Scottish health boards hit by cyber-attack

NHS workers have had their data leaked following a cyber incident involving a third-party supplier to various health boards.

NHS Grampian has confirmed that “unknown individuals” have obtained staff phone numbers.

The health board said the cyber incident affected software used for staff scheduling and management, compromising all text messages sent on the system over the past three months.

It is understood that the messages only contained generic information like shift confirmations and that no personal data was leaked.

Meanwhile, NHS Dumfries and Galloway, which suffered a major data leak earlier this year, has alerted its staff. In May, the health board had a “large volume” of its data leaked on the dark web after it failed to meet payment demands from a ransomware group.

The NHS National Services Scotland (NSS) said the cyber incident has been tackled with no risk to patient data.

Head of information and cyber security Scott Barnett said: "A sub-contractor of a third-party supplier to several NHSScotland boards has experienced a cyber incident. Our supplier has assured us that the situation was promptly addressed. Although the incident did not directly target any NHSScotland board, some workforce data has unfortunately been compromised, affecting a small number of staff.

“Impacted staff will be notified and will receive appropriate advice and guidance from their respective NHSScotland Boards. There was no risk to patient data as a result of this incident "