencies in response to this developing situation.
“As part of this response, we will be making contact with any patients whose data has been leaked at this point.
“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”
However, one DGRI patient, who wishes to remain anonymous, yesterday demanded the public are told more about what’s going on.
She said: “If they know my data, they can steal my whole self, my actual ID, and take over my life.
“We need to know what information
exactly they have got and how they can use it. Also, how can I protect myself if something does happen?
“It does not matter that they have my medical records, it’s my personal information they are after and can actually use for fraudulent purposes. That’s what concerns me.
“Finally, when will the NHS have contacted all the people at risk?”
South Scotland MSP Colin Smyth also says the NHS and Scottish Government need to be more open about the scale of the threat to patient and staff data.
He said: “The public shouldn’t need to read about these threats on the internet. The NHS and Scottish Government should have been more open about the fact there was a clear attempt at extortion taking place, as everyone expected was the motive behind this cyber-attack on NHS Dumfries and Galloway
“NHS Dumfries and Galloway and the Scottish Government say they have contacted the small number of people whose data has been published but they need to say now whether they are confident that everyone affected by the cyber-attack has been contacted or, as seems likely, there is a possibility that far more data has been stolen but not yet published.”
He described the situation as ‘deeply concerning’, adding: “Since I raised this issue in Parliament with the Health Secretary I have had no update whatsoever. More importantly, patients and staff have been left in the dark and that’s unacceptable.
“There is nothing more personal that someone’s health records and patients deserve to know just how safe their data is.”