National Records of Scotland data published in NHS cyber attack

Hackers accessed and published National Records of Scotland (NRS) data as part of a cyber attack on NHS Dumfries and Galloway earlier this year, it has emerged.

The government body holds information on the health board's IT network as it runs an administrative service for them.

The service allows the transfer of patient records when people move between health board areas, across borders in the UK or move overseas.

NRS said it had identified a "small number of cases" where there was sensitive information held temporarily on the network at the time of the attack.

It has not given an exact figure for the number of people involved but said it was less than 50.

It said it was already contacting the individuals affected and had also informed the Information Commissioner.

NHS Dumfries and Galloway revealed it had been a target of a cyber attack in March this year.

A ransomware group targeted the health board and has now published a large volume of patient data on an area of the internet called the dark web.

NRS said some information which comes from the statutory births, deaths and marriages registers had also been accessed in the attack.

The information is used to correctly identify patients and maintain the accuracy of the service.

NRS chief executive Janet Egdell said: "We are aware that this will be distressing news for those individuals most directly affected.

"This is a live criminal investigation, and we are working closely with NHS Dumfries and Galloway, Police Scotland, Scottish government and other agencies involved in the inquiry.

“NRS takes cyber security and privacy seriously.

"This includes ensuring the continued safe provision of the service we provide.”

She said the cyber attack had caused some "initial disruption" but systems were now fully operational.

NRS has opened a special mailbox for inquiries from members of the public who have concerns at cyberincident@nrscotland.gov.uk., external