It is now a week since the Irish Health System, the Health Service Executive (HSE), was targeted by foreign criminals seeking to extort a ransom. The IT systems and computers of HSE and hospitals were hacked, and patient personal and health files taken. The worst affected area was Radiology and treatment of cancer patients was severely affected.
It was reported that a ransom of $20 Million was demanded. The Irish Government has been adamant in its refusal to pay that. The group who carried out the attack were Russians, based in St. Petersburg, operating under the name Wizard Spider. The Government asked for assistance from the US, EU, and Interpol and indeed the Russian Embassy, though help from that quarter was unlikely to be forthcoming regarding taking any action against the group, although its location in St Petersburg is said to be known. The National Cyber Security Centre is dealing with the effects of the attack and combating its effects and a specialised company has been brought in.
The Government has been criticised by many as it seems critical IT systems were vulnerable to cyber attack. Senior military sources and Dr Cathal Berry, a former officer in the Army Ranger Wing and an independent TD, said that the fight back against the hackers has been undermined because of a failure by Government to properly resource the Defence Forces unit tasked with solving the problem. The military’s cyber defence capability is contained within the Communications and Information Services Corps (CIS). However, the CIS has suffered massively since 2013 with the cuts to the Defence Forces which have taken place.
When the ransomware attack struck the health service requested help from the military to combat the assault on its network and the CIS provided a specialist team to work with the HSE and co-ordinate activities, a senior Defence Forces source said.
There have been reports that patients’ data has been put on sale on the’ dark net’ while other reports say the ransomware criminal group have threatened to make data public if the ransom is not met. It was also reported that a medical organisation from outside Ireland contacted a patient offering them services they required and knew details of their medical history.
Recently the Government said a decryption key had been provided by the hackers and that no payment has been made for this. However, it must be checked out, a time-consuming exercise, to confirm if it does in fact work and is not another method of affecting the IT systems.
The HSE obtained a High Court injunction preventing hackers, individuals or businesses from sharing, processing, or selling data stolen during the cyber attack. The provision of the injunction aims to serve legitimate platforms such as Google, Facebook and Twitter with notice of a legal prohibition against the publication of any of the stolen information.
Unfortunately, is seem criminals have got access to personal and health data and are engaging in attempts to use this to fraudulently extract money. The HSE issued the following warning: Just a heads up to everyone, people are getting calls from some Dublin number pretending to be from the HSE. They have all your details, contact, DOB, PPS, and date of last trip to hospital etc. They asked for bank details to give a refund for being overcharged. This is a result of the hackers releasing all the data. Be careful if you get calls no matter how real they seem.
With patients badly hit and with thousands of medical procedures and appointments cancelled, if systems are not restored and data recaptured quickly it would seem that lives will be lost or shortened.
Posted by C Ó Luain, Convenor Celtic League (21st May 2021)
Image: St Vincent University Hospital Dublin