The Taoiseach has insisted that the Government paid no ransom for the hack decryption key while Health Minister Stephen Donnelly has said that a data dump of people’s personal information by the HSE hackers on Monday is entirely possible.
Speaking this afternoon, the Fianna Fàil leader said: “No payment was made in relation to it (the receipt of the decryption key) at all. We don’t know the exact reason why the key was offered back.
“In terms of the operation of getting our systems back and our data systems back, it can help, but in itself, the process will still be slow.”
The Taoiseach said it would still be “weeks, and not hours or days” before systems are fully restored.
However, the threat from the real hackers is still there and the Taoiseach said it would take “weeks” before the HSE systems are back up to scratch.
On Thursday, it emerged that the cyber gangsters demanding the State pay up to €20 million to get access back to the HSE computer systems have provided a decryption key that could unlock people’s personal data.
Speaking on RTE’s Morning Ireland, Minister Donnelly said: “We’re taking this threat very seriously. There obviously have been redacted pieces of information put up and made available on the dark web at this point.
“Because it’s a criminal investigation we can’t confirm whether the records are genuine. This sort of approach is quite standard procedure with these kinds of attacks.
“I know some people really are worried. If anyone were to be contacted about their personal information contact the Gardai. As to Monday there could very well be a data dump.
“Work is ongoing with the security contractors. What they’re doing is testing the validity of the key.
“Initial results are positive but obviously it’s a detailed technical piece of work and we need to be absolutely sure this will help to restore the health systems rather than cause further harm.”
Following this cyberattack, the Department of Health has released some practical information for anyone that might feel more at risk or worried at the moment.
In a statement, they said: “The Department of Health is assessing the impact of the recent cyber attack in terms of systems and data affected. A Departmental Cyber Response Team has been meeting regularly, with the aim of restoring the essential work of the department as quickly and safely as possible.”
The Government has provided the following advice in the event of…
What to do if you are concerned about your care, such as appointments or scans
The HSE are regularly updating their website with updates on health service disruptions. They’re also encouraging people to check updates on the HSE’s social media channels such as Twitter.
What to do if you receive an unexpected phone call from an unrecognised number
The Department of Health state: “If you receive an unexpected phone call from an unrecognised number and are asked to confirm or provide personal information such as your credit card details or PPSN, do not provide any information during the call.
“If the caller is claiming to be from an organisation you have dealings with, such as your bank or a hospital, end the call and phone the number advertised on the organisation’s official website to confirm if the call came from the organisation.”
What to do if you received an unexpected link via message or email
People are being asked to remain wary of links that are forwarded by text message, messaging app or email, particularly if it is unexpected.
If you’re unsure if a link is safe or not, there are ways you can check a link is legitimate before clicking on it.
“Hover over it to view the URL and check for spelling errors (for example govt.ie instead of gov.ie) or use a URL checking tool such as Google Safe Browsing,” they state.
How to check if a website is legitimate before providing personal information
If you are asked to provide personal information on a website, make sure the padlock symbol is present in the URL toolbar – all websites should have this symbol. Do not provide any information if this symbol is not visible.
What to do if you want to change your passwords
“You may wish to change your password for any websites or apps that hold personal data belonging to you, or where possible opt for Multi-Factor Authentication. Avoid reusing a password across a number of websites. A strong password should include a mix of letters (upper and lower case), numbers and symbols,” they said.