Health board data breach shows ‘clear need’ to enhance public sector cyber capabilities, Neil Gray says
Health Secretary Neil Gray has said the recent cyber-attack on NHS Dumfries and Galloway highlights the need for “continued investment” in the cyber capability of the public sector.
Last Friday, the Scottish health board was targeted by a cyber attack which could have compromised a “significant quantity of data” belonging to patients and staff. An update shared by the board earlier today said services were “generally running as normal”.
In an answer to Labour MSP Colin Smyth, Gray said the government would continue to “monitor and keep under review” the implications of the attack to ensure that the cyber resilience strategy continued to be “as strong as possible”.
On concerns over the hackers’ access to confidential details, Gray said it was difficult to contact patients directly, as they did not know exactly what information had been taken other than “the scale of the data and what is going to be used for”.
He assured MSPs that the board had responded “swiftly” and “in line with established protocol”, yet said the incident had resulted in some staff having to change working practices in the short term.
He added that a multi-agency approach was underway to tackle the incident, other boards were providing technical support to Dumfries and Galloway and, officials had already started a “lesson identified exercise” which will be shared at “a suitable time”.
Holyrood Newsletters
Holyrood provides comprehensive coverage of Scottish politics, offering award-winning reporting and analysis: Subscribe