NHS Dumfries and Galloway has been the target of a focused and on-going cyberattack.
The organisation says this has prompted a swift response in line with its established protocols, working with partner agencies including Police Scotland, the National Cyber Security Centre and the Scottish Government.
In a statement, NHS Dumfries and Galloway said: “There may be some disruption to services as a result of this situation. During these incursions into our systems, there is a risk that hackers have been able to acquire a significant quantity of data.
“Work is continuing together with cybersecurity agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data.
“Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.”
Richard Staynings, Chief Security Strategist for Cylera, said: “It’s early days yet regarding the cyberattack on NHS Dumfries and Galloway so lots of things will still need to be investigated however, early accounts suggest this was a data exfiltration of Protected Health Information (PHI), and other data over the course of a persistent attack over months.
“While this is highly unfortunate, it’s a cyberattack that’s unlikely to be a direct risk to life unless this particular attack against confidentiality is accompanied by a systems availability attack or a data integrity attack. Confidentiality, Integrity and Availability (CIA) are the three pillars of the Security Triad. All three are required for security. To date, most hospitals have focussed their limited security budgets on protection of confidentiality at the expense of integrity and availability and this is one reason why so many hospitals have been extorted by cyber criminals through ransomware attacks.
“Police Scotland and the NCSA are no doubt now investigating the forensic evidence of the cyberattack on NHS Dumfries and Galloway, looking for malware or simple droppers that could be used to launch a more lucrative ransomware attack. Other than preserving evidence for later prosecution, this will likely be their top priority.”