Data Breach Alert: 3TB of NHS Scotland Data Held Ransom by Cyber Threat

 

A ransomware group targeting a small group of patients has published clinical data related to a small number of those patients on the internet that the Dumfries and Galloway Health Board is aware of. In the meantime, three terabytes of data are also alleged to have been stolen thanks to a security breach that occurred at the National Health Service (NHS) in Scotland, by the INC Ransom extortion gang. 

 As a result of a ransomware attack in a regional branch, NHS Scotland says it has been able to contain the malware, preventing the infection from spreading to other branches and the entire organisation. A group of cybercriminals called INC Ransom claimed responsibility for the attack on NHS Scotland this week, claiming they stole three terabytes (TB) of data and leaked a limited number of sensitive documents as part of the attack. 

Earlier this month, NHS Dumfries and Galloway announced a serious cyberattack that resulted in their hospital being shut down. INC Ransom was offering samples of files that contained medical evaluations, psychological reports, and other sensitive information regarding patients and doctors in accompanying its warning posted on its extortion website. 

Despite the rumours that such a compromise had already been reached, the Scottish government made sure to emphasize that only the NHS Dumfries and Galloway regional health board was affected by this new agreement. Several days later, NHS Dumfries and Galloway officials revealed that during a breach of security two weeks ago, large quantities of personally identifiable information had been accessed, stolen, and exfiltrated, resulting in a large number of people's details being misused. 

As of July 2023, the INC Ransom operation has gained a lot of attention, targeting both government organizations as well as private businesses to extort their data for ransom. Education, healthcare and government institutions, as well as industrial entities like Yamaha Motor Corporation, are among those that suffer losses from this attack. As the attack was likely to have occurred around March 15, reports emerged that a cybersecurity incident was affecting NHS Scotland services. 

There were several sample documents published yesterday by the threat actor in a blog post, including medical assessments, analysis results, and psychological reports on doctors and patients with sensitive details. Throughout its history, INC has shown no restraint in its process of choosing the types of victims it is willing to target, either. 

There have been several incidents of ransomware spreading across the healthcare industry, education, as well as charities. This is something that has happened in its short time on the ransomware scene. The fact remains, though, that very few cybercriminals exercise that level of restraint in the current day and age. Due to the critical nature of healthcare and the fact that it provides several essential services, cybercriminals and ransomware baddies continue to target it. 

There is a chance that there will be a ransom paid if disruptions can be caused, allowing for patients to be cared for with full capability if a ransom is paid. ALPHV/BlackCat was credited by the media with blaming Change Healthcare for a potentially devastating attack spread across a period of weeks across February and March of this year, which knocked out services for weeks on end.

In February, Romania experienced a significant ransomware incident affecting over 100 facilities, highlighting the persistent targeting of healthcare by cybercriminals. This incident is one of numerous examples underscoring the sector's vulnerability to such threats. The United States has responded to this challenge by introducing initiatives like the Advanced Research Projects Agency for Health (ARPA-H) within DARPA. 

This addition to a two-year cash-for-ideas competition aims to discover methods for securing code in critical infrastructure, including healthcare systems. Last summer, the announcement of the Artificial Intelligence Cyber Challenge (AICC) further demonstrated efforts to combat cyber threats. Teams participating in this challenge are tasked with developing autonomous tools to detect code issues in software used by vital organizations like hospitals and water treatment facilities—both prime targets for cybercrime.

ARPA-H has allocated $20 million towards the AIxCC, emphasizing its commitment to safeguarding healthcare from devastating attacks. Such attacks, exemplified by incidents like the one on Change Healthcare, underscore the urgent need for enhanced cybersecurity measures to prevent disruptions that could jeopardize patient care.