Gardaí are preparing for an “avalanche” of fraud once the cybercriminals who attacked the Health Service Executive release the stolen patient data this week, as they have promised to do.
The gang behind the cyber attack had given the Government until today to pay a €16.4 million ransom to stop it publishing or selling what it claims is 700 gigabytes of stolen data.
The Government had repeatedly insisted there would be no ransom. Security sources said yesterday that this position had not changed and that there was no communication between the State and the hackers.
Garda sources said they believed the gang would follow through on its threat, although they stressed there was no way to know for sure.
They pointed to the unpredictable conduct of the gang so far, including their unexpected release of a decryption key which the officials say will speed up the restoration of HSE systems after the attack.
It is believed the gang may drip-feed the stolen data on to the web over several days or weeks in an effort to increase pressure on the Government to pay a ransom.
The Government appeared to accept the release of data is likely. In a statement yesterday it said there is “sadly, is a real risk of patients’ data being abused in this way.”
It is hoped a court order obtained by the HSE last week will reduce the spread of such data by putting the major tech companies on notice of their obligation to remove any such material from their platforms.
There are concerns that criminals could use the leaked data to blackmail or defraud patients. There are also increasing concerns in the Garda National Economic Crime Bureau (GNECB) that scammers, who have no connection to the cyber attack, will attempt to take advantage of the confusion of a data leak.
A senior officer said scammers have been quick to exploit recent developments to defraud victims. For example, the rollout of the pandemic unemployment payment at the start of the Covid-19 pandemic was followed by fraudsters sending texts to recipients purporting to be from the Revenue.
There are concerns that criminals claiming to be from the HSE will ask for “deposits” for medical procedures or could threaten to divulge sensitive patient data unless they receive a payment, regardless of whether they possess such data.
There have already been some reports of attempted frauds related to the attack but these are still being evaluated by gardaí.
GNECB officers are holding regular meetings with the major banks on potential issues which could arise over the coming weeks relating to customer fraud.
The State’s data privacy watchdog, the Data Protection Commissioner, is receiving reports and updates from the HSE and several other affected parties that control patient data as other Government agencies establish the facts around the attack.
“We’re expecting an avalanche fraud or reported fraud. Some of these will be genuine, some will be people putting two and two together and getting five. But we want everyone to come forward if they feel they have been targeted,” one garda said.
Another senior source warned that scammers may be ringing from phone numbers which appear to be genuine, including an official Garda number. “What we would say is, don’t give your personal details. The HSE or the guards won’t ever ask for your bank details or your PIN numbers or your passcode.
“If someone says, ‘We can get you in for a hip operation next week but we need your credit card details’, that’s a scam.”
Minister for Communications Eamon Ryan urged anyone contacted by scammers trying to extort money using personal information they believe has been obtained as a result of the cyber attack not to pay over any money and to contact local gardaí.
“They will be able to advise you but it will be useful from the security side; it will help us to build up a picture if there is data being released to have real information about it,” he said.
Mr Ryan said the Government was not thinking about the potential for litigation “down the line” arising out of the possibility of personal data being leaked as it was in the midst of managing the response to the hack.
Guaranteeing absolute protection against what are “very sophisticated attackers” at a time when many people are working remotely would be a “false promise,” he said.