NHS Dumfries and Galloway experiences “focused and ongoing” cyber attack

NHS Dumfries and Galloway has announced that a “focused and ongoing” cyber attack has taken place on its IT systems, with the health board “generally running as normal” at present.

The board shares that work is ongoing to identify the consequences of the attack, and to assess “the concern that those responsible may have acquired a significant amount of data”, including patient and staff information.

Chief exec Jeff Ace has stated that along with assessing risk, NHS Dumfries and Galloway is working with partner agencies to ensure the security of systems and to adapt to the disruption.

He said: “It must be noted that this is a live criminal investigation, and we are very limited in what we can say. In addition, a great deal of work is required in order to say with assurance what data may have been obtained, and we are not yet in that position.

“However, as it has been noted, there is reason to believe that those responsible may have acquired patient and staff-specific data.”

The health board adds that updates will be shared when possible, and in the meantime cautions staff and patients to be “on their guard for anyone accessing their systems, or anyone making contact with them claiming to be in possession of any information”, with such incidents to be reported to Police Scotland immediately.

The board’s comments can be found in full here.

Also on cyber security within healthcare, we recently interviewed Doron Dreyer, VP of international sales at Cynerio; catch up with what he had to say here. Our full coverage of cyber security sessions at last week’s Rewired event can be found here.

HTN also reported on NHS England’s recently published guidance on network segmentation for cyber security, sharing oversight of how network segmentation can prevent or mitigate lateral movement across a network in the event of a cyber attack.