We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Cyber Attack

'In an ideal world we'd all get new PPS numbers': Concerns personal data will be sold off on darkweb

Experts are working around the clock to pinpoint exactly who is behind the attack.

THE PRIVATE PERSONAL information belonging to potentially tens of thousands of Irish people could be packaged up and sold off on the darkweb to the highest bidder unless some form of deal is brokered with the hackers, senior sources have warned as the massive HSE cyberattack enters its fifth day. 

The HSE has been left reeling by what has been described as the “biggest ever cyber attack in State history”. 

Gardaí along with members of the Defence Forces are working around the clock to pinpoint exactly who is behind the attack. 

While it has not been officially confirmed, it is thought a hacker group in Eastern Europe is responsible. 

The HSE’s IT systems were hit by a Conti ransomware attack, where attackers enter into a computer system, study how it works, and encrypt the private data before announcing their attack to the victim and demanding a ransom for it not to be published online or sold off to a third party to be used for ill-intent. 

While it is still very early in the investigation, sources say that the information believed to have been stolen by the criminal organisation is worth “exponentially more” than any ransom that may be demanded. 

The government has repeatedly said it will not pay any ransom demanded by the hackers, in line with policy. 

“Any public release by the criminals behind this attack of any stolen patient data is equally and utterly contemptible,” a government statement released last night said. 

“There is a risk that the medical and other data of patients will be abused.”

It’s been confirmed a ransom has been demanded. While various sums were reported over the weekend, there’s been no official confirmation as to how much the hackers are demanding. 

A senior official with expertise in the area, speaking to The Journal on condition of anonymity, explained what could happen if the State refuses to hand over cash. 

“Usually, the data is just dumped on the darkweb for everyone to see. But this particular breach is different due to the value of the information which we suspect has been compromised.

“What we expect will happen is that the information will be packaged up and sold off on the darkweb to the highest bidder.

“The information we expect they have means they will be able to access sensitive information such as PPS numbers, current and previous addresses, dates of birth as well as other family data,” the source said.

Others sources with knowledge of work ongoing to tackle the widescale hack agreed that personal data like PPS numbers and addresses had been placed at risk.  

The information suspected to have been obtained by these hackers will allow them to access Government services such as welfare, the official warned. It may also be possible for hackers to access PAYE records on the Revenue’s online service.

“In an ideal world, we’d all get new online identifications and PPS numbers,” our source added.

But even paying the ransom does not guarantee the ordeal will end.

Cybersecurity expert Ronan Murphy said that the facilitators of these ransomware attacks usually look to be paid in cryptocurrencies such as Bitcoin.

“The dilemma facing many organisations is – do they pay the ransom to get the data back safely, thereby funding the growth of these criminal enterprises or do they refuse to pay and risk having that stolen – possibly sensitive, confidential – data dumped on the internet where anyone could potentially access it. 

“Ransomware attacks essentially back organisations into a corner. A year ago, a back-up system was seen as a reasonable security measure against these incidents – but the blackmail situation surrounding the threat to leak information is a completely different scenario and one that is extremely difficult to tackle.”

All other government departments and State agencies have been working to consolidate their own internal IT infrastructures since the attack.

We also understand that several investment funds and financial data centres were also targeted in the last 72 hours. However, it’s believed no information was compromised. 

NO FEE HSE weekly update 020 HSE CEO Paul Reid and Anne O’Connor, Chief Operations Officer, HSE at Dr Steevens’ Hospital. Leon Farrell Leon Farrell

Speaking yesterday, Tánaiste Leo Varadkar described the attack as being “heinous”. However, he said he was not aware of any other departments or State agencies being hacked.

“There hasn’t been one on my department or any other body that I’m aware of. But needless to say, we’re doing everything we can to strengthen our security systems. It’s not just an attack on the State. It’s not just an attack on a computer system.

“It is an attack on sick people, sick people whose care is now going to be delayed and is going to be affected. That really makes it a heinous crime in my view.”

Ireland’s vulnerable IT systems

Cathal Berry TD, a former Defence Forces officer with the Army Ranger Wing, said that the HSE hack had exposed how vulnerable Ireland is to cyber attacks.

“We have seen how a biological virus can affect our country but this digital virus has shown how disruptive, and even more dangerous, [it can be] than the biological virus.

“Our country is more technologically reliant now than it has ever been, particularly as more and more of the population are working remotely.

“There are three different roles in cyber security from a State perspective. The cyber-crime aspect which is dealt with by the gardaí, the cyber defence which is dealt with by the Defence Forces and then the National Cyber Security Centre which has an overview,” he explained.

“The damage done by a largescale cyber attack would be devastating. There are four vulnerabilities which would be targeted. These would include the national grid, transportation through ports and airports, the health service and financial institutions.”

Deputy Berry said that he was confident that Green TD Ossian Smyth was the right man for his role as Minister for State for eGovernment.

“I sit next to him in the Convention Centre and have discussed this subject with him extensively. He was only appointed recently but he has spoken consistently about the subject and will be very effective.

“It is rare to have a minister well-matched to his portfolio but he is interested, he is tech-savvy, has a degree in computing from Trinity College.”

Sources have said that the attack on the HSE and other probes of Government Departments and agencies are part of an attack pattern.

Individual gardaí were issued with an email this weekend urging them to tighten their online security and to be vigilant.

The fightback against the HSE hack is being led by an inter-agency group of gardaí and military, backed up by a private agency brought in to assist.

“There is a lot of speculation but ultimately this is a criminal orientated attack that is not suspected to involve a State actor,” a separate security source said.

Garreth MacNamee and Niall O'Connor
Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel