MORE information and ‘clarity’ has been offered by health officials following the hacking at NHS Dumfries and Galloway.
They have started to address questions from the press and public following February’s cyber attack and the release last week of the stolen data on the dark web.
Explaining why those whose data has been published have not yet been contacted, a spokesperson said: “Unfortunately, compiling a list of people affected by the data publication is neither quick nor easy. This is because of the type and volume of data which was stolen.
“What the cyber criminals were generally able to access was millions of very small, separate pieces of data – examples include individual letters from one consultant to a patient, letters from one consultant to another consultant, test results, x-rays, etc. These are housed across a range of separate directories reflecting the very large and complex service structures of NHS Dumfries and Galloway.
“Identifying the data which was taken, working through it to find identifiable individuals and then assembling all their data is a massive undertaking.
“Although progress is being made, it is for this reason that NHS Dumfries and Galloway has needed to prioritise this work – doing so on the basis of the ‘high-risk’ data which often relates to particularly vulnerable people.”
They are working closely with the Information Commissioner’s Office on the matter.
Officials have acknowledged that people want to know how the hackers were able to access the NHS Dumfries and Galloway system, but say that’s ‘specialist knowledge’ and part of the live criminal investigation.
But they added: “Work has been undertaken with external experts to ensure that systems are as secure as possible.
“Given that the stolen data has now been made public by the cyber criminals, there is now a risk of it being further accessed, duplicated or shared on the internet, and not just on the dark web.”
Meanwhile, the message continues to be one of vigilance with people asked to be on their guard for any unusual activity which might relate to this incident – attempts to gain access to computers, suspicious emails, phone calls from people claiming to be in possession of their health data or any NHS data.
Any incidents should be reported to police by phoning 101.
And a Police Scotland spokesman said: “Our specialist officers continue to investigate the ransomware attack on NHS Dumfries and Galloway and subsequent leak of confidential information by the criminals.
“Members of the public should not attempt to access or share any leaked data as you may be committing an offence under the Data Protection Act.”
