Cyber Incident Victim: NHS Dumfries & Galloway
Date:
Mar 2024
Location:
United Kingdom
Summary
NHS Dumfries & Galloway experienced a focused and ongoing cyber attack, prompting a coordinated response with law enforcement and national cybersecurity agencies. The breach potentially compromised significant quantities of patient and staff identifiable data, causing service disruptions across departments including critical treatment systems. The organization issued public warnings about potential fraudulent approaches using stolen information and established a dedicated resource page while investigations into the extent of data exposure continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
NHS Dumfries and Galloway publicly disclosed a cyber attack on March 15, 2024, describing it as a focused and ongoing intrusion into their systems. The organization activated established incident response protocols immediately upon detection, coordinating with partner agencies including Police Scotland, the National Cyber Security Centre, and the Scottish Government. Initial public communications confirmed service disruptions affecting clinical operations, with social media comments indicating system outages in departments such as chemotherapy services where staff could not access patient data during appointments. The attack involved unauthorized access to NHS infrastructure, with investigators confirming hackers likely exfiltrated a significant volume of data during the breach window. Forensic analysis indicated potential compromise of both patient-identifiable and staff-identifiable information, though specific data types and quantities remained under investigation at the time of disclosure.
The health board warned the public that attackers might attempt to exploit stolen data through follow-on activities such as phishing or extortion attempts, directing individuals to report suspicious contacts to Police Scotland via a dedicated phone line (101). NHS Dumfries and Galloway established a central information portal at nhsdg.co.uk to disseminate updates while working with cybersecurity agencies to determine the full scope of compromised systems and data. Operational impacts extended beyond clinical settings, with staff reporting sustained IT system unavailability affecting administrative and patient care workflows weeks prior to the official announcement, as indicated by public comments referencing earlier computer outages in unspecified departments. No ransomware claims or specific threat actor attribution were disclosed in the initial statement. The incident remained under active investigation by law enforcement and national cybersecurity authorities at the time of reporting.