NHS hack has had ‘minimal’ impact on services, says Scotland’s Health Secretary

NHS Dumfries and Galloway said patient and staff data could have been stolen during the attack.

Craig Paton
Tuesday 19 March 2024 15:15 GMT
The attack was announced on Friday (Peter Byrne/PA)
The attack was announced on Friday (Peter Byrne/PA) (PA Media)

A cyber attack against NHS Dumfries and Galloway has had a “minimal” impact on patient services, Scotland’s Health Secretary has said.

The board announced on Friday it had sustained an attack which may have compromised a “significant quantity” of data, including that which could identify patients and staff.

The Scottish Government, Police Scotland and the National Cyber Security Centre were called in to deal with the issue.

On Tuesday, Scotland’s Health Secretary Neil Gray told MSPs the hack has had little effect on the day-to-day running of services in the health board.

“I am pleased to say that at the moment there has been minimal impact on patient services, however, I think it’s important to note that we know at this stage that the incident has resulted in the need for some staff to change working practices in the short term,” he said.

“I’m very grateful to everyone who is working to ensure people still receive the best possible care while we work at pace to ensure a return to normal working practices.”

The Health Secretary went on to say the board does not know what data was taken during the attack or what it is going to be used for, only the “scale” of the data which was stolen.

Police Scotland declined to comment further on the investigation, saying only that inquiries remained ongoing.

On Friday, in a statement posted to its website, the board said: “During these incursions into our systems, there is a risk that hackers have been able to acquire a significant quantity of data.

“Work is continuing together with cyber security agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data.

“Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in