A Garda probe has been launched into the hacking of a Health Service Executive contractor, which resulted in the contact details of more than 1,000 service users being compromised.
The incident took place one month before the large-scale cyberattack on the health authority’s ICT systems in May. The HSE has refused to say whether the two hacking incidents could be related.
The contractor was hacked on April 15 and the perpetrators are believed to have accessed the contact details of 1,119 service users. The HSE is working with An Garda Síochána and the Data Protection Commissioner in relation to the breach.
On May 14, the HSE became aware of a ransomware cyberattack and was forced to shut down all of its ICT systems. The organisation’s CEO, Paul Reid, has estimated that the total cost of the hack could eventually amount to more than €500 million.
Almost five months later, the HSE is still working to restore some of its computer systems following the attack.
“Acute services are almost fully restored, along with community and corporate,” said a spokeswoman.
“Restoration is both a technical and operational challenge and needs to be undertaken in a systemic and safe way. All of our corporate systems are restored, with some remediation work outstanding on corporate reporting systems.”
Meanwhile, the restoration of HSE staff email is being treated as a “key service priority” but is taking place on a “phased, controlled basis”.
Asked whether the ransomware attack on May 14 could be connected to the hacking incident on a HSE service provider during the previous month, the spokeswoman declined to comment as the matter is currently the subject of a criminal investigation.
An Garda Síochána had yet to comment at the time of writing.
Earlier this week, the head of the Garda National Cyber Crime Bureau confirmed that the servers of the gang behind the sophisticated ransomware attack had recently been seized by gardaí.
Detective Chief Superintendent Paul Cleary said that the bureau had launched a disruption take-down operation in the past two weeks, seizing the technical infrastructure of the gang.
“We effectively took their servers, the mains and websites, and we put up our own alerts splashed screen with the Garda insignia basically warning any potential new victims that they should check their networks, that they may be compromised,” he said.
“We know that 753 potential unsuspecting new victims would have seen our alert screen and subsequently prevented a further ransomware attack, so it was successful and we have more of those type of crime prevention and disruption operations planned into the future.”
