Sensitive records office data accessed in cyber attack on health board
NHS Dumfries and Galloway was targeted in March.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Sensitive data from Scotland’s national records office was among material accessed and published in a recent cyber attack on NHS computers, it has emerged.
Data from the National Records of Scotland (NRS), the body responsible for collecting and holding records and statistics in Scotland, was being held on the NHS Dumfries and Galloway IT network when it was targeted by a cyber attack in March 2024.
NRS said this included sensitive information about a small number of people that was being temporarily held on the network, and information from statutory births, deaths and marriages registers.
We are aware that this will be distressing news for those individuals most directly affected
The NRS said it holds information on NHS IT networks as part of an administrative service to the NHS, to allow the transfer of patient records when people move between health board areas, across borders within the UK, or move overseas.
NRS chief executive Janet Egdell said: “We are aware that this will be distressing news for those individuals most directly affected.
“This is a live criminal investigation and we are working closely with NHS Dumfries and Galloway, Police Scotland, Scottish Government and other agencies involved in the inquiry.
“NRS takes cybersecurity and privacy seriously. This includes ensuring the continued safe provision of the service we provide.”
NRS said it is writing to people who could be placed at risk of harm as a result of the information taken about them, which it said amounts to fewer than 50 individuals.
The NRS has opened a mailbox for inquiries from members of the public at cyberincident@nrscotland.gov.uk.
Members of the public are also encouraged to be on their guard for any unusual activity which might relate to this incident, including contact from anyone claiming to have their data. These incidents should be reported to Police Scotland by phoning 101.
Police said members of the public should not attempt to access or share any leaked data as they may be committing an offence under the Data Protection Act.