Stolen health data reportedly appears online after HSE cyberattack

19 May 2021

Image: © valerybrozhinsky/

Almost a week after the HSE cyberattack took place, hackers are said to be leaking personal data online and demanding a $20m ransom.

Medical and personal information stolen in the Irish Health Service Executive (HSE) cyberattack is now being shared online, the Financial Times is reporting this morning (19 May).

According to screenshots and files seen by the Financial Times, the records also include internal health service files, minutes of meetings, equipment purchase details and correspondence with patients.

The HSE suffered a “significant and serious” cyberattack last week, which forced the health service to shut down its IT systems and caused widespread disruption to healthcare across the country.

Hospital emergency departments are relying on manual processes for a lot of their work and the attack has had a particularly serious impact on radiation oncology. The HSE also said that some cervical cancer screening appointments may be delayed as a result of the cyberattack.

Anyone with a hospital appointment in the coming days should check the HSE’s dedicated webpage, which offers updates on cancellations and disruptions to health services on a county-by-county basis.

The attack involved malware known as Conti, which is designed to be operated by hackers themselves rather than an automated process.

Conti is known as ‘double-extortion’ ransomware, meaning that as well as holding access to systems to ransom, the malware might also steal information stored on the system. Hackers can then threaten to release this information online if a payment is not made.

Speaking to RTÉ’s News at One yesterday (18 May), Minister for Health Stephen Donnelly, TD, said there had been postings of “heavily redacted material”, although added that there had not yet been confirmation that they were legitimate files.

The Financial Times’ report said that HSE patient and business files were offered in a chat between a so-called ContiLocker Team and an unnamed user, which can be viewed at separate links on the internet and dark web. Hackers are reported to be demanding an almost $20m ransom for the stolen data.

Not paying ransom

Speaking on RTÉ’s Morning Ireland this morning about the Financial Times article, Minister for Climate Action, Communications Networks and Transport Eamon Ryan, TD, described the report as “very credible” and said such actions would be “very standard” by criminal gangs.

He added that the Government is not contemplating paying any ransom. “Our core function is to restore the systems and get our patients well.”

Noel O’Grady, director of Sungard Availability Services Ireland, explained why paying ransoms for cyberattacks is not advised.

“First instinct may be to just give in to demands, but paying hackers sends the message that an organisation is willing to hand over money and can put a target on them for future attacks,” said O’Grady.

The HSE has said it will take “many weeks” to assess the full impact of the attack and restore its IT systems.

“Our priority is to bring back key patient care systems in line with clinical priority and to keep our patients safe while maintaining essential care and support services,” it said in a statement earlier this week.

“The HSE continues to work with the National Cyber Security Centre, and with national and international experts including McAfee, to rectify this issue.”

Jenny Darmody is the editor of Silicon Republic