By Tony O’ Reilly-
Sensitive data from Scotland’s National Records of Scotland (NRS) was compromised in a recent cyber attack on NHS computers, it has emerged. The breach, which occurred in March 2024, targeted the IT network of NHS Dumfries and Galloway, exposing private information temporarily held on the network.
The NRS, responsible for collecting and maintaining records and statistics in Scotland, confirmed that the compromised data included sensitive information about a small number of individuals, as well as information from statutory births, deaths, and marriages registers.
AD: Capeesh Restaurant
This information was being held on the NHS network as part of an administrative service to facilitate the transfer of patient records between health board areas, across UK borders, and overseas.
NRS Chief Executive Janet Egdell expressed concern over the breach, stating, “We are aware that this will be distressing news for those individuals most directly affected. This is a live criminal investigation and we are working closely with NHS Dumfries and Galloway, Police Scotland, Scottish Government, and other agencies involved in the inquiry.”
Egdell emphasized the organization’s commitment to cybersecurity and privacy, ensuring the continued safe provision of their services.
AD: Oysterian Sea Food Restaurant And Bar
The NRS is taking proactive measures to address the breach, including notifying fewer than 50 individuals whose information was taken and might be at risk of harm.
The affected individuals are being contacted directly, and the NRS has opened a dedicated mailbox for public inquiries at cyberincident@nrscotland.gov.uk.
In light of the incident, members of the public are advised to be vigilant for any unusual activity that may be related to the breach, including suspicious contacts claiming to have their data. Any such incidents should be reported to Police Scotland by phoning 101.
Police have also warned that attempting to access or share any leaked data could constitute an offence under the Data Protection Act.
The investigation into the cyber attack is ongoing, with authorities working to identify the perpetrators and mitigate any further risks.
This breach highlights the critical importance of robust cybersecurity measures within public institutions, particularly those handling sensitive personal data.
The collaboration between NRS, NHS Dumfries and Galloway, and law enforcement underscores the concerted effort to protect individuals’ privacy and prevent future incidents.
A Police Scotland spokesman said: “Police Scotland inquiries are continuing into a cyber attack on NHS Dumfries and Galloway.”
A Scottish government spokesperson said: “The Scottish government is aware of a further publication of data on the internet, linked to the recent cyber attack on NHS Dumfries and Galloway.
“It is important to note that the incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland as a whole.
“The Scottish government is working with the health board, Police Scotland and other agencies including the National Crime Agency and National Cyber Security Centre to assess the level of this breach and the possible implications for individuals concerned.
“The Scottish government is continuing to provide support to NHS Dumfries and Galloway as they deal with this ongoing situation. This remains an on-going police investigation.”
AD: Heritage And Restaurant Lounge Bar