GANG DEMANDS $20M FROM HSE
Ransom note says patient data hacked Health service’s ‘ageing tech’ made it ‘easy mark’ Poll: 80% say no money should be paid
CYBER terrorists are seeking a $20m ransom from the State – and they claimed to have had access to the health system’s IT network for two weeks before making their demands, the Irish Mail on Sunday can reveal.
The HSE is in a race against time to prevent the international gang behind the biggest ever cyberattack in the history of the State from releasing a huge 700GB of sensitive and confidential information about thousands of patients on the internet.
Anti-hacker specialists, gardaí and the Government are preparing for potential follow-up attacks on Government departments and State agencies, with some experts warning that paying the ransom may be the only way to secure the data.
The MoS can also reveal that last night the Department of Social Welfare confirmed that it had shut down parts of its computer system that were connected to the HSE’s network.
Taoiseach Micheál Martin has ruled out paying a ransom to the cybercriminals, a stance that so far
has the backing of the public. According to a MoS-Ireland Thinks poll published today, 80% of people support the decision not to pay the ransom. Just 11% of those surveyed said the ransom should be paid.
Yesterday BleepingComputers. com, a technology news website that reports heavily on cybersecurity issues, shared a screenshot of a message sent between the ransomware Conti and the HSE.
In the screenshot, the gang claimed to have had access to the HSE network for two weeks. During this time, they claim to have stolen 700gb of unencrypted files
‘Other departments might be targeted’ ‘WE INFILTRATED YOUR NETWORK AND STAYED IN IT FOR MORE THAN TWO WEEKS’
from the HSE, including patient and employee information, contracts, financial statements and payroll details.
The cyberattackers further stated they would provide a decryptor and delete the stolen data if a ransom of $19,999,000 (€16,465,640) was paid. This information was verified by senior sources who spoke to the MoS last night.
One source warned: ‘There may be no other way out of this [than to pay the ransom] and then you have to start building up your firewalls so it doesn’t happen again. This is a major incident and nobody can say right now what may have been stolen and what the damage is.
‘It’s so extensive it’s going to take about a week to really know what damage they have caused.
‘We fear other Government departments might have been targeted and they don’t even know it yet.’
The source added: ‘The people behind this and the gangs responsible could have gained access to the HSE system weeks ago. They could have been collecting the information for weeks and after they collected the information they then looked for a ransom to be paid in
Bitcoin. The situation is so severe that the ransom may have to be paid. Up to 85,000 computers are turned off at the moment but it is only as they are gradually turned on that the true extent of the damage will become known and we are only going to start getting an idea of the true extent of the damage on Monday or Tuesday.’
As the health authorities battle to assess the full extent of the problem, with some appointments for cancer and out-patients cancelled until further notice, experts are now warning that the malware virus could be making its way through the IT systems of other Government departments. The Minister of State for eGovernment Ossian Smyth described the cyberattack as ‘possibly the most significant cybercrime attack on the Irish State’.
One Cabinet minister told the MoS: ‘This is so serious. Your medical records, or mine or your granny’s could be up on the dark web tomorrow.’
The minister called for the Cabinet and the Cabinet Security Sub Committee to convene ‘today at the very least’.
In a statement to the MoS, a Department of Social Protection spokeswoman confirmed that ‘a number of electronic communication channels with the HSE’ had been temporarily suspended while the HSE systems are offline.
The statement added: ‘The department’s systems are fully operational and are monitored at all times. The Department of Social Protection has cyber-defence systems in place that react to any threat to its systems in the event of a significant cyber incident.’
The HSE was first alerted to the attack when staff at the Rotunda Hospital were confronted by the following message when they accessed their computers in the early hours on Friday morning.
The ominous message read: ‘All of your files are currently encrypted by Conti ransomware. If you try to use any additional recovery software – the files might be damaged or lost.
‘To make sure that we REALLY CAN recover data – we offer you to decrypt samples. You can contact us for further information…’
At this stage the cyberattackers offered links before then threatening: ‘YOU SHOULD BE AWARE! just in case, if you try to ignore us. We’ve downloaded your data and are ready to publish it on out [sic] news website if you do not respond.
‘So it will be better for both sides if you contact us ASAP.’
The cyberattack comes after the HSE ignored repeated warnings to update its computer system. Many
of the HSE’s computers are operating off software that is 20 years old. In 2019 the health authority admitted that 79% of its computers were running on Microsoft Windows 7 software.
Last year the HSE replaced some of its computers but despite this upgrade, it admitted more than 60% of its system was still using Windows 7. This 12-year-old software is deemed so antiquated its own manufacturer Microsoft issued a warning not to use it. A spokeswoman for the HSE confirmed that Microsoft was ‘providing support’.
A leading information technology expert last night said the HSE made itself a ‘sitting duck’ for cyberterrorists because it failed to invest enough money in updating and securing its computer network.
Dr Simon Woodworth, a business information lecturer at UCC, said the HSE only spent €2m a year of its annual €20.6bn budget on security. But he said it should have been spending 18 times this amount. Dr Woodworth told the MoS: ‘At a minimum it should have been €36m.’
HSE boss Paul Reid yesterday described the cyberattack as a ‘very significant, sophisticated, high-impact threat’.
When asked if the HSE has been able to retrieve crucial information, Mr Reid told RTÉ’s Katie Hannon: ‘We can’t fully establish if there has been any impact on some of the data in those back-up systems… what we want to be able to do is to bring them back up safely.’
Meanwhile, doctors working on the frontline have told how hospitals have returned to the ‘Stone Age at present’, warning: ‘People could die.’
‘I cannot begin to describe how serious this is,’ one doctor, who did not want to be named, told Extra.ie. ‘We came in this morning and we couldn’t tell what patients were admitted overnight, who we had under our care or where in the hospital they were.
‘When we found them, we weren’t able to look up any of their records and we weren’t even capable of pulling their charts as they’re electronically tagged.’
‘It’s literally just gone back to the Stone Age at present,’ they said.
‘We’ve gone back to the Stone Age’