Data from The National Records of Scotland was published during the recent cyber terrorist attack on the NHS.
Cybercriminal gang INC Ransom was able to access a significant amount of data including patient and staff-identifiable information during an assault on NHS Dumfries and Galloway at the end of February.
The health board revealed that the criminals released “small” pieces of data in March – ranging from letters from consultant to patients, test results and x-rays.
On Wednesday, the NRS confirmed that administrative information on the NHS Dumfries and Galloway IT network was published onto the dark web as part of the “distressing” attack.
The Scottish Government service confirmed that it is in the process of assessing the stolen data through a risk assessment process – and has identified a small number of cases where there was “sensitive information” held on the network during the attack.
This includes data relating to the transfer of patient records when people move between health board areas, across borders within the UK or move overseas.
Other information used to correctly identify patients, such as statutory births, deaths and marriages registers was also accessed.
NRS has contacted the affected individuals as a Police Scotland investigation into the attack remains ongoing.
Janet Egdell, NRS chief executive, said: “We are aware that this will be distressing news for those individuals most directly affected.
“This is a live criminal investigation, and we are working closely with NHS Dumfries and Galloway, Police Scotland, Scottish Government and other agencies involved in the inquiry.
“NRS takes cyber security and privacy seriously. This includes ensuring the continued safe provision of the service we provide.”
The NHS previously confirmed that data accessed by the cyber criminals had been published onto the dark web – and has warned there is a risk of it being further accessed, duplicated or shared on the internet.
Police Scotland has advised that members of the public should not attempt to access or share any leaked data as they may be committing an offence under the Data Protection Act.
NHS Dumfries and Galloway has been contacted for comment.
Follow STV News on WhatsApp
Scan the QR code on your mobile device for all the latest news from around the country