Medical and personal information about Irish patients stolen by hackers last week is now being shared online, and the Financial Times shows screenshots and files.
The records offered online by hackers to further their demands for nearly $ 20 million in ransom also include internal healthcare services files, such as meeting minutes, equipment purchase details, and correspondence with patients.
Ireland’s Health Services Executive (HSE) has been trying to establish how much patient data was compromised by the attack, which forced Ireland to shut down most IT systems behind hospitals serving millions.
The files seen by the FT are the first confirmation that patients’ personal data has been leaked as a result of what Irish leader Micheál Martin described Tuesday as a “heinous attack.”
The files were offered by the ‘ContiLocker Team’ as samples to prove they had confidential information, according to screenshots seen by FT. Conti is the name of the type of cyber attack perpetrated at the HSE. It is characterized by taking control of systems and stealing data, and is associated with a group that operates outside of Russia and Eastern Europe.
The HSE patient and company files were offered in a chat between the ContiLocker team and an anonymous user, which can be viewed in separate links on the Internet and on the dark web.
The chat includes a link to “samples” of the data that Conti has, along with a password to access the samples. The files were emptied when the FT examined the link, but the names of the empty files corresponded to files shared with the FT by a person who accessed the link earlier in the week.
The person said the files had been available for several days and were found after some details of the attack were shared on a public database used by cybersecurity professionals.
The 27 files include personal records of 12 people. A file reviewed by FT includes admission records and lab results from a man who was admitted to hospital for hospice care. The general details in that file coincided with a later death notice seen by the FT.
Earlier Tuesday, Stephen Donnelly, Ireland’s health minister, said on an Irish radio show that police were examining “highly written materials” that had been posted online, and that Ireland “had no verification that what has been published are real data. “
In the chat, the ContiLocker team claimed that the hackers had stolen 700 gigabytes of data, including patient addresses and phone numbers, as well as staff employment contracts, payroll data and financial statements.
“The good news is that we are entrepreneurs. We want to receive a ransom for everything that needs to be kept secret, ”added the ContiLocker team, naming a figure of $ 19.99 million.
When asked about the files the FT saw, Irish police said: “An Garda Síochána does not comment on unverified content on social media or provide specific comments on any ongoing criminal investigation.”
Ireland’s National Cyber Security Center, which is leading Ireland’s investigation into the hack, told the FT that criminal gangs “routinely release stolen information as a means of pressuring organizations to pay a ransom.”
“The National Cyber Security Center is working with the Garda National Cyber Crime Office and international partners to identify such material, verify it, and then take all available measures to limit the exposure of personal data online.”
On Tuesday, Donnelly said the hack “was not just on the HSE, it is an attack on the people of Ireland”, describing the effects as “heartbreaking”. Doctors have warned that patients will suffer if they continue to be unable to process lab results and are forced to postpone appointments.