Ransomware & HSE

Roger_007

So far, I have only heard about patient data being compromised. Does anyone know if other data such as payroll/personnel or financial data has been affected?

ineedeuro

VinLieger wrote: »

Stop them releasing it maybe? I didnt think they had the data tbh so i was all on board with ignoring the ransom and hoping the backups were sufficiently protected.

20m is a drop in the bucket compared to the cost for the required replacement of every compromised piece of hardware.

20m is worth the chance of them not releasing it imo.

Paying is silly. They have control of data and they are criminals.]

You really going to believe the word of a criminal? pay the 20m an they will release it anyway.

The only thing right I have seen done so far is not pay the ransom.

KilOit

Madness to think some posters think paying them is a good idea. Oh I'm sure the hackers will just delete the files and not pass it on to other hacker groups.

Flinty997

VinLieger wrote: »

....

20m is worth the chance of them not releasing it imo.

They will always release it.

Turtwig

Northernlily wrote: »

I think in the context of a health service, you have to look at the potential impact on life by holding out against the ransom. Every minute is valuable. Its not black and white as to not paying.

A Financial Services company or other types would be well able to ansorb the data loss.

Would all our PPS details be caught up in this I wonder?

There's no guarantee if you the pay the ransom and the attackers cooperate as they promised, that you'll recover the service in a prompt timely manner.

Afaik not all hospitals will have your ppsn. They will have the answer to just about any other security verification question. The sooner HSE can identify and inform the affected patients the better.

Flinty997

Northernlily wrote: »

I...
Would all our PPS details be caught up in this I wonder?

The PPS will be the least of your worries.

KaneToad

The cat is out of the bag. We have to accept the data is gone & will be shared online. I don't think ransom payments are going to affect this

I think the govt stance to ignore the criminals demands is the correct one.

I don't think that we can say that the payment of any ransom will solve the issue. It may alleviate it in the short term but these criminals have us by the short & curlies and come back for another bite whenever it suits them...

frozenfrozen

We should just download the unencrypted data back from the leak *taps head*

pryingEyes999

If anyone would a link to the Conti News site to keep abreast of the teams leaks, or download them if you want, PM me.

kippy

VinLieger wrote: »

Stop them releasing it maybe? I didnt think they had the data tbh so i was all on board with ignoring the ransom and hoping the backups were sufficiently protected.

20m is a drop in the bucket compared to the cost for the required replacement of every compromised piece of hardware.

20m is worth the chance of them not releasing it imo.

Northernlily wrote: »

I think in the context of a health service, you have to look at the potential impact on life by holding out against the ransom. Every minute is valuable. Its not black and white as to not paying.

A Financial Services company or other types would be well able to ansorb the data loss.

Would all our PPS details be caught up in this I wonder?

Seriously?
You think that criminals will be true to their word? You have no guarentee that the criminals wont share it anyway or ask for more money?
You reckon they haven't copied to data and shared it already - of course they have.

seamus

The release of such data might be embarrassing, but largely inconsequential for most people.

No mainstream website is going to publish the data and will remove it if anyone tries to share it. The hackers aren't just going to throw it up open on bittorrent for anyone to download - they're going to try and sell it to make money.

So your neighbour down the road or your employer is not going to find out that you had treatment for gonorrhoea or that your real name is Quasimodo. In fact, by default it would be illegal under GDPR for any person or company within the EU to possess or use this information.

The exposure point is identity theft. The use by someone of your details to take out a credit card or a loan or whatever. This is easier in other countries than in Ireland where a lot of automated stuff goes on. We're a little more bureaucratic which makes it more difficult, but not impossible.

The ones most at risk would be top-level officials. This information would likely be used to target people high-up in organisations. Steal their data, masquerade as them to try and get access to systems and payments.

For the average person on the street, this data being out in the open will have very little impact.

PatrickSmithUS

The Indo are going the sensational route for click bait as per usual. It's much more likely that there will bne a DPC and a GDPR fine if it's warranted.



The likelihood of personal legal actions is quite low imho.

kippy

seamus wrote: »

The release of such data might be embarrassing, but largely inconsequential for most people.

No mainstream website is going to publish the data and will remove it if anyone tries to share it. The hackers aren't just going to throw it up open on bittorrent for anyone to download - they're going to try and sell it to make money.

So your neighbour down the road or your employer is not going to find out that you had treatment for gonorrhoea or that your real name is Quasimodo. In fact, by default it would be illegal under GDPR for any person or company within the EU to possess or use this information.

The exposure point is identity theft. The use by someone of your details to take out a credit card or a loan or whatever. This is easier in other countries than in Ireland where a lot of automated stuff goes on. We're a little more bureaucratic which makes it more difficult, but not impossible.

The ones most at risk would be top-level officials. This information would likely be used to target people high-up in organisations. Steal their data, masquerade as them to try and get access to systems and payments.

For the average person on the street, this data being out in the open will have very little impact.

Very true.
At this point (being using the internet for 25 odd years - there's plenty of my personal data out there.
Anyone who thinks theres' not much data out there about them should take a look at:
https://haveibeenpwned.com/

Doesn't make it right of course but those suggesting paying a ransom is the way to go don't understand what they are dealing with.

kippy

kippy wrote: »

Paying would be the stupidist thing ever done -
think about it.
They have the data - what would paying them do?

Is there evidence of this? Surely the aim of the hackers is to get companies to pay the ransom. If they always release the data after being paid absolutely nobody would pay them. If they keep their side of the deal more companies would be likely to pay up?

Cordell

seamus wrote: »

oad or your employer is not going to find out that you had treatment for gonorrhoea

Maybe I've seen too many spy films but imagine this: someone that is apparently happily married had treatment for gonorrhoea that they didn't get from their spouse. They are working for a MNC or western embassy. They can be approached by someone that will handle them an USB drive telling them to plug it into a coworker computer or else.
The seriousness of this kind of data theft cannot and should not be underestimated.

kippy

Deleted User wrote: »

Is there evidence of this? Surely the aim of the hackers is to get companies to pay the ransom. If they always release the data after being paid absolutely nobody would pay them. If they keep their side of the deal more companies would be likely to pay up?

Ah seriously.

Gael23

If there are questions over the security of confidential patient files then I dont believe they can avoid paying the ransom

Seth Brundle

pryingEyes999 wrote: »

If anyone would a link to the Conti News site to keep abreast of the teams leaks, or download them if you want, PM me.

First time poster offering a link to a hacker site?
Thanks but no thanks!

kippy

kippy wrote: »

Very true.
At this point (being using the internet for 25 odd years - there's plenty of my personal data out there.
Anyone who thinks theres' not much data out there about them should take a look at:
https://haveibeenpwned.com/

Doesn't make it right of course but those suggesting paying a ransom is the way to go don't understand what they are dealing with.

Yes, we do. Occam's Razor says they decrypt the data and not share it because they won't get paid by anyone else if they do. If they to against their word, the state loses a pittance.

I'd be in favour of the government paying it just to try to stop the data being released even if the systems were up and running.


The whole world has a hard on for data protection and privacy these days with iOS 14.5 etc. being celebrated, and that's just about being categorised for ads based on browsing habits. If a country lets it's population's health records be published online out of some misguided "never negotiate with criminals" mantra they picked up from Hollywood, it's a complete failure in managing the state.

Turtwig

[Deleted User] wrote: »

Yes, we do. Occam's Razor says they decrypt the data and not share it because they won't get paid by anyone else if they do. If they to against their word, the state loses a pittance.

I'd be in favour of the government paying it just to try to stop the data being released even if the systems were up and running.

The data they've got can likely be sold easier and for better value than any ransom payment. The government even if they do pay will deny payment. The ransom group can claim they didn't get payment or claim they did. Whichever they want. Their future campaigns aren't impacted and the data they stole is high value and very lucrative. Scammers and identity theft groups will pay a lot for lists with far less personal info.

kippy

Deleted User wrote: »

Yes, we do. Occam's Razor says they decrypt the data and not share it because they won't get paid by anyone else if they do. If they to against their word, the state loses a pittance.

I'd be in favour of the government paying it just to try to stop the data being released even if the systems were up and running.

There are many ways to monetise that type of data.

Are they a registered company? Can the state sue them if they go against their word? Can they change their name?

Some of the logic being applied here is beyond crazy.

EDIT: It's not a "hollywood mantra" - it's a review of the facts and known behaviours of criminals and options available to them.

The ifs and buts are irrelevant. You pay the money if your entire country's health information could end up online. I'm sick of people not understanding that sometimes the bad guys win.

We saved the money on IT over the years. Now it's time to pay for mistakes made.

Cordell

Bad guys win often, but let's not give them a reward too.
If they stole the data and they will sell it to anyone that pays. Russian agencies already have it.

ineedeuro

Deleted User wrote: »

The ifs and buts are irrelevant. You pay the money if your entire country's health information could end up online. I'm sick of people not understanding that sometimes the bad guys win.

We saved the money on IT over the years. Now it's time to pay for mistakes made.

The information will be released, it doesn't matter if you pay the ransom or not. I am not sure how people don't understand this.

These are criminals. They will take the money and then release. Why wouldn't they? It's not like they can track them down and give out to them for not sticking to their word

Also the, of they will not release because then other customers won't pay, they are a made up group with a made up name. They just change name tomorrow and off they go again.

The HSE knew from day 1 how bad this was, instead of telling everyone they have run a PR campaign saying it wasn't too bad, they had RTE on radio/tv saying the HSE done everything exactly right. Now they are slowly slipping out details of what actually happened.

Rezident

Has the Irish Government approached the Russian Embassy yet?

Russian Embassy
184 - 186 Orwell Road
Rathgar
Dublin 14

Anyone on for a peaceful protest?

ineedeuro

Rezident wrote: »

Has the Irish Government approached the Russian Embassy yet?

Russian Embassy
184 - 186 Orwell Road
Rathgar
Dublin 14

Anyone on for a peaceful protest?

According to reports they have, but what will the Russians do? I doubt they care

The J Stands for Jay

kippy wrote: »

Very true.
At this point (being using the internet for 25 odd years - there's plenty of my personal data out there.
Anyone who thinks theres' not much data out there about them should take a look at:
https://haveibeenpwned.com/

Doesn't make it right of course but those suggesting paying a ransom is the way to go don't understand what they are dealing with.

Don't forget that while each of these data breeches may seem small and insignificant, they can be combined and if they can be matched up, they can get access to more and more of your info

Rezident

ineedeuro wrote: »

According to reports they have, but what will the Russians do? I doubt they care

According to the Russian Embassy a few days ago, the Irish government still had not contacted them.

They would be far more likely to identify the attackers than the Irish government. The attackers just want money, Putin does not need money, he wants other things, things a State may be able to provide.

Roger_007

Rezident wrote: »

According to the Russian Embassy a few days ago, the Irish government still had not contacted them.

They would be far more likely to identify the attackers than the Irish government. The attackers just want money, Putin does not need money, he wants other things, things a State may be able to provide.

Why is it always assumed that it’s Russians who carry out these cyber attacks. Are there no other cyber criminals anywhere else in the world?

realdanbreen

Cordell wrote: »

Maybe I've seen too many spy films but imagine this: someone that is apparently happily married had treatment for gonorrhoea that they didn't get from their spouse. They are working for a MNC or western embassy. They can be approached by someone that will handle them an USB drive telling them to plug it into a coworker computer or else.
The seriousness of this kind of data theft cannot and should not be underestimated.

Out of curiousity, and asking for a friend, how long does the treatment take ?