A ransomware group has threatened to release terabytes of stolen data from NHS Scotland this week after a hospital was attacked earlier this month.
NHS Dumfries and Galloway, which reported an attack on March 15, condemned the hackers on Wednesday after a small amount of data were released in a “proof pack.”
The Scottish Government told The Epoch Times on Friday the incident “remains contained to NHS Dumfries and Galloway” and no further incidents were reported.
UKDJ published a screenshot of the post, with the leaked information blurred.
The post says “3 terabytes of data will be published soon,” but didn’t mention any demand for ransom.
It went on to say “NHS Scotland currently employs approximately 140,000 staff who work across 14 territorial NHS Boards, seven Special NHS Boards and one public health body.”
Jeff Ace, chief executive of NHS Dumfries and Galloway, said the hospital “absolutely deplore[s]” the release of confidential patient data.
“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation. Patient-facing services continue to function effectively as normal,” he said in the statement.
“As part of this response, we will be making contact with any patients whose data has been leaked at this point.”
Mr. Ace said the hospital is “very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”
On March 15, NHS Dumfries and Galloway reported a “focused and ongoing cyber attack,” which it said had “prompted a swift response” in line with its established protocols, and asked staff and patients to be “on their guard.”
On March 19, the hospital confirmed there was a live criminal investigation, and that work was continuing to assess the impact.
In a statement to The Epoch Times on Friday, a spokesperson for Police Scotland said enquiries are continuing into the cyberattack on the hospital.
A spokesperson for the Scottish Government said no other hospital appears to be affected.
“We are aware of some data published on the web that is linked to the recent cyberattack on NHS Dumfries and Galloway,” the spokesperson said in an email to The Epoch Times.
“This incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland as a whole.”
The statement added the Scottish Government is working with the health board, Police Scotland, and other agencies including the National Crime Agency and National Cyber Security Centre to “assess the level of this breach and the possible implications for individuals concerned.”
“The Scottish Government is continuing to provide support to NHS Dumfries and Galloway as they deal with this ongoing situation. This remains an ongoing police investigation,” the statement reads.
Other malware watchers have said the group has targeted the United States, Australia, and European countries.
