Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THE PRIVATE PERSONAL information belonging to potentially tens of thousands of Irish people could be packaged up and sold off on the darkweb to the highest bidder unless some form of deal is brokered with the hackers, senior sources have warned as the massive HSE cyberattack enters its fifth day.
The HSE has been left reeling by what has been described as the “biggest ever cyber attack in State history”.
Gardaí along with members of the Defence Forces are working around the clock to pinpoint exactly who is behind the attack.
While it has not been officially confirmed, it is thought a hacker group in Eastern Europe is responsible.
The HSE’s IT systems were hit by a Conti ransomware attack, where attackers enter into a computer system, study how it works, and encrypt the private data before announcing their attack to the victim and demanding a ransom for it not to be published online or sold off to a third party to be used for ill-intent.
While it is still very early in the investigation, sources say that the information believed to have been stolen by the criminal organisation is worth “exponentially more” than any ransom that may be demanded.
The government has repeatedly said it will not pay any ransom demanded by the hackers, in line with policy.
“Any public release by the criminals behind this attack of any stolen patient data is equally and utterly contemptible,” a government statement released last night said.
“There is a risk that the medical and other data of patients will be abused.”
It’s been confirmed a ransom has been demanded. While various sums were reported over the weekend, there’s been no official confirmation as to how much the hackers are demanding.
A senior official with expertise in the area, speaking to The Journal on condition of anonymity, explained what could happen if the State refuses to hand over cash.
“Usually, the data is just dumped on the darkweb for everyone to see. But this particular breach is different due to the value of the information which we suspect has been compromised.
“What we expect will happen is that the information will be packaged up and sold off on the darkweb to the highest bidder.
“The information we expect they have means they will be able to access sensitive information such as PPS numbers, current and previous addresses, dates of birth as well as other family data,” the source said.
Others sources with knowledge of work ongoing to tackle the widescale hack agreed that personal data like PPS numbers and addresses had been placed at risk.
The information suspected to have been obtained by these hackers will allow them to access Government services such as welfare, the official warned. It may also be possible for hackers to access PAYE records on the Revenue’s online service.
“In an ideal world, we’d all get new online identifications and PPS numbers,” our source added.
But even paying the ransom does not guarantee the ordeal will end.
Cybersecurity expert Ronan Murphy said that the facilitators of these ransomware attacks usually look to be paid in cryptocurrencies such as Bitcoin.
“The dilemma facing many organisations is – do they pay the ransom to get the data back safely, thereby funding the growth of these criminal enterprises or do they refuse to pay and risk having that stolen – possibly sensitive, confidential – data dumped on the internet where anyone could potentially access it.
“Ransomware attacks essentially back organisations into a corner. A year ago, a back-up system was seen as a reasonable security measure against these incidents – but the blackmail situation surrounding the threat to leak information is a completely different scenario and one that is extremely difficult to tackle.”
All other government departments and State agencies have been working to consolidate their own internal IT infrastructures since the attack.
We also understand that several investment funds and financial data centres were also targeted in the last 72 hours. However, it’s believed no information was compromised.
Speaking yesterday, Tánaiste Leo Varadkar described the attack as being “heinous”. However, he said he was not aware of any other departments or State agencies being hacked.
“There hasn’t been one on my department or any other body that I’m aware of. But needless to say, we’re doing everything we can to strengthen our security systems. It’s not just an attack on the State. It’s not just an attack on a computer system.
“It is an attack on sick people, sick people whose care is now going to be delayed and is going to be affected. That really makes it a heinous crime in my view.”
Ireland’s vulnerable IT systems
Cathal Berry TD, a former Defence Forces officer with the Army Ranger Wing, said that the HSE hack had exposed how vulnerable Ireland is to cyber attacks.
“We have seen how a biological virus can affect our country but this digital virus has shown how disruptive, and even more dangerous, [it can be] than the biological virus.
“Our country is more technologically reliant now than it has ever been, particularly as more and more of the population are working remotely.
“There are three different roles in cyber security from a State perspective. The cyber-crime aspect which is dealt with by the gardaí, the cyber defence which is dealt with by the Defence Forces and then the National Cyber Security Centre which has an overview,” he explained.
“The damage done by a largescale cyber attack would be devastating. There are four vulnerabilities which would be targeted. These would include the national grid, transportation through ports and airports, the health service and financial institutions.”
Deputy Berry said that he was confident that Green TD Ossian Smyth was the right man for his role as Minister for State for eGovernment.
“I sit next to him in the Convention Centre and have discussed this subject with him extensively. He was only appointed recently but he has spoken consistently about the subject and will be very effective.
“It is rare to have a minister well-matched to his portfolio but he is interested, he is tech-savvy, has a degree in computing from Trinity College.”
Sources have said that the attack on the HSE and other probes of Government Departments and agencies are part of an attack pattern.
Individual gardaí were issued with an email this weekend urging them to tighten their online security and to be vigilant.
The fightback against the HSE hack is being led by an inter-agency group of gardaí and military, backed up by a private agency brought in to assist.
“There is a lot of speculation but ultimately this is a criminal orientated attack that is not suspected to involve a State actor,” a separate security source said.
To embed this post, copy the code below on your site
“It is rare to have a minister well-matched to his portfolio but he is interested, he is tech-savvy, has a degree in computing from Trinity College.”
Why is it rare to have a minister well-matched to his portfolio and why do ministers who are not well matched have such jobs?
@JusticeForJoe: good question but unfortunately no one knows the answer. Well we kind of do job for the boys and all that.
@JusticeForJoe: because there aren’t enough good ones. Politics is a popularity contest, not a competence contest.
Besides, anyone with one “computing” degree who goes into politics is hardly going to give Sergey Hackeroff much of a challenge. Most fresh graduates would struggle to code their way out of a paper bag.
@JusticeForJoe: Not many TD’s have education qualifications that match their portfolios e.g. a finance minister should be an accountant, housing minister should be a civil engineer or builder.
Not many TD’s have such complimentary qualifications is what the author means.
@Sid: I got that, thanks Sid. I’m asking why. I’d suggest it should probably be a requirement of the job
@Sid: I don’t think the skills of a civil engineer line up with the housing minister role
@Sid: rubbish they don’t need to have degrees in relevant portfolio as civil servants make most of decisions anyways .
@JusticeForJoe: In an ideal world yes, but then you’re assuming that there will be credible people with the right qualifications actually looking to get involved in politics
@JusticeForJoe: that’s why there are civil servants with the relevant qualifications/ experience there. You cannot expect that the properly qualified people will be elected.
@JusticeForJoe: Because few political parties have the personnel to cover the scope of all ministries. TD’s from teaching or farming backgrounds are disproportionately represented in the Dail.
@Sid: it’s no surprise TDs don’t have qualifications to match their portfolios when there are voters like you and those that gave you a thumbs up. You need to check what a civil engineer actually does and what qualifications a builder actually has
@DB: Civil servants jobs are to execute government policy in line with best practice and the law
@Helpless In The Face Of Your Beauty: I think that’s important to emphasise, especially considering most of the worlds best coders are self taught and well on their way long before they’re old enough for college.
It’s a bit like the country being challenged to a race by an F1 driver and feeling relieved because you know a guy who can drive a car.
@Helpless In The Face Of Your Beauty: nonsense most computing graduates in Ireland already know who they will be working for before graduating, aside from tax the quality of candidates for vacancies is what drew Intel, Google, fb etc etc to ireland
@JusticeForJoe: Because it’s Ireland.
Imagine going to buy a car. You find one you like but the man in the showroom tells you that no new parts will be made for the engine after 6 years and no repairs at all after a further 4. You say ‘stuff that’ and go to another showroom to view another make of car. You see one you like but the engine is made by the same crowd as the engine in the first car and, again, no repairs possible after 10 years. Sound mad? That is the situation with Microsoft and Windows 7. Install it on virtually all machines, flood the world, then refuse to upgrade it hoping people will buy Windows 10. Well, many people couldn’t /didn’t. So the world is full of ‘faulty’ tech which hackers are exploiting. Microsoft have a HUGE roll in this debacle.
@sean o’dhubhghaill: it sounds mad because cars are expensive.
It doesn’t sound mad if you substitute phone for car.
Also Microsoft had a REALLY long free upgrade campaign to Windows 10. They extended it multiple times, and I’m not certain it hasn’t been extended to now.
@sean o’dhubhghaill: that’s not quite correct. Anyone using a legitimate copy of Windows 7 or 8 could and still can update to Windows 10 for FREE. It is a lengthy upgrade taking about 2 hours. Just Google “Media Creation Tool” and follow the instructions for ” Upgrade this machine”. Microsoft have said that Windows 10 will be the last version of Windows. There will just be major updates and upgrades provided free in future.
@John Hagin Meade: That’s true. But…… going back to my car analogy, most people will take their car to a garage just to get an indicator bulb replaced. And it’s the same with tech. We live with a system, frequently very annoying, where Windows updates automatically. And people expect that to keep going. And the hackers are exploiting that gap between what we expect to happen and the actual reality.
@John Hagin Meade: I tried to update to the free copy of 10, but my computer couldn’t handle it. So I had to buy a brand new computer even though my old one was working perfectly.
@Dt125: Unless the PC was very old it might just have been an incompatible component such as a Graphics Card or similar that could have been changed to be compatible. If the PC worked well with Windows 7 or 8 it should be capable of running Windows 10.
@Dt125: Fair point. Which is why some of us switched to Linux at that stage.
Paul Reids position was barely tenable before this, certainly us no longer. Use less mouth piece
@Random_paddy: how is this his fault?
@Random_paddy: Absolutely nothing to do with him. He doesn’t control or appoint to our cyber unit. And at least Mr Reid is available and ready to be interviewed on the airwaves. He is the best head of the health service in decades.
@Paul Whitehead: For the money he’s on everything in the health service that goes wrong is his fault.
Its his job to put in place the systems and checks to insure that things like this don’t happen.
Why bother they’d only lose them again
Why is everyone so private these days… just release the information, so what!!
@Billy O’Brien: so everyone is going to know I’ve got an std. No thanks.
@Paul Gorry: Eh Paul… they know now!
@Billy O’Brien: In fairness Billy it was well worth it. Time of me life it was that night. 21 April 2021 I’ll leave it at that.
@Paul Gorry: just to confirm i wore a mask.
@Paul Gorry: obviously on the wrong part of your body though.
@Billy O’Brien: I was of the same sentiment Billy, but it goes beyond that. If a hacker has your PPS, your address, your DOB, they can apply for a loan in your name, damage your credit score and make you liable to pay it back.
Identify the culprits and send the army Rangers to remove their oxygen supply and bring back the Computer Systems they used.
Any country seen to be a protector should be considered an enemy of the Republic of Ireland
@Chris Turner: Our lot can’t even stop a group from celebrating a wedding in a tent in Longford.
@Chris Turner: lol I’m sure The hacker’s country would be shaking in their boots if we declared them an enemy of the state. They’d be terrified we’d invade them with all the might of the Irish army alright.
@Bananaquit: hey we had a helicopter once
@Daniel Wilson: No way!?
Why is no one getting fired? Notice the private orgs prevented access ….
@Thomas Harrington: firing someone won’t prevent this from happening in the future, but it may prevent someone from coming forward about the dodgy email they mistakenly checked out. Aviation industry is the same, faultless, if a mistake is made, they’re less concerned about who made the mistake and more concerned on how to prevent it in the future. Firing someone over a mistake they made only slows down reaction time and breeds hesitancy for those in the future too reluctant to report.
@Joey Roche: Yes, exactly. Learn from it, share the knowledge.
How on earth could they have allowed this to happen?
@Marlnor: ya cause this has never happened before.
@Marlnor: even the most secure of systems get attacked and its extremely difficult to defend against an attack as severe as this.
@Marlnor: it can happen to any organisation. Like they said they’re bombarded multiple times a week with these attacks but this one got through. One is bound to eventually. I don’t see how this can be fully prevented other than going back to pen and paper which isn’t feasible.
Here is the perfect example of why government holding your data is a dangerous idea. Remember if the government hold your data for identification purposes so do every nefarious organisation in the including all intelligence organisations both good and bad and sophisticated criminal organisations.
@Mjhint: many privately owned businesses are in a similar boat and covid hasn’t helped. In the last year, I have witnessed some companies affected by incidents that showed clear lack of governance and I am surprised we haven’t heard more stories.
@Claude Saulnier: I agree ón that as well. In my view if your data is used or lost or stolen those responsible for it need to compensate for it. To me not just this attack but many others have shown house digital information on our lives is not safe on any level.
Who wants my info?
@Mary Nugent: Sorry Mary, I’m married. I hope you find someone. Best of luck
@Mary Nugent: I’ll take it mary. Bear in mind I’ve an std though.
@Billy O’Brien: fluck sake Billy go give you’re wife a hug, and get of the internet before you’re unmarried.
It is possibly the Russians. Bring in the Russian ambassador, who said they will help as much as they can. Ask them to pay for the cost of the clean up and see what happens. There should be a UN agreement, that any country where the cyber attack comes from has to pay the cost to the company attacked. I have a funny feeling that these attackers my be state backed.
@Seán Dillon: naaah, only USA has interest on the attack and its publicity.
The attack occurred when the Supreme Courts in Ireland ruled, our data stay in our land.
Probably the USA corporations are threatening the government and TDs with disclosing this or that …. like if we didn’t already know … so
Is Google doing anything to help? One would think they’d like to keep their investment safe.
Just pay the money..
@Duggan Michael: Do you think that a group willing to hack a public health service is trustworthy? I mean the State pays the money then what’s the guarantee that they won’t sell off the info anyway to make even more money?
@Duggan Michael: doesn’t work like that mate, the hackers will give some access back and try and extort more money for the remainder of the access. By paying them, you have no guarantee that they won’t sell the data on the dark web anyway. This isn’t a HSE issue, this happens everyday to businesses right across the country. Sanitise corrupted devices and restore from backups is probably the only solution here.
And if they don’t, maybe people should consider changing their date of birth (this is humour so people may realise the importance of the enforcement of data protection law to prevent/limit such scenario).
@Claude Saulnier: can I take 20 years off mine? That’d be great.
@FrustratedASDMum: Golden opportunity to change it to February 29th if you ask me!
Don’t pay them. Even if the government dies pay up there’s no guarantee that the data still won’t be sold on or released so paying is just compounding the losses. When they ascertain whose data has been compromised they can issue now PPSN.
No need to change all our PPS numbers, just to implement the electronic ID aka as e.signature like the rest of developed countries.
Even Spain has it since many many years without outsourcing, all done by Public Services, public servants, as matter of national security
Ireland Public Services are incredibly obsolete with all the State security subcontracted to USA corporations. The theft of our data occurred when the High Courts ruled against storing personal data of European people and corporations outside of the Europe.
That’s mean all giants ITCs have to keep running their businesses in Ireland or any EU country, as well as the provision of data storage.
That’s ruins the USA plan of Ireland exiting the EU. The main wealth of Ireland have to relocate elsewhere.
If your Data does get out on the Dark Web solicitors will be busy with cases against this Government.
@Dave Barrett: I was wondering if that’s an option for people considering a) they held responsibility for keeping it safe and b) refusing to pay the ransom.
I’d imagine there will be some stipulation somewhere within government policy that allows them to sidestep any such domestic backlash. I also couldn’t see the government shelling out money to each person who’s data was stolen as we would really all be paying ourselves.
@Dave Barrett: I doubt that. Altho this was a serious breach, your data in some form is likely already dumped on the dark web. Check https://haveibeenpwned.com/
@Dave Barrett: Why? The state is in no way liable if the information was stolen and put on the dark web by criminals.
Why are some people saying that the state could be sued if patient information becomes public as a result of this attack? Surely if the information was stolen by criminals, the state cannot be held liable?
paul reid should resign
They should be telling people to change their passwords to something stronger than what it is now on Revenue.ie., with the assumption that your DOB and PPS number have been stolen and that the hackers now have them.
@Nigel: I have 2FA for government services online. I presume everyone does?
@Niall O: I don’t have 2FA for Revenue.ie, and I don’t see it as an option on their website.
What factors do you use to login? Also you shouldn’t presume everyone has it, that’s possibly one of the worst things you could do.
It’s time The State Classified this attack as an act of terrorism & Seek the offender’s or any person’s who may have handled any data, they could start off with Internet providers who seem to allow such programmes to run on their networks. They can block ‘the pirate bay’ but allow software that can destroy a database run on their network. If any person dies the person’s involve should be Charged With murder.
Does anyone else think the Guards and the Army might not be quite as sharp as the Russian hackers? Just saying. Step out of the vehicle etc.
have your say