In his June column for Digital Health, our cyber security columnist, Davey Winder gives his thoughts on the on-going incident happening in the Republic of Ireland.
The Irish health system is still, more than two weeks on, in recovery mode from the ransomware attack launched by the Conti cybercrime group. While there have been many headlines announcing the criminals had somehow ‘bailed out’ the Health Service Executive (HSE) by handing over the data decryption tool free of charge, I’m not going to join in group hug for the threat actors. Beyond the obvious small matter that these are criminals to be viewed with the greatest contempt, Conti has not let the Irish HSE, or the patients it serves, off the hook. Like most of the current crop of ransomware threat actors, Conti doesn’t just encrypt data to lock down networks: it steals it as well.
That data is still being held to ransom, with Conti demanding the HSE “try to resolve the situation” through paying an unknown amount (the original ransom was in the region of £14 million) and threatening to publish or sell patient data if this doesn’t happen. This, I should add, in addition to the sample that has already been published relating to 520 patients which includes correspondence and what the HSE described as ‘sensitive data.’ The legal injunction that the HSE obtained prevents that, and any other data from the attack, being shared, processed, published or sold. This is, if you’ll excuse my French, akin to ‘p***ing in the wind’ and won’t prevent potentially highly-valuable health data being sold to the highest criminal bidder.