In a recent cyber incident, mobile numbers of NHS staff have been compromised due to a data breach at a software supplier serving seven Scottish health boards.
Scott Barnett, head of information and cyber security at NHS National Services Scotland, confirmed that a sub-contractor of a third-party supplier to multiple NHS Scotland boards experienced the breach.
Although the incident did not directly target any NHS Scotland board, some staff data was compromised. Impacted staff will be notified and provided with guidance by their respective NHS Scotland Boards.
No patient data was compromised in this incident, which was promptly addressed. Health boards like NHS Grampian and NHS Dumfries and Galloway are among those affected.
Text messages containing generic information sent in the past three months were compromised, and mobile numbers may have been accessed by unknown individuals. NHS Dumfries and Galloway has issued an alert to affected staff.
The Scottish Government confirmed that the incident only accessed mobile numbers of staff on the bank staff rostering system and no NHS systems or personally identifiable information were compromised. The Information Commissioner has been notified.
In light of recent cyber attacks, new legislation like the Cyber Security and Resilience Bill is being introduced to enhance regulation of digital services and supply chains.
