Pierluigi Paganini March 27, 2024

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening to leak three terabytes of alleged stolen data.

The INC Ransom extortion gang added the National Health Service (NHS) of Scotland to the list of victims on its Tor leak site. The cybercrime group claims to have stolen three terabytes of data and is threatening to leak them.

Scotland’s NHS, or National Health Service, is the publicly funded healthcare system serving Scotland. It provides a wide range of healthcare services, including hospitals, general practitioners (GPs), mental health services, and community healthcare. The Scottish Government oversees the NHS in Scotland, and it operates separately from the NHS systems in England, Wales, and Northern Ireland.

“3 terabytes of data will be published soon. NHSScotland currently employs approximately 140,000 staff who work across 14 territorial NHS Boards, seven Special NHS Boards and one public health body. Each NHS Board is accountable to Scottish Ministers, supported by the Scottish Government Health and Social Care Directorates. Territorial NHS Boards are responsible for the protection and the improvement of their population’s health and for the delivery of frontline healthcare services. Special NHS Boards support the regional NHS Boards by providing a range of important specialist and national services.” reads the announcement published by the INC Ransom group.

The group published the images of medical documents as proof of the hack and will publish the stolen data if the NHS does not pay the ransom.

The cyber attack occurred on March 15, 2023.

“Meanwhile, work continues to assess the consequences of the incursion into NHS systems, and the concern that those responsible may have acquired a significant amount of data including patient and staff-specific information.” reads the incident notice initially published by the company.

NHS Dumfries and Galloway has confirmed that crooks obtained at least a “limited amount” of patient data following a cyberattack.”

“We absolutely deplore the release of confidential patient data as part of this criminal act.” said the chief executive of the NHS board, Jeff Ace. ““This information has been released by hackers to evidence that this is in their possession. We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish government and other agencies in response to this developing situation.”  “NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”

Ace confirmed that the National Health Service (NHS) of Scotland will notify impacted patients.

“This incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland as a whole.” a spokesperson for the Scottish government told The Guardian.

“The Scottish government is working with the health board, Police Scotland and other agencies, including the National Crime Agency and National Cyber Security Centre, to assess the level of this breach and the possible implications for individuals concerned.”

The INC RANSOM has been active since 2023, it claimed responsibility for the breach of at least 65 organizations to date.

The victims of the group include Xerox Corp and Ejército del Peru’.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, National Health Service (NHS) of Scotland)