A hacker group is in possession of at least a “small amount” of patient data following a cyber attack, NHS Dumfries and Galloway say.
On Wednesday, reports emerged of a post from the group Inc Ransom on its darknet blog, claiming it was in possession of three terabytes of NHS Scotland data.
The post contained a “sample pack” with some data, which has been confirmed by the board to be genuine.
NHS board chief executive Jeff Ace said in a statement: “We absolutely regret the release of confidential patient data as part of this criminal act.
“This information has been released by hackers to prove that it is in their possession. We continue to work with Police Scotland, the National Cyber Security Centre, the Scottish Government and other agencies in response to this developing situation.”
Patients whose data was breached would be contacted by the board, he said, while patient-facing services would continue as normal.
Ace said: “NHS Dumfries and Galloway are acutely aware of the potential impact of this development on the patients whose data has been published, and of the general anxiety that could result within our patient population.”
The board was hit by the cyber attack earlier this month. It was previously said that the attack had taken place compromising a “significant amount” of data.
A police spokesperson said: “Police Scotland’s investigation into a cyber attack on NHS Dumfries and Galloway continues.”
A spokesperson for the National Cyber Security Center said: “We are working with law enforcement, NHS Scotland and the Scottish Government to fully understand the impact of any incident.”
The Scottish Government has been contacted for comment.