Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Jump to content

US EditionChange

UK EditionAsia EditionEdición en Español
Sign up to our newsletters
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

Sensitive records office data accessed in cyber attack on health board

NHS Dumfries and Galloway was targeted in March.

Nick Forbes
Wednesday 22 May 2024 12:01 BST
National Records of Scotland data was among material accessed in the cyber attack on NHS Dumfries and Galloway (Peter Byrne/PA)
National Records of Scotland data was among material accessed in the cyber attack on NHS Dumfries and Galloway (Peter Byrne/PA) (PA Archive)

Your support helps us to tell the story

Support Now

As your White House correspondent, I ask the tough questions and seek the answers that matter.

Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.

Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election

Head shot of Andrew Feinberg

Andrew Feinberg

White House Correspondent

Sensitive data from Scotland’s national records office was among material accessed and published in a recent cyber attack on NHS computers, it has emerged.

Data from the National Records of Scotland (NRS), the body responsible for collecting and holding records and statistics in Scotland, was being held on the NHS Dumfries and Galloway IT network when it was targeted by a cyber attack in March 2024.

NRS said this included sensitive information about a small number of people that was being temporarily held on the network, and information from statutory births, deaths and marriages registers.

We are aware that this will be distressing news for those individuals most directly affected

Janet Egdell, National Records of Scotland

The NRS said it holds information on NHS IT networks as part of an administrative service to the NHS, to allow the transfer of patient records when people move between health board areas, across borders within the UK, or move overseas.

NRS chief executive Janet Egdell said: “We are aware that this will be distressing news for those individuals most directly affected.

“This is a live criminal investigation and we are working closely with NHS Dumfries and Galloway, Police Scotland, Scottish Government and other agencies involved in the inquiry.

“NRS takes cybersecurity and privacy seriously. This includes ensuring the continued safe provision of the service we provide.”

NRS said it is writing to people who could be placed at risk of harm as a result of the information taken about them, which it said amounts to fewer than 50 individuals.

The NRS has opened a mailbox for inquiries from members of the public at cyberincident@nrscotland.gov.uk.

Members of the public are also encouraged to be on their guard for any unusual activity which might relate to this incident, including contact from anyone claiming to have their data. These incidents should be reported to Police Scotland by phoning 101.

Police said members of the public should not attempt to access or share any leaked data as they may be committing an offence under the Data Protection Act.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in