It has been reported that NHS Dumfries and Galloway is telling everyone in the region to assume that some of their data is likely to have been published online following a recent cyber attack against the health board. In response to the news, Brian Boyd, Head of Technical Delivery at i-confidential offers the following response.

“This update will cause serious concern among residents of Dumfries and Galloway.

It is now being revealed that the breach was much larger than first anticipated and the likelihood of individual medical data being accessed by the attackers is very high.

NHS Dumfries and Galloway hasn’t gone into specifics for individuals into what data has been compromised, and it might be some time before they understand this, however, it does sound like the hardest hit victims are being provided with more detailed information.

It also sounds like the attackers have just copied as much data as they have been able to access. This sounds like an opportunistic move, but it also highlights how deep into the network they got without any barriers and without being detected by security tools. We don’t yet know how the attackers got in, but fortunately it sounds like the health board has now taken steps to mitigate this weakness.

Residents in Dumfries and Galloway are now being advised by the health board to treat all emails and phones calls requesting information with caution. This is a best practice that should generally be adopted by everyone in the digital world, but it will still cause victims anxiety.

Other organisations must learn from the incident and use it as a catalyst to improve their defences against ransomware. Attacks are at an all-time-high and organisations must strive to harden their networks to avoid falling into a similar situation that the NHS Dumfries and Galloway is finding itself in now.”

For more cyber news, click here