Skip to content

The attack has been attributed to a Russian criminal group based in the St. Petersburg area, Wizard Spider.  This group of 80 hackers is believed responsible for the attack earlier this year on FatFace, the UK retailer who is reported as having paid a ransom of £1.45m.  The Minister with responsibility for eGovernment has described it as “possibly the most significant cybercrime attack on the Irish State”  and the Taoiseach (head of government) has repeatedly stated that the State will not pay a ransom.

It appears likely that the attack may have emanated from a phishing campaign exploiting the current stresses on healthcare workers and the Coving remote working structures in place across circa 80,000 HSE devices.  Emergency departments and urgent care centers remain operational as do many hospital services, however delays are accumulating.

In addition to patient files, the data stolen also includes HSE internal files, reportedly including on equipment purchase and minutes of meetings.  Contractors to the HSE may be impacted and their commercial arrangements potentially at risk of disclosure.  So far, the Financial Times has claimed it has seen screenshots of 27 HSE files released on the dark web in recent days.  The media attention has, to date, been on the human side (the 27 files disclosed so far include 12 patient files) more so than on the potential for commercial disclosures.  The issue is an evolving one as the hackers seek to pressure the Irish governments non-payment of ransom position.  They are now believed to have issued a deadline on May 24 for payment of the ransom.

The HSE have included the following information for suppliers in their overall health service disruption notice.

Information for HSE suppliers and contractors

The HSE have included the following information for suppliers in their overall health service disruption notice (available here):

“The HSE is experiencing difficulty with the communication of Purchase Orders to all Suppliers and Contractors due to the recent cyber-attack on HSE systems. An interim approach to support the processing of Purchase Orders is presently underway and updates in this regard will be posted here as available. The continued understanding and support of all Suppliers and Contractors is greatly appreciated during these unprecedented times.”

The National Cyber Security Centre, which is currently involved in the investigation and management of the incident, has issued an alert stating it is monitoring other networks to address the risk of further attacks (available here).  It also advises a useful short and snappy set of measures to be taken in the event of an attack.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Marie Daly Marie Daly

Marie Daly brings a broad range of commercial and regulatory expertise across a variety of business sectors. She is recognised as being a practical, straightforward, and commercially focussed lawyer; with a proven capacity to influence at all levels within business and to contribute…

Marie Daly brings a broad range of commercial and regulatory expertise across a variety of business sectors. She is recognised as being a practical, straightforward, and commercially focussed lawyer; with a proven capacity to influence at all levels within business and to contribute to policy and legislative development.

With a background as a litigator, employment lawyer, and lobbyist, Marie served as the general counsel of Ibec, the largest Irish lobby and business representative group, for over 16 years before joining the firm. She was responsible for ensuring competition compliance for 38 trade associations and also developed a data protection compliance regime in recent years.

Marie has significant corporate governance experience in the private and public sector having also served as a Board member of two Irish regulators.

Marie is a member of the Irish Company Law Review Group appointed by the Minister of Business Enterprise and Innovation, and was deeply involved in the drafting of the comprehensive new Companies Act 2014.

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website. Privacy Policy

AcceptReject