Hackers threaten to publish Irish health data on Monday

Patient and other confidential data stolen from Ireland’s healthcare system will be published online and sold unless a $20m ransom is paid by Monday, an account claiming to be the hackers warned on Wednesday night.

The ContiLocker Team account, named for the Conti group that Ireland has said is behind the attack, has already shared a sample of 27 files including information related to 12 named individuals, the Financial Times reported on Wednesday.

Investigators have not confirmed the leak but Ireland’s communication minister Eamon Ryan, who oversees the National Cyber Security Centre, described the FT report as “credible and accurate”.

The latest entry to the online chat where the files were offered was made on Wednesday night. It warns: “We will start to sell and publish your data on Monday.”

The account had previously demanded $20m in ransom to end a hack that has left Ireland’s Health Service Executive unable to access vast amounts of data and forced it to shut down most of its key IT infrastructure.

The online chat is on the dark web, a section of the internet that can only be accessed through an anonymised browser known as Tor.

The Irish government has insisted it will not pay any ransom to secure the information and restore access to the HSE’s system. Asked if that was still the case in light of Monday’s deadline, the Department of Communications said: “The government has made it clear that it will not pay a ransom.”

The Irish police force, An Garda Síochána, said it “does not comment on unverified content on social media or provide specific commentary on any ongoing criminal investigation”.

ContiLocker Team claim to have stolen 700gb of data from the HSE, including patient files, payroll information, bank statements and commercial documents.

The FT examined one medical file that included an admissions report, doctors’ letters and laboratory reports for one individual, along with contact details for their next of kin and other personal information. The details in the file matched a publicly available death notice.

Six days after the ransomware attack, doctors warned that patient care is being impacted by postponed appointments for services including radiation, X-rays and cervical cancer checks, as well as difficulties accessing patients’ test results.

A senior executive at the HSE, Dr Vida Hamilton, on Thursday morning told Ireland’s RTE radio station that there was “enormous risk” in hospitals as a result of the hack. “We know nothing about the individual. We have no charts, no record number,” she said, describing how manual processes introduced “delay and risk for error”.

While hacks have claimed many other victims, including a recent ransomware attack on a US pipeline that triggered fuel shortages, scrutiny has increasingly turned to shortcomings that made the HSE vulnerable.

Reports in Thursday’s Irish Times described how internal audits flagged “weaknesses” in the HSE’s security controls and disaster recovery protocol as far back as three years ago.