Ransomware gang threatens to release 3 TB of sensitive information from NHS Scotland patients and staff

A ransomware group that claims it holds 3 terabytes of stolen NHS patient and staff data has threatened to publish the data unless the health agency meets their demands.

In a brazen effort to amplify the extortion attempts against the NHS, the cybercriminals have even disclosed a so-called “proof pack” of their successful attack and exfiltration efforts on their leak platform, including confidential information on some patients.

The data, published on March 26, was also analyzed by BBC investigative reporters who found the documents included screenshots of referral letters and medical reports of patients with severe diagnoses from and before 2019.

These documents contain both the names and addresses of patients and highly sensitive medical details.

Data breach linked to a cyberattack on NHS Dumfries and Galloway from March 15

Earlier this month, NHS Dumfries and Galloway (NHS DG) confirmed a cyberattack that prompted the agency to begin an extensive investigation and assess the risks of attackers acquiring patient and employee information.

On March 27, NHS has confirmed that it “is aware that clinical data relating to a small number of patients has been published by a recognised ransomware group”.

“This follows a recent focused cyber attack on the Board’s IT systems, when hackers were able to access a significant amount of data including patient and staff-identifiable information,” the health agency said.

NHS DG is still investigating the breach to learn how much information was stolen in the attack. It does not believe any patient's health information has been removed or altered.

“While some information has been illegally copied from NHS DG records, and has now been leaked, NHS DG and other agencies have carried out careful checks of our systems, and we are confident that your records have not been tampered with.”

The agency is urging patients to remain vigilant since it is very likely the cybercriminals will leverage the stolen information in targeted cyberattacks.

As such, patients should:

• Always double-check the legitimacy of any unexpected or unsolicited NHS email
• Monitor online accounts for any unauthorized activity
• Don’t provide sensitive information via unsolicited messages, texts, emails or phone calls
• Report suspicious messages to report@phishing.gov.uk

Personal health information is highly sought after on dark web marketplaces, as it enables fraudsters to:

• Conduct medical identity theft
• Extort victims for large payments in return for not revealing sensitive or compromising information to friends and family
• Commit tax return fraud
• Conduct highly successful phishing attacks that can lead to damaging financial losses

If you want to be proactive about your digital and financial safety, use Bitdefender Digital Identity Protection.

Our dedicated identity protection service is packed with handy features that enable data breach victims to find out if their personal information has been leaked online in real-time.

On top of 24/7 data breach alerts, you can benefit from the industry's first Identity Protection Score to help you understand the extent of the breach and how it can impact you and receive actionable advice to immediately minimize risk and safeguard your well-being.