INC Ransom Targets NHS Scotland, Steals Patient Data

This month, the NHS Dumfries & Galloway, a division of the National Health Service of Great Britain servicing the Dumfries and Galloway region in Scotland, encountered a severe cyberattack for which the ransomware group INC Ransom claimed responsibility.

The hackers allegedly stole 3 terabytes of data, including sensitive information related to patients and medical personnel. Authorities have stated that the data breach is confined to this region and has not affected the entire NHS Scotland system.

In response to the incident, concerted efforts are underway with Police Scotland, the National Crime Agency, and the National Cyber Security Centre to assess the extent of the breach and its potential impact on those affected.

It has been reported that the culprits have already published a portion of the stolen data, which includes medical test results (for both adults and children), medication information, as well as patients’ full names and home addresses. The data breach also includes information about medical personnel.

INC Ransom appears to have resorted to releasing the stolen information to increase pressure on the victim and compel them to pay a ransom. The British authorities strongly advise against paying any ransoms, although it is not prohibited by law, provided the criminals are not listed on sanction lists.

NHS Dumfries & Galloway previously described the incident as a “targeted and ongoing cyberattack,” without mentioning ransomware. However, it is now confirmed that data may have been compromised, and active efforts are being made to ensure security and prevent similar incidents in the future.

Jeff Ace, the Chief Executive of NHS Dumfries & Galloway, underscores the gravity of the situation and the importance of collaborative efforts among various agencies to protect systems and assess the risks associated with hacker access to data.

Experts note that the healthcare sector is particularly attractive to cybercriminals due to its size and system complexity, making data breach detection especially challenging.

Attacks on medical institutions remain a serious threat worldwide due to the critical importance of the services they provide. For instance, the American agency DARPA, to influence the situation, launched the AIxCC project last year, aimed at developing tools for autonomous detection of issues in software code used in critical infrastructures, including hospitals and water facilities.