Cyber hackers share private info as government refuse to pay out

by Gazette Reporter
0 comment

BY Rachel Cunningham

Environment, Climate and Communications Minister Eamon Ryan stressed this Wednesday (May 19) that there would be no ransom payments to the Cyber  blackmailers either by the government or third parties on its behalf.

He said there was hundreds of people now working on seeing how best to undo the hackers work but accepted that the Russian based cyber criminals had already put information up on the dark web, showing that they would carry out their threats if not paid the millions demanded. This was collaborated by a report in the Financial Times stating that such action was no under way.

The extent of the Cyber attack fallout is still only being measured, but it now seems certain to affect hospitals and workers across departments , many of whom have been able to do any real work in the past week because they are locked out of the computer system.

Last Thursday (May 13), shortly into Ireland’s tentative re-emergence from coronavirus regulations, the National Cyber Security Centre (NCSC) became aware of a different sort of virus attempting to attack the Department of Health The ransomware attack, known as Conti, has already caused significant disruption to hospital appointments and has paralysed services across the country, with expensive and time-consuming ripple effects anticipated over the coming months. 

The cyber attack, which first targeted the Department of Health and then the Health Service Executive (HSE), has been the most serious one on the State’s critical infrastructure to date. Four years ago, Ireland’s health infrastructure avoided another ransomware attack, the WannaCry, which infected 250,000 machines spanning 150 countries, including the UK’s NHS. 

Although the Department of Health responded quickly enough to prevent the detonation of the malware on its systems, the virus and a digital ransom note were successfully inserted on the HSE’s system. Using the digital footprints of the cyber criminals, the NCSC can identify how long they have been in the systems but as yet they do not know how they broke in. 

The HSE’s IT systems are currently shutdown as specialists are performing the painstaking work of combing through each part of the network to clean, rebuild and update all infected devices and ensure that the data is ultimately securely restored. The NCSC is assisting both the HSE and the Department of Health in responding and recovering from the incident. 

The HSE’s Chief Operations Officer, Anne O’Connor, described this as a complex task, involving 2,000 patient facing systems and 80,000 devices.

HSE’s Chief Operations Officer, Anne O’Connor

The most severely affected services include radiology (X-ray, MRI and CT scans), oncology radiation, paediatric services and maternity systems.  There is currently no access to historical data and there have been challenges created in thelabs.

Scan or blood results cannot be shared with consultants or GPs electronically, meaning that every request for a test and every result has to be manually transcribed. To tackle this, hospitals have had to bring staff back into the hospitals to effectively work as runners between labs and radiology departments. The payroll systems for medical staff have also been impacted.

The Child and Family Agency Tusla systems have been compromised and the agency has advised that, while it continues to be significantly affected by the cyber attack, its child protection system continues to be open for referrals by phone.

Due to additional pressures associated with the attack, the Irish Association for Emergency Medicine (IAEM) is asking that only those with a need for emergency treatment attend emergency departments, urging non-emergency patients to consider alternative care options, including Injury Units, GP out-of-hours and their local pharmacy. The association advised patients to bring any information that may assist staff in delivering care, such medication lists, medical record numbers or patient chart numbers, as patient administration systems are not available.

A full list of affected Dublin hospitals and services can be found on the HSE’s IT system cyber attack section of its website. Ireland’s voluntary hospitals are on a separate IT system to the HSE, which means that they have been less severely impacted and may return to normal service faster. 

Private and voluntary hospitals are in use this week to access oncology services and some diagnostics. Covid-19 vaccinations are scheduled to continue as planned, and chemotherapy and dialysis are carrying-on as normal, while all emergency services remain open.

This is just one example of a number of attacks that began roughly 18 months ago and have been connected to ‘Wizard Spider’, a Russian gang which outsources attacks to other criminal gangs in exchange for a share of the paid ransoms. The majority of the activity has stemmed from Russia or eastern Europe, which is where the Irish attack is also believed to have originated. 

The group has reportedly earned millions through such ransom demands, putting them on the radar of the FBI, the UK’s National Crime Agency, Interpol, Europol and now the Garda National Cyber Crime Bureau. The hackers are  looking for millions to enable the HSE and the Department of Health to retrieve the sensitive data that has been lost, including patient and banking details. 

The repercussions of this attack means that the cost of repairing the damage will be in the region of “tens of millions”, as was estimated by Director-General of the HSE, Paul Reid.

The Garda Cyber Crime Bureau is leading the criminal investigation in liaison with Europol and Interpol. It has been predicted that even if the responsible individuals are identified, they will most likely be located in countries beyond the reach of this jurisdiction.

Related Articles