A Scottish health board has reaffirmed its commitment to remaining “vigilant” in the face of cyber threats, almost a year after suffering a major data breach.
In February 2024, NHS Dumfries and Galloway was targeted by hackers who accessed sensitive data, including private information about patients and staff. Nearly 12 months later, the health board insists it is not “complacent” regarding its data security.
As part of its ongoing efforts to strengthen cybersecurity, NHS Dumfries and Galloway now requires all staff to complete an annual training program focused on cyber-security and information governance.
Police Scotland has confirmed that investigations into the cyber attack remain ongoing.
Described as one of the most severe cyber breaches in Scotland to date, the incident first came to light in March 2024. In response, NHS Dumfries and Galloway mounted a “robust and rigorous” recovery plan, with the support of expert third-party specialists, to ensure the security of its systems.
Despite these efforts, the board acknowledged the constantly evolving nature of cyber threats. “The threat of cyber security is always present, and we are working with our partners to remain vigilant, taking all reasonable and appropriate precautions,” a health board spokesperson stated.
The health board also refrained from disclosing specific details about how the cyber attack was carried out, citing concerns that doing so could jeopardize ongoing security efforts and potentially invite further attacks. However, it did confirm that no staff members have been disciplined in connection with the breach.
Since the incident, over 100 individuals have contacted a dedicated helpline for guidance, and the health board has ensured that relevant advice remains readily accessible on its website. Additionally, NHS Dumfries and Galloway is continuing to collaborate with staff to prevent future attacks.
Related topics
