There is expected to be "steady progress" in restoring Health Service Executive (HSE) systems and services in the coming days following the devastating cyber attack earlier this month.
While it may still be many weeks before the HSE’s computers are fully restored, technicians are said to be pleased with the progress being made using a decryption key provided by the attackers.
Government sources said there was still no evidence that stolen data on patients and staff had been published on the internet, despite a warning by the criminal gang behind the attack that this would happen on Monday.
The ministerial taskforce overseeing the State’s response is meeting daily to be updated on efforts to recover from the ransomware attack.
A source said there had been “steady, careful progress” with the decryption tool with “more services likely to resume in the next 48 hours”. They cautioned that the “entire process is likely to take weeks”.
Another source said the “technical team are happy with what they’re doing” and some of the HSE’s core systems were back in operation, albeit they needed to be tested before services were resumed for the public. According to the source: “A substantial number of HSE systems are likely to go online in the next 48 hours with the progress from the decryption key.”
Unpaid ransom
The criminal gang behind the attack had given the Government until Monday to pay a €16.4 million ransom to stop it publishing or selling what it claims is 700 gigabytes of stolen data.
The Government has insisted no ransom will be paid and a source on Monday night said the State had to “assume the worst-case scenario and plan for that”.
The Department of Justice and gardaí have been preparing for the possibility that the data will be released. The source pointed to measures like the court order secured by the HSE last week and how it will help reduce the spread of any such data on social media as the tech companies are on notice that they have to remove it.
It is understood that scenarios that have been considered include the possibility that the data will be dumped online in one go as a warning to others to pay ransoms in future or it could be published in a “drip, drip” manner in a bid to ramp up pressure on the Government. It is also said to be possible that the information could be sold to other criminals or even that the threat to release the information may not be followed through on as the gang involved may wish to avoid the attention this would drawn from international security forces.
Taoiseach Micheál Martin said on Monday there was “no great evidence yet of any mass dumping of data” from the HSE data hack.
‘Don’t share’ data
Mr Martin said hospital services were coming back as the HSE systems were rebuilt and that the decryption key provided by the hackers was helping.
Speaking on RTÉ radio, Mr Martin said: "So far we haven't seen any significant dumping of data."
“If anyone has any suspicions, if anybody comes across any data, if you see it don’t share it,” he said. “Report it; that’s the simple message we have – report it to the gardaí.
“It is criminal, these are criminals who will seek to exploit this data,” he said. “But again, we’ve had very good co-operation with social media companies, who have been very proactive with the Government in relation to this and have agreed to shut down anything and take it down as quickly as they see anything.”
Minister for Children Roderic O’Gorman joined the ministerial taskforce on Monday as Tusla, the Child and Family agency, was also potentially impacted by the cyberattack.
In recent days, Tusla – which has databases and files across the HSE network – said there was no evidence that sensitive information about child protection and welfare cases had been stolen.
Other Ministers who have been getting daily briefings on the State’s response to the attack are Minister for Justice Heather Humphreys, Minister for Communications Eamon Ryan and his junior colleague in the department, Ossian Smyth, and Minister for Health Stephen Donnelly.