Patient files still can’t be accessed… It’s a mess
As HSE scrambles to unlock 380,000 f iles, sources fear delay could lead to patient deaths
THE Health Service Executive is still in the damage ‘containment’ phase following last week’s unprecedented cyberattack, with around 380,000 patient files still not accessible, the Irish Mail on Sunday has learned.
Sources close to the investigation said last night there are ‘major concerns’ data are being harvested and sold on and will be used for ‘blackmail and extortion’ or ‘marketing and health services’.
They warned it will be ‘weeks’ before the HSE will be able to access hundreds of thousands of files that are vital to patients’ treatment.
This is despite the organised cybercrime group behind the attack providing the decryption key to the HSE on Thursday.
A source told the MoS: ‘If you are very ill… it’s about monitoring developments.
‘Still in containment phase. It’s going to be very slow’
The fact the HSE has lost control of thousands of files is not good for patient care.’
Meanwhile, gardaí are already aware of people receiving phone calls offering services and looking for bank account details. A source said: ‘People who got a call to say, “You were in hospital five years ago you’re due a refund and give us your bank account”. There have been calls from Turkey offering medical treatment for cash.
‘It’s a bit of a mess. They were making slow and steady progress on Thursday, but they’re still a long way off. The national cyber crime unit is involved, but there wouldn’t be much hope for investigations identifying or bringing anyone to justice.’
Files from the Sexual Assault Treatment Unit at the Rotunda Hospital are also understood to have been compromised and there is huge concern highly personal information will be leaked.
‘The highly personal data like sexual assaults, abortions and STIs – personal data people never for a second thought would get out there,’ a source said.
Sources also told the MoS there is ‘no guarantee’ Túsla files have not been compromised. ‘They can’t guarantee [Túsla files have not been compromised] because they don’t know. They were only separated as agencies a couple of years ago.’
On Friday the High Court granted the HSE an injunction to prevent anyone from sharing, processing, selling or publishing any data stolen by the hackers. It said this action was designed to make it illegal for mainstream sites, such as Google, Facebook or Twitter, to share the information. However, the leaking of data remains a ‘secondary’ concern for the HSE as hundreds of thousands of patient files still cannot be accessed.
A source told the MoS: ‘They’re still in the containment phase. It’s going to be very slow. It’s a mess and people will die if these files remain out of reach for much longer.’
The gang behind the cyberattack gave the HSE a decryption tool on Thursday to restore the health service systems that had been rendered useless by the malware known as Conti. This tool is understood to be genuine but restoring the systems using it would likely take weeks. The National Cyber Security Centre (NCSC), which is leading the response to the attack, was offered a tool by a New Zealand cyber-security company that is being assessed. Experts say it could restore the HSE systems twice as quickly. The hackers warned that data would be published online and sold unless a $20m ransom was paid by tomorrow.