Ireland condemns 'criminal act' against the sick after second cyber attack on health system

Authorities refused to pay reported $20 million ransom

FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network after a cyber attack, the company said on Friday. REUTERS/Kacper Pempel/Illustration/File Photo

A cyber attack against Ireland's health system was described as a “serious criminal act” against sick people, amid fears confidential patient data could be leaked online.

Ireland's Department of Health on Sunday revealed it became the second institution in the country to be targeted by a ransomware attack after computers at the Health Service Executive were forced offline by criminal hackers on Friday.

The director-general of the HSE, Paul Reid, described the incident as “serious criminal act” and warned it could cost "tens of millions of euros" to fix the issue.

Authorities have so far refused to pay the reported $20 million ransom demanded by the hackers - a decision which Mr Reid said he agreed with.

“It is correct because if you don’t pay they will move on, and will probably attack other departments,” he told Ireland's state broadcaster RTE. “If you do pay them you can’t trust them not to come back for more”.

The hack has resulted in sampling capacity in Irish laboratories being reduced to 10 per cent after the HSE's IT system was shut down.

General Practitioners have been told not to send any samples to HSE labs unless it is "essential to decisions that must be made right away", according to an official letter seen by RTE. Urgent samples will need to be checked once the system is restored to full capacity.

Minister of State for Public Procurement and eGovernment Ossian Smyth said the criminal gang had been unable to access backup servers, so there has been no data loss.

"As far as I understand we are not aware of any server where we have lost data. We have the backups, and so far, we are not aware of any data loss," he said.

If you do pay them you can't trust them not to come back for more

Authorities are worried hackers could publish the stolen data on the dark web. However, Mr Smyth said most of the information was administrative and that clinical data used by hospitals had not been compromised.

While the Covid-19 vaccination programme was not directly affected and the Health Service Executive (HSE) restored its test and tracing system within hours, hospital appointments have been cancelled across all outpatient services.

Attacks using ransomware, a form of malicious software that encrypts a victim's files, have been on the rise in recent years.

After the attacker has control of the computer system, they demand a ransom from the victim to restore access to the data.