National Records of Scotland data leaked as part of NHS cyber-attack
A “large volume” of National Records of Scotland (NRS) data was accessed as part of the cyber-attack on NHS Dumfries and Galloway in February.
The NRS has found sensitive information belonging to around 50 individuals was published following the breach.
Data stolen was being temporarily held on the NHS Dumfries and Galloway IT network at the time of the attack.
Those affected have been contacted as it is believed information taken could “put them at risk of harm”.
The NRS has also informed the Information Commissioner.
Information from statutory births, deaths and marriage registers was also accessed.
Earlier this month, NHS Dumfries and Galloway had already confirmed a ransomware group had published a “large volume” of stolen information on the dark web, including some children's mental health data.
NRS chief executive Janet Egdell said: “We are aware that this will be distressing news for those individuals most directly affected. This is a live criminal investigation, and we are working closely with NHS Dumfries and Galloway, Police Scotland, the Scottish Government, and other agencies involved in the inquiry.
“NRS takes cyber security and privacy seriously. This includes ensuring the continued safe provision of the service we provide.”
Police Scotland has advised the public should not attempt to access or share any leaked data as they may be committing an offence under the Data Protection Act.
Holyrood Newsletters
Holyrood provides comprehensive coverage of Scottish politics, offering award-winning reporting and analysis: Subscribe