Almost 60% of Scottish councils hit by cyber attacks

By The Newsroom
Published 24th Jul 2017, 07:00 BST
Updated 12th Sep 2017, 11:52 BST
Ransomware, malware and denial of service attacks are among the incidents reported by the countrys public bodies. Picture: Getty ImagesRansomware, malware and denial of service attacks are among the incidents reported by the countrys public bodies. Picture: Getty Images
Ransomware, malware and denial of service attacks are among the incidents reported by the countrys public bodies. Picture: Getty Images
Almost 60 per cent of Scottish councils and more than half of Scotland's health boards have been targeted by cyber criminals since 2014, a Scotsman investigation has revealed.

Nine universities and numerous government bodies have also been hit during the last three years, the investigation found.

Some local authorities reported being bombarded with thousands of spam emails and receiving ransom demands to decrypt data.

Hide Ad
Hide Ad

Freedom of Information requests showed 19 of Scotland’s 32 councils experienced either attempted or successful attacks since 2014.

Ransomware attacks were reported by 14 local authorities, sometimes on multiple occasions.

Four councils refused to reveal any information, with two fearing doing so would leave them vulnerable to future attacks.

Of the incidents logged by 19 councils, only nine authorities reported any of them to police, although no data was stolen or lost.

The investigation revealed Scottish local authorities were subject to more than 50 notable incidents in the past three financial years.

Aberdeen City Council was one of the hardest hit. Between 2014 and 2017, it suffered 12 successful cyber attacks, including six ransomware incidents, and had its webpage defaced. It also recorded more than 15 million attempts, including intrusion threats, spam, web risks and viruses, in the last eight months of 2016. Police were notified of two incidents.

Highland Council reported being targeted 953 times, including two partially-successful ransomware attacks, while more than 415,000 unsuccessful spam emails were sent to East Lothian Council.

Perth and Kinross Council reported blocking an average of 1.2 million spam emails every month. None of its three ransomware attacks were reported to any authority as it said “attacks were treated as business as usual and not significant enough to warrant reporting”.

Hide Ad
Hide Ad

Falkirk, Glasgow City, North Ayrshire and Dumfries and Galloway councils refused to disclose any details.

Three ransomware hits got through Dundee City’s defences, North Lanarkshire Council had two malware incidents in 2015 and three ransomware in 2016 and Edinburgh City Council reported nine incidents, including malware preventing access to systems, a sustained denial of service (ddos) attack, and malware being installed and copied.

A spokesman for local authority umbrella body Cosla said: “This is a fine balancing act for councils.

“Scotland’s councils have good defences in place and as such are confident around them preventing it happening to us. That said, we are certainly not, and never will be complacent or think that this couldn’t happen to us.

“We fully recognise how important our cyber security is and we are doing everything we can to safeguard councils against such attacks.“

The research, conducted together with The Scotsman’s sister titles in Johnston Press, found 11 of Scotland’s health boards were affected by the WannaCry attack in May which affected the NHS network across the UK.

In addition, NHS Fife logged 693 attempted malware attacks in the past three years. It was also hit by three successful ransomware attacks which required PCs to be rebuilt.

NHS Lanarkshire reported 51 attempted or successful attacks and NHS Greater Glasgow and Clyde was subject to four cyber breaches in 2016. Files became inaccessible after being encrypted by ransomware. However, data was recovered and the ransom was not paid.