Cyber team in place at NHS after hacking

WORK continues to be ongoing within NHS Dumfries and Galloway to strengthen their cybersecurity following a serious hacking incident in 2024. Papers for the most recent health board meeting revealed the organisation is still shoring up their systems, two years on from the major data breach. The update said: “There is an ongoing focus on strengthening defences regarding cybersecurity following previous incidents. “A full cyber team has now been established, with a bedding-in period for new staff underway. Third-party specialists are supporting accelerated remedial work, with no data breaches having been reported in the last quarter.” Meanwhile, the NHS’s own risk register puts potential future breaches as a ‘high’ possibility, nothing there is still an inadequate infrastructure to meet both physical and technological service user needs in future. Also highly ranked as a risk is their ‘failure to maintain information security standards leading to loss of reputation and severe financial and disruptive consequence’. It was in February 2024 that NHS Dumfries and Galloway revealed their systems had been hacked using ransomware. Three months later they confirmed that staff and patient information, which had been taken by the criminals, had been published. This took the form of “millions of very small, separate pieces of data – examples include individual letters from consultants to patients, letters between consultants, test results, x-rays, etc.” Contact was made with those affected.