Hackers leak Irish patients' data on dark web
Irish Prime Minister Micheál Martin has ruled out paying a ransom to the Conti cyber gang
Almost a week after a major ransomware attack on the Ireland Health Service (HSE) network, the group responsible has started leaking patients' medical and personal details online.
The Financial Times claims to have seen screenshots and files, seemingly confirming that the Conti ransomware group is now leaking data onto the dark web.
Earlier this week, Irish Prime Minister Micheál Martin had ruled out paying a ransom to the cyber gang responsible for the attack.
"We're very clear we will not be paying any ransom or engaging in any of that sort of stuff," Martin said.
The FT says the stolen files were offered as 'samples' in a chat between ContiLocker operatives and an anonymous user, to prove that the gang had confidential HSE data.
The chat included a link to data samples, along with a password for access.
In addition to personal and medical details, the data being shared also includes internal health service records, correspondence with patients, minutes of meetings, and equipment purchase details.
The 27 files, which included personal records of 12 individuals, were removed when the FT visited the link, but the names of the empty files matched those shared with the FT a week earlier. One file the FT saw included admission details and lab test results for a man who was admitted to hospital for hospice care.
The Conti operatives are reportedly asking a $20 million (£15 million) ransom from HSE, with the promise that they would delete the stolen data from their systems. They also say they will provide a decryptor tool after receiving the ransom.
The gang claimed in its ransom note that they had encrypted SQL servers and file servers and exfiltrated more than 700 GB of confidential data, including phone numbers and the addresses of doctors, nurses and patients.
Commenting on the FT report, Ireland's Minister for Climate Action, Communications Networks and Transport, Eamon Ryan, told RTE News that the government was not considering paying the ransom.
"Our core function is to restore the systems and get our patients well," he added.
Earlier on Tuesday, Ireland's Minister for Health, Stephen Donnelly, said the hackers had posted 'heavily redacted material' online, although it had not been confirmed that they were legitimate files.
Ireland's National Cyber Security Centre (NCSC), which is investigating the HSE ransomware attack, said that cyber criminals routinely leak stolen data as a means of pressuring organisations to pay a ransom.
'The National Cyber Security Centre is working with the Garda National Cyber Crime Office and international partners to identify such material, verify it, and then take all available measures to limit the exposure of personal data online,' it added.
HSE publicly disclosed the attack on Friday, when the organisation announced that it had shut down its IT systems. The attack affected diagnostic services and forced many hospitals to cancel appointments.
HSE chief Paul Reid said the incident was having a major impact on all local and national systems involved in core services.
On Monday, the HSE said there were 'serious concerns about the implications for patient care arising from the very limited access to diagnostics, lab services and historical patient records', and that the disruption was 'very likely to go well into this week'.