Tag Archive for: HSE

Hackers could publish HSE patient data online, says Minister

/in


Hackers are expected to have accessed patient data as part of the HSE ransomware attack, and may now publish it online, a Government Minister has said.

While there is not yet definitive evidence of patient information being compromised, with the HSE on Sunday saying it was still too early to determine if it had happened, Minister of State for Communications Ossian Smyth told The Irish Times: “I expect it has [been accessed] and it wouldn’t surprise me if it was published at some point in the future.”

Mr Smyth stressed, however, the HSE did not centrally store significant amounts of clinical patient data, with much of the information held being administrative rather than related to procedures and conditions.

He said accessing such patient files would be “the first thing [hackers] would do before trying to encrypt data or delete backups”, and that usually such information was sold on and later released either by the hackers or other parties.

Similar attacks, such as one on the Scottish Environment Protection Agency last year saw information published online after ransoms went unpaid, but Mr Smyth said he believed data was regularly posted whether such sums were paid or not.

The Garda and National Cyber Security Centre is liaising with Europol on the nature of the ransomware used. Mr Smyth said early indications were that a second attack, on the Department of Health, suspected to be carried out by the same criminal organisation, was not as serious as the HSE hack.

Source…

HSE hack may have happened due to something as simple as an employee clicking on a link

/in


Cybersecurity experts last night warned that it could be weeks before HSE systems return to normal after yesterday’s ransomware attack.

Ronan Murphy, of Cork-based cybersecurity experts Smarttech247, said it could be into next month before remedial work fixes problems caused by what has been described as “the most significant attack the Irish State has ever had”.

“This will cause unbelievable disruption to the HSE,” he said.

That is the nature of these ransomware attacks — it is the fact that they are incredibly disruptive despite how easy they are to launch. 

‘Simple precautions and software updates’

He said that while there are hundreds of ways ransomware can be spread throughout a network, it usually starts with something as simple as an employee clicking on a link or opening an email attachment.

However, that action alone could be made all the worse if the person clicking on the link or downloading the file was working on a system that did not have all its software updated to the latest versions.

If their system did not have the most up-to-date security patches, there would have been an added vulnerability in their system.

“Ransomware exploits known vulnerabilities in a network,” Mr Murphy said. “It is not overly sophisticated.

“Once it gets into a network, it spreads very fast and encrypts data, and a ransom note pops up on the screen, warning the user they have 72 hours to pay up.” 

‘Attack could have been planned for months’

IP-Performance’s chief information security officer Phil Cracknell, a former cybersecurity adviser to the UK government, said the attack could also have been initiated by someone figuring out the user name and password of somebody with access to the HSE network.

He also suggested that this particular attack could have been launched weeks or months ago, but only initiated early on Friday morning.

“There is not enough information out about this attack so far, “ he said.

“Various buzzwords are being used, like ‘zero-day threat’ and ‘distributed denial of service’ [DDOS] attack.

‘There could be more to this incident…’

“However, you wouldn’t normally associate such attacks with a ransomware attack,” he said: 

Source…