Cyberattack a ‘despicable’ crime with risk of stolen patient data being abused, Government says

No effort spared to resume medical services and restore HSE’s system, statement says

The ransomware attack on the HSE on Friday morning caused major disruption as it required a shutdown of all IT systems. Photograph: Getty Images
The ransomware attack on the HSE on Friday morning caused major disruption as it required a shutdown of all IT systems. Photograph: Getty Images

The Government has said the cyber attacks on the State’s health services are “despicable crimes” and “no effort is being spared” to resume medical services and restore the HSE’s system.

It also said any public release of stolen patient data by the criminals behind the attack is “utterly contemptible”. It said there is a risk that the medical and other data of patients will be abused. and anyone who is affected it is urged to contact the HSE and gardaí.

The remarks come after Taoiseach Micheál Martin, Tánaiste Leo Varadkar and Green Party Leader Eamon Ryan met other ministers as well as representatives from the National Cyber Security Centre (NCSC) and HSE chief executive Paul Reid to discuss the impact of the ransomware cyberattack on the HSE.

Minister for Health Stephen Donnelly, Minister for Justice Heather Humphreys and Minister of State for Communications and eGovernment Ossian Smyth were also present.

READ MORE

The ransomware attack on the HSE on Friday morning caused major disruption as it required a shutdown of all IT systems and led to the cancellation of many out-patient appointments.

Efforts to restore the systems are ongoing, but it will likely be several days before services return to normal.

A Government statement after the meeting said the “main concern is to secure as speedy a resumption of all medical services as can possibly be achieved, consistent with ensuring that the HSE’s system can be safely and robustly restored.

“No effort is being spared to achieve this,” it said.

It said the Government is “adopting a determined and methodical approach to resolving the impact of this attack.

“All necessary resources and personnel are engaged in support of the HSE.”

The response is being led by the NCSC in collaboration with the HSE, the Government’s chief information officer and a specialist cybersecurity contractor.#

It said that, in addition, a number of private sector cybersecurity experts have volunteered their support in recent days.

There is said to be “hundreds of people deployed to tackle this attack in accordance with the pre-determined plan for such cyberattacks” and “detailed technical work” is continuing to restore the HSE’s IT infrastructure.

The Government said the HSE is “continuing to make the necessary arrangements in the interim to provide the maximum possible availability of services to patients across the State.

“While the process will, inevitably, take some time, the HSE and its partners are working to ensure that the maintenance and restoration of care for patients can progress in the coming days.”

The details of the hospital services available and being restored will be updated by the HSE on its website on a regular basis.

The Government said: “This attack on Ireland’s health care system and its patients was carried out by an international cybercrime gang.

“It is aimed at nothing other than extorting money and those who carried it out have no concern for the severe impact on patients needing care or for the privacy of those whose private information has been stolen.

“The Garda authorities, working actively with international partners, are pursuing every avenue available in investigating those responsible.

“The Garda National Cyber Crime Bureau is leading on the criminal investigation and will continue to work closely with the NCSC and the HSE as it develops.”

The Government statement added: “These ransomware attacks are despicable crimes, most especially when they target critical health infrastructure and sensitive patient data.

“The significant disruption to health services is to be condemned, especially at this time.

“Any public release by the criminals behind this attack of any stolen patient data is equally and utterly contemptible. There is a risk that the medical and other data of patients will be abused. Anyone who is affected is urged to contact the HSE and the Garda authorities.”

Tens of millions

Earlier Mr Reid said it will cost the State “tens of millions” of euro to “fix” the network system impacted last week’s cyberattack on the HS.

"What we have to do here is a very significant rebuild," Mr Reid told RTÉ radio's Morning Ireland as the HSE continued to grapple with the attack.

The Irish Nurses and Midwives’ Organisation (INMO) has raised concerns that the personal information of health service staff and patients may have been compromised in . It has also sought certainty from the HSE that its payroll system has not been impacted by the cyberattack.

An INMO spokesman said: “The hack of HSE computers has caused substantial difficulty in providing care in recent days.

“As the health service restores systems, our concern is that staff and patient personal information may be compromised.”

He said INMO members “continue with care provision and are adapting as we have done in relation to Covid-19.

“Patients are understandably nervous that their care may be delayed. Obviously there will be delays, but our members are at work, are providing care, and will continue to do so.”

The spokesman also said: “We have requested that the HSE ensure staff are kept fully informed with as much clear information as possible. The INMO has also sought certainty that payroll is not negatively impacted and frontline staff get paid as planned.”

Organised Crime Gang

The hackers, thought to be an organised criminal gang based in another country, are expected to have accessed patient data and may now publish it online.

The HSE’s chief operations officer Anne O’Connor has said that it was not possible to guarantee that people’s private medical information would not be shared on the internet by those behind the attack.

“This is a very serious attack, it has really compromised our whole system.

“We know some data has been compromised. IT teams are working to see what data has been impacted. Unfortunately we cannot give reassurance in terms of what data may or may not have been stolen,” she told Newstalk Breakfast.

Ms O’Connor explained that the main impact was on radiology and blood test results. “We have no way of relaying those results to clinicians in the hospital – for example if someone in ED is looking for the results of a scan, we can’t get those electronically, equally we can’t get results out to GPs for blood tests because everything has to be manually transcribed – so every request for a test and every result has to be manually transcribed, we’ve had to bring staff back into the hospitals to basically work as runners between labs and radiology departments.”

Private hospitals will be used this week to access oncology services and some diagnostics, he said. This was continuing on from the work the private hospitals had been doing with the HSE on Covid-19, Mr Reid added.

The HSE was working to contain the impact and teams had worked “around the clock” over the weekend to get patient and administration systems back up and running, Mr Reid said.

Ransom

A ransom note purporting to come from the criminal gang was published in the US media at the weekend and threatens the release of detailed patient information unless a ransom of $20 million is paid.

US site Bleeping Computer says the note was obtained from a cybersecurity researcher. It claims the attackers have been inside the HSE system for two weeks and encrypted a significant amount of data, including patient and banking details.

A series of attacks of this manner began about 18 months ago linked to a Russian gang known as Wizard Spider, which has also outsourced attacks to other criminal gangs in exchange for a share of the ransoms that are paid. Most of the activity has originated in Russia or eastern Europe and those origins are suspected for the Irish attack.

Regular updates

Labour leader Alan Kelly said the public needs “more regular updates and reassurance” from the Taoiseach and other ministers on the cyber attacks.

He also said the Opposition should be briefed in detail on the incidents.

Mr Kelly said: “This is a major issue of national security and is a direct attack on our health service and the tens of thousands of people needing treatment.

“The public now need more regular updates and reassurance from the Taoiseach and relevant Ministers about the progress being made on resolving this cyber attack and protecting us from further incidents.

“There should also be a full and detailed briefing from the government for Opposition leaders about the scale of this attack, how it is being handled, what they believe went wrong, and what contingencies will be in place to get health services and appointments back in operation.”

Meanwhile, Minister for Justice Heather Humphreys met Garda Commissioner Drew Harris, Detective Chief Superintendent Paul Cleary of the Garda Cybercrime Bureau and senior officials in the Department of Justice on Monday to discuss the attack.

Mr Harris informed Ms Humphreys that An Garda Síochána is liaising and co-operating with international law enforcement partners.

Mr Harris and Chief Supt Cleary also updated Ms Humphreys on the criminal investigation in the cyberattack.

The Minister will update her Government colleagues and will remain in close contact with the Garda Commissioner and his team.

Cormac McQuinn

Cormac McQuinn

Cormac McQuinn is a Political Correspondent at The Irish Times

Jack Horgan-Jones

Jack Horgan-Jones

Jack Horgan-Jones is a Political Correspondent with The Irish Times