The INC Ransom extortion gang has issued a threat to release three terabytes of data, claiming to have obtained it by breaching the National Health Service (NHS) of Scotland.
Ransom Inc, the responsible group, has already shared a “proof pack” on its dark web blog, revealing a portion of the stolen data as the evidence of possession.
The board of NHS Dumfries and Galloway has verified the authenticity of the data shared by the cybercriminals. The criminals have posted several images containing medical information and have threatened to release the data unless the NHS fulfills their ransom demands in a timely manner.
NHS Ransom Note
Source: Bleeping Computer
A spokesperson for the Scottish Government in a statement to the BleepingComputer told that the Inc Ransom cyberattack impacts only NHS Dumfries and Galloway.
“We are aware of some data published on the web that is linked to the recent cyber-attack on NHS Dumfries and Galloway. This incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland as a whole,”
Scottish Government
Who is INC Ransom Extortion Group?
INC Ransom is a data extortion group that emerged in July 2023 and targets various organizations in the public and private sectors. Their victims include educational institutions, healthcare providers, government organizations, and industrial entities like Yamaha Motor.
According to cybersecurity platform SentinelOne, INC Ransom operates by presenting themselves as a “service” to their victims.
They offer victims the option to pay a ransom in order to protect their reputation. However, the group also threatens to expose their methods, claiming that this will ultimately enhance the victim’s security.
INC Ransom employs a multi-extortion approach, where they steal victim data and then threaten to release it online if their demands are not met.
INC Ransom has demonstrated a broad range of targets, encompassing industries such as metal refining, battery manufacturing, IT firms, hospitality, real estate, pharmaceutical laboratories, and even housing charities.
INC Ransom Accessed NHS Two Weeks Before the Incident
News regarding the cybersecurity incident impacting NHS Scotland services emerged on March 15, which is believed to be the date of the attack.
According to the organization, the incident occurred two weeks prior and led to the compromise of their IT systems. As a result, a substantial amount of data, including patient and staff-identifiable information, was accessed without authorization.
The threat actor has shared a number of sample documents containing sensitive information about doctors and patients. These documents include medical assessments, analysis results, and psychological reports.
“We absolutely deplore the release of confidential patient data as part of this criminal act,”
“This information has been released by hackers to evidence that this is in their possession.”
NHS Dumfries and Galloway Chief Executive Jeff Ace.
Ace has stated that patient-facing services are currently functioning without disruption.
The organization is actively collaborating with the police and the National CyberSecurity Center (NCSC) to develop a comprehensive response to the incident.
Ace has assured that the NHS will directly notify all patients whose information was leaked online. This will enable them to take the necessary steps to safeguard themselves and their personal data.