Guernsey Press

NHS hack has had ‘minimal’ impact on services, says Scotland’s Health Secretary

NHS Dumfries and Galloway said patient and staff data could have been stolen during the attack.

Published

A cyber attack against NHS Dumfries and Galloway has had a “minimal” impact on patient services, Scotland’s Health Secretary has said.

The board announced on Friday it had sustained an attack which may have compromised a “significant quantity” of data, including that which could identify patients and staff.

The Scottish Government, Police Scotland and the National Cyber Security Centre were called in to deal with the issue.

Neil Gray
Scotland’s Health Secretary Neil Gray spoke in Holyrood on Tuesday (Jane Barlow/PA)

“I am pleased to say that at the moment there has been minimal impact on patient services, however, I think it’s important to note that we know at this stage that the incident has resulted in the need for some staff to change working practices in the short term,” he said.

“I’m very grateful to everyone who is working to ensure people still receive the best possible care while we work at pace to ensure a return to normal working practices.”

The Health Secretary went on to say the board does not know what data was taken during the attack or what it is going to be used for, only the “scale” of the data which was stolen.

Police Scotland declined to comment further on the investigation, saying only that inquiries remained ongoing.

On Friday, in a statement posted to its website, the board said: “During these incursions into our systems, there is a risk that hackers have been able to acquire a significant quantity of data.

“Work is continuing together with cyber security agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data.

“Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.”

Sorry, we are not accepting comments on this article.