cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Patient data published following INC Ransom attack on NHS Dumfries and Galloway

The INC Ransom ransomware gang has leaked a massive data set – including children’s mental health records – onto its dark web leak site.

user icon David Hollingworth
Thu, 09 May 2024
Patient data published following INC Ransom attack on NHS Dumfries and Galloway
expand image

A ransomware gang has followed through on its threat to publish a swathe of medical data stolen from a Scottish branch of England’s NHS.

The INC Ransom ransomware group claimed to have successfully hacked NHS Scotland on 26 March, posting data including biochemistry reports, doctor’s letters, genetics reports, and psychological reports to prove the veracity of the attack.

At the same time, NHS Dumfries and Galloway reported that it was a victim of a cyber attack and that patient data may have been compromised.


NHS Dumfries and Galloway said at the time that “there is a risk that hackers have been able to acquire a significant quantity of data”.

Now, INC Ransom has published everything it had stolen, and NHS Dumfries and Galloway has confirmed that the data is theirs.

“This is an utterly abhorrent criminal act by cyber criminals who had threatened to release more data,” said NHS Dumfries and Galloway chief executive Julie White in a 7 May statement released on the same day the data was published.

“We should not be surprised at this outcome, as this is in line with the way these criminal groups operate.

“Work is beginning to take place with partner agencies to assess the data which has been published. This very much remains a live criminal matter, and we are continuing to work with national agencies, including Police Scotland, the National Cyber Security Centre and the Scottish government.”

White also called the ransomware attack an “utterly abhorrent criminal act” in an interview with the BBC.

“This could affect hundreds if not thousands of patients and staff across Dumfries and Galloway,” White said

“At this point in time, we are unable to give an exact figure.

“It is unlikely that it would affect every patient in Dumfries and Galloway but could affect significant quantities.

“What we’re fairly confident in at the moment is that the hackers were unable to access entire patient medical records.”

The published data ranges from 2015 to 2024 and includes children’s mental health data, biochemistry tests, aged care data, cancer records, and much more. The data is hosted on INC Ransom’s site in a file structure, making it difficult to judge the entire volume, but there are hundreds of folders. INC Ransom originally claimed that it had exfiltrated three terabytes of data in the attack.

NHS Dumfries and Galloway covers 11 hospitals, employs more than 3,800 people, and supports a region in the south of Scotland with a population of 148,500.

According to INC Ransom’s website, 217 people have already viewed the data. NHS Dumfries and Galloway has warned its patients to be wary of possible scammers taking advantage of the data.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.