NHS Dumfries & Galloway

Cyber attacks on NHS Dumfries and Galloway

Update: 23.04.24

NHS Dumfries and Galloway continues to focus on recovery after a very significant cyber attack earlier this year.

IT systems are running normally in the wake of what was a focused and persistent attack.

A very large amount of patient and staff-identifiable data was accessed during the attack which began at the end of February. The scale and breadth of information which the cyber criminals were able to access makes it difficult to define the data which they may have been able to download, or to address this on an individual patient and staff member basis.

No operations or appointments are identified as having had to be cancelled or postponed as a direct consequence of the attack. Instead, the immediate impact was primarily on staff working arrangements – as the response required some changes to their ways of working and led to limitations on how they access IT systems. 

The cyber criminals have so far published a ‘proof pack’ demonstrating that they possess stolen data. The content of the proof pack related to six individual patients. These patients have all been contacted by NHS Dumfries and Galloway.

To date, NHS Dumfries and Galloway has received a relatively small number of approaches from members of the public, mainly focused on questions and concerns about emails or approaches they have received. None has so far proved to be related to the attack.

However, we encourage everyone to remain on their guard for anyone trying to access their data, or for approaches by anyone claiming to possess NHS data relating to them or anyone else. All such incidents should be reported to Police Scotland by calling 101.

A robust response has been mounted by the Health Board’s IT teams, working with advice provided by experts such as the National Cyber Security Centre. Actions have been taken to address any further risk of incursion and practical testing will shortly take place before consideration of any moves to lift remaining limitations on staff accessibility to IT systems. 

We are aware of expectations around transparency in relation to the cyber attack, but would highlight once again that this remains a live and very serious criminal matter, and a situation where ensuring the security of systems is paramount.

NHS Dumfries and Galloway has been the victim of a very significant and determined cyber attack which has potential implications for the people who work for the Board and those who are served by it.

We are extremely sorry for the anxiety which has been caused, and have sought to be as open as possible while adhering to the very explicit guidance we have received from Police Scotland and partner agencies, and being very mindful of security considerations.



Everyone is being urged to remain on their guard following a criminal cyber attack on NHS Dumfries and Galloway – almost two weeks on from the publication of stolen data. 

NHS Dumfries and Galloway Chief Executive Julie White said: “We all must remain highly vigilant in the wake of what was a targeted and sustained cyber attack, and we are aware there is a risk of publication of further data. 

“Everyone is advised to be alert for any attempts to access their data, or for approaches by anyone claiming to be in possession of either their personal data or NHS data – whether this approach comes by email, telephone, social media or some other means. 

“In all instances, people are advised to take down details about the approach and contact Police Scotland by phoning 101.” 

Mrs White added: “We are aware that the information held by the cyber criminals could include confidential, clinical patient information, and are advising people across our communities to be on their guard.

“We are also asking our staff to be aware of the range of data relating to individual staff members which is stored in different areas of our systems.

“Recognising that this is a live criminal matter, we continue to follow the very clear guidance being provided to us by national law enforcement agencies.”

Update: 28.03.24

Frequently-asked questions

NHS Dumfries and Galloway has published a list of frequently-asked questions regarding the cyber attack. 

Update: 27.03.24

Release of data in NHS Dumfries and Galloway cyber attack

NHS Dumfries and Galloway is aware that clinical data relating to a small number of patients has been published by a recognised ransomware group.

This follows a recent focused cyber attack on the Board’s IT systems, when hackers were able to access a significant amount of data including patient and staff-identifiable information.

NHS Dumfries and Galloway Chief Executive Jeff Ace said: “We absolutely deplore the release of confidential patient data as part of this criminal act.

“This information has been released by hackers to evidence that this is in their possession.

“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation.

“Patient-facing services continue to function effectively as normal.

“As part of this response, we will be making contact with any patients whose data has been leaked at this point, and continue working to limit any sharing of this information.

“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”

NHS Dumfries and Galloway will continue to provide updates via the website www.nhsdg.co.uk/cyberattack

For more information about staying safe online, visit the National Cyber Security Centre’s website: https://www.ncsc.gov.uk/cyberaware/home or https://www.ncsc.gov.uk/guidance/data-breaches

The alert below was published on 19 March 2024.

SERVICES delivered by NHS Dumfries and Galloway are generally running as normal – following a cyber attack on its IT systems.

Meanwhile, work continues to assess the consequences of the incursion into NHS systems, and the concern that those responsible may have acquired a significant amount of data including patient and staff-specific information.

Offering an update, NHS Dumfries and Galloway Chief Executive Jeff Ace said: “As you would expect, this has been viewed as an extremely serious matter demanding a major response.

“Over recent days we’ve been very busy working with partner agencies to ensure the security of our systems, to adapt to the associated disruption, and to assess the potential risk posed by the hackers’ ability to access data.

“It must be noted that this is a live criminal investigation, and we are very limited in what we can say. In addition, a great deal of work is required in order to say with assurance what data may have been obtained, and we are not yet in that position.

“However, as it has been noted, there is reason to believe that those responsible may have acquired patient and staff-specific data.

“The NHS Board views patient and staff confidentiality as a key priority, along with ensuring welfare and wellbeing. As such, very great effort is being made to address this situation, and to try to prevent it from being repeated.

“We will look to update as and when we can, but in the meantime would again caution staff and patients to be on their guard for anyone accessing their systems, or anyone making contact with them claiming to be in possession of any information. Any such incidents should be reported immediately to Police Scotland on 101.”

Advice to individuals and their families on how to protect themselves from the impact of data is offered by the National Cyber Security Centre at this address: https://www.ncsc.gov.uk/guidance/data-breaches

The alert below was published on 15 March 2024.

Alert: 15.03.24

NHS Dumfries and Galloway has been the target of a focused and ongoing cyber attack.

This prompted a swift response in line with our established protocols, working with partner agencies including Police Scotland, the National Cyber Security Centre and the Scottish Government.

There may be some disruption to services as a result of this situation.

During these incursions into our systems, there is a risk that hackers have been able to acquire a significant quantity of data.

Work is continuing together with cyber security agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data.

Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.

In any of these situations, contact Police Scotland immediately by phoning 101.

Updates will be provided via this web-site, www.nhsdg.co.uk/cyberattack