Priya Patel
TLDR: Hacker Group Publishes NHS Scotland’s Stolen Data and Threatened to Dump Entire 3 TB Unless Paid
Key Points:
- Hackers breached NHS Dumfries and Galloway and threatened to release 3TB of stolen data from NHS Scotland.
- Inc Ransom cybercrime gang added NHS Scotland to its dark web leak site with stolen data and demanded a ransom.
In April 2024, hackers breached NHS Dumfries and Galloway, leading to the theft of sensitive employee and patient data. The Inc Ransom group claimed responsibility for the cyber attack and threatened to release a massive 3TB of stolen data from NHS Scotland unless a ransom was paid. The group published a “proof pack” of the stolen data on the dark web, including medical records screenshots.
The ransomware gang did not provide a timeline for releasing the data but typically gives a 72-hour deadline for payment. Despite the stolen data dating back to 2019 and possibly being less valuable than claimed, the threat of making the entire trove public remains unless their demands are met.
NHS Dumfries and Galloway acknowledged the data leak, which affected a small number of patients and was carried out by a recognized ransomware group. The NHS is working with authorities to respond to the cyber incident and mitigate the consequences. The Scottish government emphasized the importance of cybersecurity and pledged to invest in cyber defense.
Dr. Ilia Kolochenko from ImmuniWeb highlighted the risks of exposing sensitive health information and the impact it could have on individuals. The NHS acknowledged the potential impact of the stolen data being leaked and vowed to contact affected individuals. Patient-facing services were reported to be operating normally despite the cyber incident.
The ransomware group, Inc Ransom, has a history of targeting organizations, including healthcare institutions, using phishing emails and exploiting software vulnerabilities. The group communicates with victims through a TOR-based portal and tracks payments using unique personal IDs.
