Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid


Cyber ​​extortionists have posted sensitive patient data stolen from NHS Dumfries and Galloway, part of the Scottish health system, on their darkweb blog in a bid to demand money from the local health board.

The service announcement earlier this month it was the target of a “targeted and ongoing cyberattack” and, although patient services were operating normally, it warned of the risk that “hackers could have acquired a quantity significant amount of data.

A ransomware group called INC Ransom claimed this week to have terabytes of data exfiltrated from the organization, posting some of those data samples on its extortion site as evidence.

Tailor-made health advice Web page published to inform patients about the impact of the attack confirmed “that clinical data relating to a small number of patients has been published”.

The criminals are threatening to release more data in the future unless the health board pays an extortion fee.

Dumfries and Galloway is the southernmost region of Scotland, sharing a border with the northwest of England. Its population is just under 150,000, almost all of whom are likely to be users of the country’s national universal health service.

In a statement, NHS regional board chief executive Jeff Ace said: “We absolutely deplore the disclosure of confidential patient data as part of this criminal act.

“NHS Dumfries and Galloway is very aware of the potential impact of this development on patients whose data has been published, as well as the general anxiety that could result within our patient population,” Ace said .

He added that the health board would contact “all patients whose data has been disclosed at this point and continue to work to limit any sharing of this information.”

A medical data breach could be extremely distressing for patients, as happened with a ransomware attack affecting the Australian health insurance industry. Medibankwhen processing logs and data have been compromised by criminals.

The ransomware attackers, seeking to extort the Australian company and affected patients, then began posting sensitive healthcare claims data for approximately 480,000 people, including information on drug treatment and abortions.

Ransomware attacks have affected many healthcare establishments in recent weeks. Earlier this month, a ransomware gang claimed to have sold stolen data from a children’s hospital in Chicago after listing it on the dark web for $3.4 million. Another attack on Change Healthcare caused weeks of disruption to healthcare and billing operations in hospitals, clinics and pharmacies across the country.

Attacks on British organizations have increased year on year since 2019. Earlier this week, the British government accused by a parliamentary committee to adopt the “ostrich strategy” by burying its head in the sand in the face of the “significant and imminent” national cyber threat posed by ransomware.

The Joint Committee on National Security Strategy had already warned that the government’s failure to deal with the threat meant there was a “high risk” that the country would face “a catastrophic ransomware attack at any time”.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

Leave a comment