HSE hack: Decryption key ‘did not come from diplomatic channels’

Taoiseach says extra resources have been earmarked to ‘stay ahead of the hackers’

Taoiseach Micheál Martin at a press briefing at Government Buildings on Friday evening. Photograph: Gareth Chaney / Collins Photos Dublin
Taoiseach Micheál Martin at a press briefing at Government Buildings on Friday evening. Photograph: Gareth Chaney / Collins Photos Dublin

The Taoiseach has said the State has been significantly increasing resources into cyber security to prevent data attacks like that against the HSE.

Mr Martin said on Friday that significant resources were, and would be spent by the State to ensure no recurrence of the serious breach of HSE data.

“We have to continuously resource our agencies, the national cybersecurity team, the cyber crime bureau within the Garda Síochána to catch up and stay ahead of the hackers,” he told a press briefing at Government Buildings.

“We will be continuing to resources State agencies and advising the private sector in relation to threats.

READ SOME MORE

“That will need strong resourcing. The budget significantly increased [funding] for the cyber security team, and significantly increased the capital budget for ICT in the HSE.

“The [proposal for] the resilience and recovery fund we are sending to Brussels includes a digital transformation element. we have singled out the health services for particular allocation,” he said.

Mr Martin said no money had changed hands with the Russian-speaking criminals behind the attack nor would it.

He said that some voluntary hospitals were back working within their own systems but the restoration of all services would take time.

Asked why the decryption key had been offered to the State, he said it had not come via diplomatic channels.

“The security personnel don’t know the exact reason the key was offered back.”

The Taoiseach accepted there was a danger of the criminals sharing the data online but nothing had had happened so far.

He added the Government was receiving strong collaboration and cooperation from social media companies.

“They are working with us to ensure that any data inadvertently put up will be taken down immediately.”

A court injunction was secured on Thursday by the HSE to guarantee this.

Mr Martin also confirmed the State has commissioned external cyber security consultants, with a global reputation, to assist the authorities here in its response to the serious breach and data theft.

Decryption tool

Security sources said the decryption tool supplied by cybercriminals to the Irish authorities is unlikely to significantly speed up the restoration of its systems.

The tool, which includes a decryption key to unlock the encrypted systems, has now been verified as genuine and functional by cybersecurity experts working for the HSE and the National Cybersecurity Centre (NCSC). However it is described as “buggy” and “flawed”.

It was tested in a closed system, unconnected to the network, to prevent it causing further damage.

It has been confirmed that the key can be used to decrypt HSE systems but this will take some time and all systems will have to be checked thoroughly before they can reactivated, a process which may take weeks.

In fact, officials may decide to not use the key at all if it is determined that it will be quicker to manually restore the data from HSE backups, as has been happening to date.

Alternatively, they may use the key only on critical systems which need to be restored as a matter of urgency, sources said.

The use of the key will be made even slower by the HSE’s out-of-date computer systems, sources said. Much of its network still uses Windows 7, which is no longer supported by Microsoft, and some computers use even older operating systems.

The HSE has denied that issues with Windows 7 machines were the reason for the cyberattack succeeding, saying “we know from our initial assessment that this issue did not contribute to this incident”.

It also said it has “made substantial progress on a programme of reducing the use of Windows 7”.

The hackers have threatened to share the stolen data online and with other criminals from next Monday unless a $20 million ransom is paid.

Amid concerns over potential fraud, gardaí on Friday urged anyone who believes they are the victims of cyber related crime to report the matter.

In a statement, the Garda said its National Cyber Crime Bureau is continuing its criminal investigation into the cyber attack.

“An Garda Síochána encourages people who have reason to suspect they are victims of cyber related crime, particularly the recent criminal cyber attack of the HSE, to make a report at their local Garda station.

“It has not been confirmed with full certainty that personal records or data reported to have been circulated are in fact genuine even though this is probable and would be a feature of these attacks.

“In general, our crime prevention advice has been and remains - if you are contacted by persons stating that they have your personal details and/or looking for bank account details you should not engage or provide any personal information.”

It added: “An Garda Síochána is encouraging people to report suspected breaches of personal data, which will be examined by specialist investigators. Such reports will be handled in a sensitive manner.”

Harry McGee

Harry McGee

Harry McGee is a Political Correspondent with The Irish Times

Conor Gallagher

Conor Gallagher

Conor Gallagher is Crime and Security Correspondent of The Irish Times