Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medical Files. Show all posts

Dark Web Nightmare: Scots NHS Patient Data Breach Exposes Medical Files

 


Following a major data breach at NHS Dumfries and Galloway, patients can access their private medical records online with just a few clicks. It has been reported that an extremely large amount of data has been stolen from the NHS by a group known as INC Ransom. 

To keep this vast amount of personal information confidential, the group demanded a ransom and then uploaded a massive amount of information to the dark web. As a result of the cyber attack on NHS Dumfries and Galloway in March, the data of its victims has now been released onto the dark web. NHS Scotland advised potential victims to remain vigilant about cyber attacks. 

Nevertheless, the media reports claim that a search on the dark web resulted in personal information about six patients, including a disabled child aged 10 and an 81-year-old man who was disabled. In addition to providing patients' names and dates of birth, the documents also include their home addresses and even their personal email addresses, details of the patient's life and medical history, test results, and private disclosures about their condition that were made to physicians. 

In response to the Sunday Mail report, NHS Dumfries and Galloway confirmed to the newspaper that patients have been informed, but they don't know what files the hackers have or how many more individuals have been compromised. Using the dark web, cybercriminals released documents that proved they had hacked the NHS system that were easily accessed by the Sunday Mail. 

There are some of the most personal details about six patients, including an 81-year-old man who was disabled at the age of 10 and a disabled 10-year-old girl. Furthermore, the documents reveal the patient's name and date of birth, in addition to their unique numerical identifiers called CHI numbers. It also gives their home addresses, as well as one person's e-mail address.

Furthermore, they contain intimate details regarding people's lives and medical histories, as well as test results, which are disclosed to doctors privately. According to the Sunday Mail, NHS Dumfries and Galloway has informed six patients that their data has been stolen, but they have no idea how many more have been affected or what files they have on hand.

As deputy leader of Labour, Jackie Baillie asked Health Secretary Neil Gray to explain how the breach occurred and what measures are being taken to prevent it in other health boards As a result of the breach, experts warn that the people whose personal information was compromised may be vulnerable to identity theft and other kinds of fraud. Managing director of the Cybersecurity Research Centre at Abertay University, Professor Lynne Coventry, said, "Health records can contain sensitive health information as well as financial information, making them more valuable than financial records." 

As a result of the data breach, thousands of people may potentially be affected, but authorities are not yet sure how significant it will be. There have been several calls for transparency from the NHS regarding the breach, and Patrick McGuire, partner at Thompsons Solicitors, says the NHS needs to provide support to those who were affected by the breach. 

McGuire also claimed that the NHS could be faced with significant legal claims from individuals whose personal information was exposed. This has got to be one of Scotland's biggest data breaches, possibly even the whole of Scotland. McGuire stated that the amount of information is enormous. The Scottish Conservative party's health spokesman, Dr Sandesh Gulhane, has stated that those whose information has been stolen are likely to seek financial compensation and that defending these claims could prove to be a significant challenge. 

During his interview with the press, Mr Gray revealed that he must take responsibility for the mitigation of the damage and prevent future attacks by explaining to the public what actions are being taken to mitigate these damages. As a result of the scale of the attack, it is difficult for NHS Dumfries and Galloway to determine exactly what data the hackers could access or how many individuals might be impacted. Police Scotland has confirmed that an investigation is ongoing. 

According to the health board, the six patients whose information had already been published online have already been contacted. Moreover, the NHS Scotland regional board has reported that no disruptions were reported to patient-facing services due to the cyber incident and that normal operations continued. 

According to the Scottish government, the cyber attack targeted NHS Dumfries and Galloway and no further incidents have been reported across NHS Scotland as a result of the cyber attack. The company has been around since July 2023, when it appeared on the scene. Numerous organizations, including healthcare institutions, have been indiscriminately targeted by ransomware. 

The group obtains access to the enterprise via phishing emails and exploiting vulnerabilities in software resulting in exploitation of Citrix NetScaler vulnerability CVE-20233519. Using TOR, it communicates with its victims over a TOR-based portal and tracks payments using a unique ID code that is at the heart of every payment.