Minister for Health Stephen Donnelly said ransomware attack has "real-world" consequences for patients A garda investigation into the cyberattack is ongoing. Sam Boal
health minister

Patient data from HSE hack has appeared on the dark net, Minister confirms

Stephen Donnelly said that it was “distasteful” that law firms were “licking their lips” at prospect of suing the State over the HSE cyber hack.

LAST UPDATE | May 20th 2021, 1:45 PM

MINISTER FOR HEALTH Stephen Donnelly has confirmed that HSE data has leaked on the darknet, adding that the ransomware attack was “extensive”, “despicable” and has “real-world” consequences for patients.

In a statement this afternoon, the HSE said that it was “clear” that data on some servers has been encrypted, but that the full extent of this remains unknown.

The Minister also said that it was “distasteful” that some legal firms had advertised suing the State over potential data privacy breaches as a result of the day-zero cyber attack, accusing some legal firms of “licking their lips” at the prospect.

“When we are in the middle of trying to get urgent healthcare services backup and running for sick patients, I certainly find it very distasteful that any law firm would be putting stuff up on their websites to that end,” he told Newstalk Breakfast.

The Financial Times reported yesterday that it had seen screenshots and files proving that medical and personal information belonging to HSE patients had been shared online – in what it called the first confirmation of a data leak since the HSE ransomware attack.

Transport and Communications Eamon Ryan earlier described this reported data leak as “credible”; Minister Donnelly has previously said that such a leak was possible.

In an interview with Newstalk this morning, the Health Minister gave the strongest public confirmation that HSE patient data had been leaked to the dark web:

On the face of it, as has been reported, data from the HSE does appear to have been displayed on the dark net. The details of that are not something that would be confirmed because it’s an ongoing Garda investigation.

HSE chief Paul Reid said it was a “high risk and high likelihood” of the data that has been taken by hackers being leaked online, but also said that reports of the HSE patient data leaked online haven’t been validated yet.

On requests for a ransom, Reid says that as the HSE has handed the case over to the National Cybersecurity Centre, the HSE has not had any direct engagement with the attackers beyond the original “double extortion” notification left last Friday.

Donnelly said that there has been an increase in ICT investment from €130 million in 2019, €145m last year, to €203 million this year. The IT staff at the HSE is to be “doubled from a base of 400″, he added.

Patient data leaked

The Dáil heard yesterday that a medical organisation from outside Ireland contacted a patient offering them services they required and knew details of their medical history. 

Labour leader Alan Kelly said this incident with his constituent “seems to align very much” with the HSE cyber attack.

Speaking in the Dáil today, Minister Eamon Ryan said a helpline will be set up for anyone that is approached by someone saying that they have their leaked health details as a result of the hack, and are going to release them. 

Ryan said the crime line will give secure, safe advice as to what they need to do.

Implication on healthcare services

The HSE is continuing to grapple with the fallout of the ransomware attack on its IT systems, with patients facing delays due to paper-based systems, or cancelled appointments.

The Health Minister said today that some of the branches of the health service most severely affected are radiology and diagnostics, radiation oncology, chemotherapy, the patient administration system, and maternity and infant care.

In a statement this afternoon, giving an update about health services affected by the hack, the HSE said: “while we believe we will have lost some details of recent clinical activity, we anticipate that we will be able to recover older patient records.”

The Health Service has advised people to keep checking this HSE service update page to see what services were available, and emphasised that it’s safe to visit HSE sites.

People who are attending emergency departments are advised to bring their Medical Record Number (MRN) or Patient Chart Number (PCN).

This information is usually on a sticker on hospital documentation, your current list of medications or prescriptions, or any hospital discharge information from a previous time spent in hospital, the HSE said.

Some IT systems or parts of the IT systems in voluntary hospitals will have returned by the end of today, the HSE said, as these systems are separate to the 

The HSE said that “good progress” has been made in relation to rebuilding the national integrated medical imaging system (NIMIS) for CT scans, X-rays and MRI scans.

“This is a high immediate priority and our teams have been working 24-7 on this.”

HSE payroll systems have been prioritised for assessment and contingency arrangements have been worked on to ensure that HSE staff are paid this week.

The tech clear-up

The delays in the healthcare system is expected to stretch over the coming weeks: some 2,000 IT patient-facing systems are being cleared by IT and cyber security teams, and 80,000 computers are being wiped and software reinstalled one-by-one.

“Progress continues to be made on getting servers cleaned, restored and back online. This is in line with the pace we had anticipated, and is a stepped, methodical process, to mitigate the risk of re-infection. We are also looking at interim solutions to get some services back online in a proven safe way,” the HSE statement said.

HSE chief Paul Reid said the risk of one system infecting another is a “very serious risk”.

Even if these services are cleared and brought back online, there is still a risk that the hackers could publish sensitive and private data if the ransom they demand is not paid.

Government ministers have not deviated from public statements that the State’s policy is to not pay a ransom demand, and that this ransom will not be paid.

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel