Questions have been raised over NHS Grampian’s decision not to reveal the GP surgeries that were affected by the cyber attacks that crippled health boards across the country.
Two north-east surgeries were targeted with the same ransomware that wreaked havoc across the UK’s health service on Friday.
But NHS Grampian has opted not to name the two affected practices, which reopened yesterday morning as usual.
The health board said no patient data was leaked during the attack, which affected three computers in total, and claims revealing the identities of the practices could highlight them as targets for future hacks.
A spokeswoman for NHS Grampian said that it is not clear if patients at the affected surgeries have been informed that their surgeries had been hacked or not, because that choice lies with the individual practices.
But North-east MSP Lewis Macdonald said: “It’s quite surprising that NHS Grampian does not feel that it is free to release this information.
“However, if the surgeries affected have a security deficiency that they need to protect, then I would have sympathy because they will need to fix these deficiencies as soon as possible, and I can see why they could take the view of not wanting to identify them until possible.”
Aberdeenshire West MSP Alexander Burnett added: “It is right that public bodies like the NHS do everything possible to ensure they are protected from future cyber attacks.
“It is also very important to communicate with the public to reassure patients that their medical records and personal data have not been compromised.”
Jamie Weir, spokesman for the north-east patients group PACT backed NHS Grampian’s decision however.
He said: “If the information hasn’t been compromised, then I can understand why the health board is not wishing to name individual surgeries, and from the patient’s point of view, if nothing has been released then we as patients have nothing to fear at the moment.”
A spokeswoman for NHS Grampian said: “We are absolutely confident patient data was not breached by this cyber attack.
“We did not require patients to change the way in which they interacted with the affected practices.
“The impact on business was limited, and the affected practices opened this morning (Monday May 15) as usual.
“To name the practices now all issues have been resolved could cause unnecessary alarm among patients, and may also pose a security issue.”
