National Records of Scotland (NRS) data was accessed and published as part of the criminal cyber attack on NHS Dumfries and Galloway earlier this year, it has been revealed.

We reported how a hacker group had been in possession of at least a “small number” of patients’ data following a cyber attack, according to the health board.

NRS holds information on the NHS Dumfries and Galloway IT network.

This allows the transfer of patient records when people move between health board areas, across borders in the UK or move overseas.

READ MORE: Father and son reach summit of Ben Nevis in aid of charity 

The board was hit by the cyber attack earlier this year, which it said at the time had put a “significant amount” of data at risk, but it had little impact on services for patients.

A "small number of cases" have been identified, where sensitive information was held temporarily on the network at the time of the attack. 

Some information which comes from the statutory births, deaths and marriages registers was also accessed. This information is used to correctly identify patients and maintain the accuracy of the service.

NRS bosses say they are continuing to work with the affected health board and Police Scotland to resolve the issue.

READ MORE: MSP calls for improvements on A76 after two tragic deaths 

Chief Executive Janet Egdell said: “We are aware that this will be distressing news for those individuals most directly affected. 

"This is a live criminal investigation, and we are working closely with NHS Dumfries and Galloway, Police Scotland, Scottish Government and other agencies involved in the inquiry.

“NRS takes cyber security and privacy seriously. This includes ensuring the continued safe provision of the service we provide.”

NRS has opened a mailbox for enquiries from members of the public at cyberincident@nrscotland.gov.uk.