Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

NHS hack has had ‘minimal’ impact on services, says Scotland’s Health Secretary

NHS Dumfries and Galloway said patient and staff data could have been stolen during the attack.

Craig Paton
Tuesday 19 March 2024 15:15 GMT
The attack was announced on Friday (Peter Byrne/PA)
The attack was announced on Friday (Peter Byrne/PA) (PA Media)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

A cyber attack against NHS Dumfries and Galloway has had a “minimal” impact on patient services, Scotland’s Health Secretary has said.

The board announced on Friday it had sustained an attack which may have compromised a “significant quantity” of data, including that which could identify patients and staff.

The Scottish Government, Police Scotland and the National Cyber Security Centre were called in to deal with the issue.

On Tuesday, Scotland’s Health Secretary Neil Gray told MSPs the hack has had little effect on the day-to-day running of services in the health board.

“I am pleased to say that at the moment there has been minimal impact on patient services, however, I think it’s important to note that we know at this stage that the incident has resulted in the need for some staff to change working practices in the short term,” he said.

“I’m very grateful to everyone who is working to ensure people still receive the best possible care while we work at pace to ensure a return to normal working practices.”

The Health Secretary went on to say the board does not know what data was taken during the attack or what it is going to be used for, only the “scale” of the data which was stolen.

Police Scotland declined to comment further on the investigation, saying only that inquiries remained ongoing.

On Friday, in a statement posted to its website, the board said: “During these incursions into our systems, there is a risk that hackers have been able to acquire a significant quantity of data.

“Work is continuing together with cyber security agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data.

“Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in