Skip to content
#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Health Minister Stephen Donnelly
Health Minister Stephen Donnelly
Image: Oireachtas TV

HSE ransomware attack: 'Is it possible that sensitive information has been downloaded? Unfortunately, yes'

The health minister and Taoiseach have been among those fielding questions in the Dáil on the cyber attack today.
May 18th 2021, 9:40 PM 29,484 26

MINISTER FOR HEALTH Stephen Donnelly has said that “unfortunately, it is possible” that sensitive personal information of patients could’ve been compromised by the HSE ransomware attack. 

Speaking in the Dáil this evening, Donnelly said security experts are working through “server by server” to establish the extent of the information that may have been taken by the hackers.

“The criminals behind this assault are utterly contemptible,” he said. “We will overcome the effects of this assault on our public health system. I’d like to reassure colleagues that we are doing all we can to ensure that we resume services as quickly and as safely as possible.”

Fielding questions from Sinn Féin’s David Cullinane, the health minister said that the latest briefing he’d received on the matter “alluded to files that have been put up online, which were heavily redacted”. 

“At the time of the briefing, there had not been verification as to whether or not these were genuine files,” Donnelly said. “My understanding from the briefing was that criminal organisations will use false records to try and extract funding. 

It is going to take some time for the security experts to give us a full view right across the systems as to exactly what information is available. But is it possible that sensitive information has been downloaded? Unfortunately, that is possible, yes.

Under attack

At Leaders’ Questions earlier today, Taoiseach Micheál Martin had defended the State’s capacity to deal with cyber crime following the attack on the HSE.

Aontú leader Peadar Toibin said the Government’s record on protection from cyber attacks was “shockingly poor”.

He criticised the five million euro budget given to the National Cyber Security Centre (NCSC) last year.

Toibin told the Dail: “The former chief executive of the HSE, Tony O’Brien, stated this week that the HSE’s expenditure on IT security is ‘about a quarter of what you would expect compared with other health systems’.

“Taoiseach, that’s a phenomenally difficult thing to deal with, that the person who was head of the HSE in recent times is saying that the Government is spending a quarter of what it should be with regards to cyber security.

“The NCSC has been given a budget of just five million euros.

“How can the Government claim to be fulfilling their duty of care to Ireland against cyber attacks?”

Toibin told the Dáil the NCSC has just 25 staff and no dedicated premises, something denied by the Taoiseach, who accused the Aontu leader of a “melodramatic presentation”.

Micheál Martin also rejected the assertion that the NCSC is underfunded, noting that in the last budget funding for the centre had been trebled.

He added: “Since I’ve become Taoiseach, I’ve been very focused on the overall national cyber security threat.

“We’ve significantly increased funding for the National Cyber Security Centre, but also within the HSE itself, both capital and current funding has gone up dramatically over the last number of years.”

He added: “We have very good capacity within our system in terms of the quality of the personnel available, that is dealing with this particular issue.

“And it has been dealt with in the correct manner, contain the problem, remedy, restore, and protect.

“Our overriding objective is to get services up as quickly as we possibly can for patients. We have to do it methodically, we have to do it properly and in a way that’s robust to further attack.

“That’s why, unfortunately, it is and would take some time to get services fully restored, because we are prioritising key areas, as you know.”

Budget 2021 saw an increase of €3.4 million in funding for the NCSC to €5.1 million, up from €1.7 million the previous year.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

The Government has rejected ransom demands from the crime gang responsible, and has focused on restoring all medical services as quickly as possible.

But there are concerns that if ransom demands are not met, personal data belonging to thousands of patients could be sold online.

The impact of the attack on services is expected to last throughout this week and beyond, with thousands of patients facing cancelled appointments and delays.

Private and voluntary hospitals will be brought on board to ease the burden, with “alternative processes” to be put in place for urgent cancer care needs.

With reporting from PA

Send a tip to the author

Sean Murray

COMMENTS (26)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a comment

     
    cancel reply
    Back to top