A click of the mouse is all that it took for the recent cyber-attack on the HSE, according to recent reports. The ransomware attack occurred when a user clicked on a ‘help’ link, following problems causing the computer to stop working. According to the report, 700GB of data was acquired by the organised hackers, who are demanding “close to €15 million”.
In failing to access their file, the HSE worker was prompted to click on a help link by a file on the computer. Knowledgeable sources told reporters that it had appeared the worker tried to access their computer, before receiving an onscreen “message”. The worker had been instructed to use a “messaging service to contact someone who could fix the problem”.
In engaging in a lengthy discussion with the worker, hackers explained that they had accessed 700GB of patient’s personal data. Medical records, contact details, home addresses, and other personal details had been gained through the employee’s computer. It was then when a ransom of “close to €15 million” was demanded by the hackers, in return for the information.
“The hackers gave the person they were corresponding with examples of the type of file they had downloaded and then threatened that they would start selling patient data on at the start of the week if there was no ransom paid,” the source explained. The message was in very calm, non-threatening language. It was very transactional”.
Huge amounts of data had already been downloaded by the hackers, before it was discovered late last week. Recent reports have claimed that a Russian gang, known as Spider Wizard, carried out the ransomware attack on HSE systems. However, it is claimed that rather than being a single group of criminals, it is actually a number of individuals, spread across multiple locations.
According to the source, the messages received by the worker did not identify Spider Wizard as the hackers behind the attack. A HSE spokesperson refused to comment on the situation when contacted by The Journal, as it “was an active investigation”.
An earlier statement released by the HSE confirmed that an encryption key has been made available. “The HSE is aware that an encryption key has been provided. However, further investigations have to be conducted to assess if it will work safely, prior to attempting to use it on HSE systems”. The HSE secured a High Court injunction, yesterday evening, preventing the usage of any personal data that may have been stolen.