HSE cyberattack: Minister reiterates ransom will not be paid

Leaking of information likely says Humphreys while sources suggest ransom request expected

Minister for Justice Heather Humphreys has said that the Government has received no direct ransom demand from the criminals who hacked the HSE’s computer systems and will not pay one if it arrives.

Ms Humphreys strongly reiterated the Government’s determination to refuse any ransom request.

Speaking to RTE’s News at One, she said there had been “no direct request received by anyone”.

“But if there is a direct request for money we will not be paying any ransom,” she said.


Government sources say that while no ransom demand has been received from the hackers, it is expected that one will arrive soon, and that the leaking of patient data will also begin soon.

“It is likely they will publish material and we want to be ready for that,” Ms Humphreys said. If anyone makes contact with you contact your local Garda station.”

Earlier, international news agency Bloomberg, citing a communication from the Russian-speaking gang to the HSE it said it had seen, reported the gang had fixed a deadline of Monday, May 24th, for the ransom to be paid.

The crime gang is seeking a ransom of $20 million to be paid in bitcoin. It has threatened to publish or sell the information unless the demand is met. Both the HSE and Government have repeatedly stated no ransom would be paid.

HSE chief executive Paul Reid said if the ransom was paid, the Irish authorities would be giving money to a crime gang attacking it who could use that money to further strengthen their capabilities.

Redacted documents published on the darknet three days ago are believed to be some of those stolen during the attack.

Gardaí believe they were shared publicly to increase the pressure on the HSE to pay the ransom; a tactic ransom gangs use.

Garda sources said the initial publication of a small number of redacted documents was expected, based on similar attacks around the world.

The same sources said they also expected full documents to be published, as has also been the case in other attacks.

However, they made no comment on the new reported deadline of May 24th.

Bloomberg has reported the latest messages to the HSE from the gang stated they “will start to sell and publish your data” next Monday. Previously they had said they would do so “very soon”.

The gangs that use the Conti malicious software – known as malware or ransomware – like that used against the HSE issue statements about its attacks on a blog on the darknet.

They also use the same blog, or news site, to publish the documents and other data stolen from its victims. However, there are no references to a date on the blog to the HSE.

Some of the redacted documents related to patients based in the Munster area and include forms that contain all of the patients' personal details, information about their medical history and the medical professionals treating them.

Other documents appear to be commercial in nature, and relate to contracts between the HSE and suppliers and other partners it works with.

Ms Humphreys said her own department, Social Protection, had been targeted by cyberattackers recently, but it had been thwarted.

Her department was constantly looking at their security system and firewall protection.

In the Dáil, Minister for Communications Eamon Ryan said the Government would establish a “helpline, a confidential crimeline-type system” for people to phone if they were affected by the release of data.

He warned that “we have to be careful about some of the rumours around this. It’s full of subterfuge and all sorts of unknown” elements.

“But if anyone is approached by anyone claiming that they have medical or other relevant data – Government Information Services will be proving details of this later – we will provide an online-type confidential line where they will get secure a advice in terms of what they need to do.”

They are also contacting social media companies to say if anyone is “propagating any such information some of it the most sensitive, that we do not propagate it , we do not share it”.

He said they could not completely stop the revelation of data but they wanted to minimise the risk “to the best of our ability”.