Minister for Communications Eamon Ryan has said reports of patient files being published on the internet by the hackers who broke into the Health Service Executive’s (HSE) IT system appeared to be “credible and accurate”.
The release of patient information, including medical records, “is standard for what these criminal gangs do”, Mr Ryan said, adding that the State was not engaging with ransom demands to retrieve the information.
A gang of international criminals breached the health service’s computer system on Friday in a ransomware attack, leading to widespread cancellations and delays in hospitals across the country.
Speaking on RTÉ Radio 1 on Wednesday morning, Mr Ryan said the Government was “not contemplating or working on” arrangements for a third party to pay the ransom.
Minister for Health Stephen Donnelly confirmed on Tuesday that a number of “heavily redacted materials ” had been published online by the hackers.
However, Britain’s Financial Times newspaper on Wednesday went further, stating some 27 files had been placed online, including the personal records of 12 individuals. These included the palliative care details of a man admitted to hospital. The newspaper claimed the file matched a subsequent death notice it had seen.
Mr Ryan said the hackers’ actions were “deeply regrettable” and the Government’s first and foremost thought was for the patients and workers in the Irish health system. “We are doing absolutely everything we can to restore the services that they need,” he said.
“The use by the gangs of these sort of tactics won’t distract us from our core function [which] is to restore the system , get our patients well, and that is what we are focused on.”
Mr Ryan said some of the most sophisticated computer systems across the world had been hacked by criminal gangs and when this affected businesses, they had been known to pay up. However, he said, “It is very different when you are attacking a public health system. This is a highly unusual attack in that sense.
“It is an evolving threat but the response to that can’t be just immediately talking to hackers and paying ransom. It has to be protecting the networks, restoring the networks.”
Mr Ryan and the Government, which has been getting regular briefings by security services on the problem, said “nothing like this” had happened previously or had been directed against other departments.
“This was well thought through in terms of huge resources put into planning and plotting and waiting, and then once within a network, taking time and extracting data.”
He said what was reported in the Financial Times seemed “very credible and accurate . . . but our immediate focus is getting the networks back and that is where the huge resources of the State are now going to be deployed”.