Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
LAST UPDATE | 22 May 2021
THE HSE IS “making progress” towards restoring health systems that have been impacted by the cyber attack which hit the health service last week.
The HSE and IT experts have developed a new version of the decryption tool made available in the cyber attack, according to Minister for Health Stephen Donnelly.
A decryption tool that might help the HSE to unlock its IT system following the widespread cyber attack last week is available online.
A new version of the tool has been tested and a “structured and controlled deployment is now underway across the core network and devices across the system”, Donnelly said.
“We are making progress on restoring health systems which is important to our patients who need the services, and also to the staff across the service who are doing ferocious work after 14 months of intense work on Covid-19,” he said.
“The Ministerial Cyber Attack Taskforce continues to meet on a daily basis to review progress with the response to last week’s cyber-attack on the HSE and to co-ordinate ongoing actions across Government. Good progress is being made with the restoration of HSE and hospital IT.”
The National Integrated Medical Imagine System (NIMIS) platform that delivers digital radiology is live again in Beaumont hospital, with progress made in other hospitals.
However, Donnelly said the levels of disruption next week are expected to be similar to this week.
Government ministers met today to review progress on Ireland’s response to the cyber attack on the HSE.
Ministers Donnelly, Eamon Ryan, and Heather Humphreys and Minister of State Ossian Smyth were updated on progress made towards restoring HSE and hospital IT systems, which is “essential to the restoration of care for patients and to support the personnel in the front line who are delivering care”, a government statement said.
“The Ministers expressed their particular appreciation for the exceptional efforts of frontline health care workers in the difficult circumstances caused by the cyber-attack,” the statement said.
“The National Cyber Security Centre, the HSE and specialist contractors are continuing to implement a detailed and dedicated operational programme to repair and restore the HSE’s IT systems and network, and are making very steady progress in what is a difficult and complex task.”
Taoiseach Michéal Martin said yesterday that the reason the tool was provided was unknown.
Minister of State Niall Collins said earlier this afternoon that it was “still unclear” why the decryption key was made available.
Speaking on RTÉ Radio One’s Saturday with Katie Hannon, Collins said that work was ongoing to determine whether or not the decryption key is functional.
“The HSE is a hugely complex organisation, there’s over 80,000 devices across the HSE, which have to be checked as part of the whole response to this cyber attack,” Collins said.
The minister said that we need to “have a stepped up public awareness campaign over the next number of days to highlight to people, particularly vulnerable people”, the dangers posed by criminal organisations operating in the cyber sphere.
Vice President of the Irish Hospital Consultants Association (IHCA) Dr Gabrielle Colleran, a consultant radiologist in Holles Street, told RTÉ Radio One that it has been “by far the most difficult eight days” of her time in the HSE since joining the body in 2003.
Healthcare workers in Holles Street were tackling multiple challenges when they came into work last Friday, including disconnected computers, no working phones, and no access to patients’ records.
Dr Colleran said staff were “trying to piece together the picture of the clinical puzzle from conversations with each other”.
Interim measures, such as using mobile phones to communicate and taking notes by hand, were “quickly locking into place to try to keep the show on the road”.
However, “the reality is it’s so much slower when we are doing things by hand, when we don’t have access to the priors, it’s not the safe, high quality service that we want to provide and it’s much slower”.
Dr Colleran said it is “clear we’re going to have to invest coming out of this and it’s important that we invest not just in the hardware and the software, but in having the local expertise on site”.
“Many [healthcare workers in model three hospitals] have been quite affected by the fact that the expertise is centralised and not local on the ground. So it’s very important that we invest wisely in solutions that work, and solutions that work come from the frontline.”
Sinn Féin spokesperson for health David Cullinane said that “priority has to be to get services back up and running as quickly as possible”.
“We do need to have a conversation about cyber security and funding,” Cullinane said.
“We can’t take our eye off the ball in that area, because if criminal gangs can penetrate our healthcare system like that and almost bring it to its knees at a very vulnerable time, obviously more needs to be done.”
The HSE has received a High Court injunction to stop data that might have been stolen during the attack being used illegally.
The injunction requires anyone possessing the HSE data to return it and not to disclose, trade, or deal in the information.
The public has been advised to be cautious of call and text scams by fraudsters taking advantage of fear around the attack on the HSE.
To embed this post, copy the code below on your site
How about looking at the reason HSE IT secutity controls are so poor
@Random_paddy: apparently this hack started with someone clicking something they shouldn’t have. So the issue there is training.
To protect themselves completely, the HSE needs to lock down their systems so that eg none of their computers have WiFi or USB, and Internet is only available on some computers which have no connection to the rest of their systems. They also would need to either ban remote working, or secure the home networks of their remote employees. But that still won’t protect them against inside jobs or some inherent vulnerabilities of all computer systems.
@Random_paddy: IT security is as good as anywhere. Not much you can do when a staff member hands control of his machine to those intent on causing harm/making money. From what the HSE said regarding this staff member and their ‘broken’ PC, its fairly obvious the HSE were not deliberately targeted, the scammers just got extremely lucky and met the right tool. Staff member ‘inadvertently’ downloaded ransomware and attempted to rectify the issue themselves rather than contacting their IT Dept. In their attempt to save themselves the embarrassment of having to explain what they were doing to download ransomware, they literally cost the taxpayers of this country millions and exposed their most personal records to the dark net. The scammers must have near wet themselves with excitement when they realised what network that PC was linked to.
@Tommy Roche: Maybe a single compromised machine shouldn’t compromise the entire system!
@Tommy Roche: A logical explanation. Had to switch off listening to Ms Shorthall pontificating. Good that Niall Collins pointed out that when she was in the hot seat she jumped ship.
@Thomas Smyth: It was the employee who compromised the machine whilst they were connected to the HSE network. I realise many are hoping the blame will go up the ladder within the HSE, but in this case the blame will fall entirely where it should. There are of course innocent ways a machine could become infected with ransomware, but all of them involve downloading a file(.exe, jpg, MP3, etc) over the internet from an untrusted source. That’s a huge no-no for an employee with login privileges to the organizations internal network. If you want to download pics of the latest erotic adventures of Sharon the Sheep, at least do it in the privacy of your own home, on your own internet connection.
@Tommy Roche: People seem to have a notion here that the “Employee” simply clicked a link and the whole system was compromised, I would not believe that notion for one second.. Firstly one can assume that if the employee was general staff then not a hope they had access to the complete network because if so the whole HSE IT team should be sent packing… This for me at least stinks of the HSE IT team not have a bulls notion and regardless of an employee doing what they did, at least have a DR backup for crying out loud…
@Random_paddy: all the regulars here last week complaining about the people replying to the phishing mail that the company sent about pay rise….now you see how important it is that they should just not clicked on those links. Fffs
@Dave: He initially clicked something, or downloaded something that resulted in ransomware being installed on his machine. The machine froze, a screen popped up warning the machine was infected and showed a number to call for ‘technical support’ The employee actually phoned and spoke to the scammers. They asked him to allow remote access so that they could diagnose and fix the problem, which he did. If this had been a normal home PC the scammers would have rooted around for a bit, say they had found the problem and state a fee to fix it. The person would pay the fee and the scammers would delete the ransomware. In rooting around this machine they found they had stumbled into something huge that could pay off big time.
The password to the system was definitely ‘HSE’
@Eoin Fitzgerald: They inadvertently hooked into the feasibility study and schematics for the Children’s Hospital and thought, ‘By the Beard of Tsar Nicholas, ve cannot disrupt zis system any more than it already is …. Give zem ze incription key, and be done wiz it ..’
Maybe people who know very little about Information and Communication Technologies should stop speculating.
@Sean O’Doherty: that would help alot.
Or maybe it’s because a ransom was paid.
Maybe a contractor paid the ransom?
Then state can pay the contractor?
But the state luckily didn’t pay the ransom?
Something smell off with this, but they had a risk assessment done, every small business has that done, doesn’t mean the problem is dealt with.
@Divad Nayr: I would not believe a word of what is being said, an employee clicked a link, the whole system was compromised and then all of a sudden a decryption was received,,,, Ya right.
Training helps but some of these fake messages/sites can be incredibly realistic. I’d love to think that I would not be caught out but I probably would.
Hands up who thinks the ransom was paid!
Now to scroll down to the comment section and let us hear from the experts
@Sidney Cooper: including yourself.
Because obviously the threat their making is to leaking everyone’s data and not to disrupt the system
Its a trap…
Maybe it’s cause the whole idea was to get peoples data and then get paid for not releasing it and they have the data now ,so they give them key so they can get their systems back but they still have the data so they still have to pay for it not to be released or not pay and they put it out their
All happening whilst we have college’s cancelling coarses on cyber security, just because on its second year hadn’t large enough numbers.
There is understandably awful lot of debate around the circumstances of this hack, network security, alleged user training failures, including am alleged employee with computer issues clicking on a link offering help etc.
The reasons behind this entire fiasco comes down to an issue which will be familiar to many and will likely offend people that are working in IT, but here goes…
In many companies and organisations, when a user reports an issue to their IT department, which may be one person or an entire team, the response is pretty much universal…
We are flat out, we have logged your issue and will get back to you and or someone to have a look when we get a chance…hours or even days go by and nothing gets done…
To me it sounds very much like they paid the ransom. These cyber terrorists don’t give it out for free.
Maybe they just feel sorry for how absolutely pathetic their victim is – maybe one of their consciences cracked under the massive weight of outright pity
Don’t believed this was caused by someone just clicking on a mail. Far easier to blame an employee than blame the failures of their it system, just like in any plane crash the pilot always gets the blame and never the plane,
Really?
Borris the blade and the Sneaky f’n Russians !
Really.
have your say