INC Ransom compromises NHS Dumfries and Galloway, leaks 150K patient records
Russian-speaking ransomware-as-a-service operation active since mid-2023, notable for sustained targeting of UK NHS trusts and U.S. healthcare providers. Major UK incidents: **NHS Dumfries and Gallow…
Summary
INC Ransom claimed a compromise of NHS Dumfries and Galloway, the regional NHS Scotland trust serving south-west Scotland, on 15 March 2024. The trust contained malware spread to a single regional branch but could not prevent exfiltration; the operators claimed 3TB of stolen data. After the trust refused to pay, INC Ransom published patient records — including medical test results for adults and young children, medication information, and full patient names + home addresses — ultimately exposing approximately 150,000 individuals' data on the operators' leak site.