Coveney discusses health service cyberattack with Russian foreign minister

No verification that ‘real data’ has been released, says Donnelly

HSE chief clinical officer Dr Colm Henry said it was hoped that the diagnostic information systems that were key could be restored quickly. The focus would be on those services this week. File photograph: iStock
HSE chief clinical officer Dr Colm Henry said it was hoped that the diagnostic information systems that were key could be restored quickly. The focus would be on those services this week. File photograph: iStock

Minister for Foreign Affairs Simon Coveney has discussed the cyberattack on the health service with his Russian counterpart.

Ransomware linked to a Russian crime gang was used in last week’s attack.

A spokesman for Mr Coveney said there the hacking of the health service was briefly discussed with Russian foreign minister Sergey Lavrov on Monday during a scheduled call related to UN Security Council business.

He added that the “criminal hacking of the health service was strongly criticised by both countries”.

READ SOME MORE

The group which created the Conti ransomware used in the attack is sometimes known as Wizard Spider and is based in Russia.

It has been known to license out its ransomware products in return for a share of any profits.

On Monday the Russian Embassy in Dublin condemned the cyberattack and suggested Moscow is ready to look into the matter if approached by Irish authorities.

A spokeswoman for the embassy said: “We do not have any way to judge on who the perpetrators are . . . the Irish authorities have not yet approached the embassy regarding this ransomware attack. It’s pretty clear that if they do, the Russian side would be ready to look into the matter.”

She said that this is because the Russian government has been promoting initiatives on strengthening international co-operation on international information security and confronting cyberspace crime.

There has been no verification that real data potentially compromised during the recent cyberattack on the Health Service Executive (HSE) IT systems has been released, according to Minister for Health Stephen Donnelly.

The HSE is working with the National Cyber Security Centre and the gardaí along with technical and cyber security experts, said the Minister. The HSE network is being checked system by system, server by server, to see what had been compromised, he said.

Mr Donnelly said there were extensive backups and a lot of medical files had not been compromised. Postings of heavily-redacted material are being examined and gardaí are investigating the issue, he said.

“We have no verification that what has been posted is real data. We are awaiting details to know if sensitive information has been released.”

Speaking on RTÉ Radio's News at One, Mr Donnelly called last week's cyberattack "an attack on the Irish people, the health system and patients and their families".

The Cabinet is meeting on Tuesday morning, with the hacking of HSE computer systems, dubbed the “most significant cybercrime attack on the Irish State”, top of the agenda.

The Government has rejected ransom demands from the crime gang responsible, and has focused on restoring all medical services as quickly as possible.

But there are concerns that if ransom demands are not met, personal data belonging to thousands of patients could be sold online.

‘Not aware’

Ahead of the meeting, Minister for Justice Heather Humphreys said she was “not aware” of personal data linked to the Health Service Executive (HSE) cyberattack being published online.

Ms Humphreys said: “We’re working with our international partners, and if any data does appear we will deal with that.

“There’s a lot of experience on this internationally, we’re getting a lot of co-operation.”

The Minister met Garda Commissioner Drew Harris and officials from the National Cyber Security Centre (NCSC) on Monday, where she was told of the ongoing impact of the attack, as well as the technical responses deployed and work to recover the HSE’s IT systems.

She said: “The NCSC are working, the gardaí are working with their international partners as well.

“We’re not aware of any information that has been published yet, I’m not aware of it. But we are working on the matter.”

Cybersecurity officials are monitoring the dark web for evidence of data from the attack being dumped online. It is believed cybercriminals harvested vast amounts of personal data during the attack last week and will likely publish it online or sell it unless they receive payment from the Government.

Irish officials reiterated on Monday that no ransom will be paid.

Taoiseach Micheál Martin told RTÉ ahead of the Cabinet meeting that the priority was to restore medical services as quickly as possible.

“We’re going to do everything we possibly can to restore services for people in this situation, particularly the most urgent services that people require,” he said.

“The NCSC has been flat out since the weekend, working first of all to respond to the threat. But also to rebuild and get services back as quick as we possibly can.”

The impact of the attack on services is expected to last throughout this week and beyond, with thousands of patients facing cancelled appointments and delays.

Private and voluntary hospitals will be brought on board to ease the burden, with “alternative processes” to be put in place for urgent cancer care needs.

Earlier, the HSE former chief information officer said there was “a real and present risk” that patients’ data could be released.

Richard Corbridge said the attack might not have been specifically targeted at the HSE, it could have been part of a wider probe of health systems across Europe to see where vulnerabilities lay.

In 2017, when the HSE was among institutions across the world affected by the Wannacry ransomware attack, the HSE had been warned by the National Health Service (NHS) who had sent "a bat signal" of a cyberthreat, he said.

When asked if the Department of Health would have alerted the HSE when its system was attacked first last Thursday, Mr Corbridge told RTÉ Radio's Morning Ireland programme he would hope that was the case, but said given the timing it would have been very difficult for the HSE's IT team to protect 85,000 entry points.

‘Zero-day’

It was not necessarily a case that the HSE’s IT system was operating with a weakness and that this had been a “zero-day” attack, which means the situation had not been prepared for as it was unknown. This was a challenge not just faced by the HSE, but by health systems everywhere trying to keep simple IT systems up to date while operating high-tech diagnostic equipment.

Former director of military intelligence Michael Murphy said the attack was “a wake up call for the State”.

Mr Murphy, who is now a security consultant, told RTÉ radio’s Today with Claire Byrne show it was lucky the attack was not a case of national survival, it could have been an attempt to poison the water system or to shut off power. “It could have put us back to medieval times,” he said.

“This is what can happen, there are new threats out there.”

Mr Murphy asked what had been learned from the previous cyberattack in 2017. “I don’t think they learned from that.”

Mr Murphy pointed out that the National Cyber Security Centre had a budget of only €5 million per year while the Data Protection Commission had a budget of €70 million. “That shows this is the attitude towards security. This has to be taken seriously.”

The HSE’s chief clinical officer, Dr Colm Henry said that contingency plans were in place for staff to be paid this week, but that the priority was getting key diagnostic services up and running as soon as possible.

Cormac McQuinn

Cormac McQuinn

Cormac McQuinn is a Political Correspondent at The Irish Times