INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data

As seen by, the INC ransomware gang claims to have obtained patient records as part of their cyberattack.
INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data

The INC Ransomware gang claims a cyberattack on NHS Scotland, potentially compromising 3 terabytes of patient data — The dark web group threatens to leak sensitive medical records unless their demands are met.

The INC ransomware gang has allegedly targeted the National Health Service in Scotland, commonly known as NHS Scotland. In a recent announcement on its dark web leak blog, the ransomware group claimed to have successfully stolen a whopping 3 terabytes of sensitive data. They have threatened to release this data if their demands are not met.

As seen by, the INC ransomware operators provided a “Proof pack” consisting of 14 screenshots. These screenshots appear to display patients’ records such as letters and email exchanges concerning their health, involving doctors and general practitioners (GPs) from various clinics and hospitals across the country.

INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data
Screenshot credit:

Who is the INC Ransomware Gang?

The INC Ransomware gang, which emerged in July 2023, is a relatively new threat actor employing various tactics. They are notorious for encrypting a victim’s data and demanding a ransom payment for decryption.

Additionally, they engage in data theft, threatening to publicly leak the stolen information if the ransom isn’t paid. Recent reports indicate a focus on targeting healthcare institutions, intensifying the urgency to pay due to the sensitive nature of the stolen data, such as patient records.

Despite emerging in July 2023, INC attacks have not been widely reported, indicating limited activity. However, they maintain a presence on the dark web, where they leak stolen victim data and possibly communicate ransom demands.

The recent claims of a ransomware attack on NHS Scotland have moved the group into the spotlight within the cybersecurity community, healthcare institutions, and mainstream media. Notably, this incident occurred shortly after NHS Dumfries and Galloway experienced a cyberattack, indicating a concerning trend within the healthcare sector.

INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data
INC ransomware gang’s Ransom note (Screenshot: SentinelOne)

What’s Next?

At the time of writing, NHS Scotland has not confirmed the occurrence of the ransomware attack or whether it has experienced a data breach. However, if the institution does acknowledge the cyberattack, patients should prepare for potentially troubling news regarding the security of their information.

Commenting on the news is Erfan Shadabi, a cybersecurity expert at comforte AG told, “The unfortunate cyberattack impacting NHS Scotland might make you question whether healthcare providers are serious about data privacy and security. This news should trigger alarm bells within the healthcare sector. After all, it is difficult to grasp a situation in which 3TB of the most personal and sensitive health information is being stolen.”

“When ransomware attacks hit healthcare institutions, we in data-heavy industries should all take a pause and consider the implications of our cybersecurity choices. The enterprise surely pays a steep price for non-compliance, lax data security measures, and failure to prevent attacks and subsequent data leaks caused by phishing, ransomware, and a host of other attack vectors. However, let’s not lose sight of the end victim, which is the individual whose private and sensitive health data wrongfully becomes public,” Erfan warned.

He advised that “The best way to prevent the pain suffered by the victims is to safeguard sensitive records such as medical information through a data-centric approach to data protection. Data-centric methods such as tokenization replace sensitive data elements with innocuous tokens that maintain the analytic value of the data while obscuring the actual sensitive information itself. It becomes non-identifying and therefore worthless in the hands of threat actors while remaining fully workable by the enterprise. Implementing strong data-centric security is the right prescription for every enterprise.” 

  1. Hackers set up fake NHS website to spread malware
  2. 7TB of Healthcare Data Leak Affects 12 Million Patients
  3. Chinese Malware Targets European Healthcare via USB Drives
  4. NHS data breach exposed sensitive health data of 150,000 patients
  5. Apria Healthcare Discloses Major Data Breach Impacting 1.8M Users
Related Posts