A ransomware group carried out blackmail against NHS Dumfries and Galloway and published “large amounts” of patient data on the dark web.
In March, it released a small amount of details as “evidence” that cybercriminals had accessed sensitive information, and warned that more would be released unless payments were made to stop them.
Julie White, the new chief executive of NHS Dumfries and Galloway Health Board, called the release an “absolutely abhorrent criminal act”.
She said work has now begun to assess what has been published, working with other national bodies including the Scottish Government, police and the National Cyber Security Centre.
“We shouldn't be surprised by this result, because it's consistent with the way criminal groups operate,” White said.
“NHS Dumfries and Galloway recognizes that this can increase anxiety and concern for patients and staff, and our telephone helpline is sharing information hosted on our website.
“The data accessed by cybercriminals is publicly available on the dark web and is not easily accessible to most people.
“Recognizing that this is a real criminal matter, we continue to follow the very clear guidance provided by national law enforcement agencies.”
A dedicated telephone helpline is available Monday to Friday from 09:00 to 18:00 and Saturday from 09:00 to 13:00.
Health boards are warning members of the public to be wary of attempts to access their work or personal data, or approaches (e.g. by email, phone or social media) by anyone claiming to have personal or NHS data. I called on them to do so. or other means.
In either case, people are advised to note the details of the approach and contact Police Scotland by calling 101.