An expert has suggested an element of the cyber criminal community, unhappy about a ransomware attack on the HSE last week, may have provided authorities with the decryption key.
Investigations are continuing to assess if a decryption key will unlock data stolen during the hack.
The criminal gang gave it to Irish authorities on Thursday, and the HSE is assessing if it is safe to use on its computer systems.
The Government has said it has not paid a ransom to get the key, while thousands of hospital appointments continue to be cancelled.
Paul C Dwyer is CEO of Cyber Risk International. He told Newstalk Breakfast this attack has annoyed many in the cyber criminal world.
"The reason behind it being released may be not for ransom payment, it may be in fact that the cyber criminal community itself are really, really annoyed at this particular kind of attack.
"They have been pulling in hundreds of millions of ransomware attacks against harder targets - oil pipelines, large banks - those sort of entities that can make risk-based decisions and afford to pay these kind of things.
"And this attack has caused a problem with their business model, because now the world is looking at this - the world is getting more prepared for ransomware attacks."
'Put the heat on them'
Mr Dwyer said some people would see the targeting of the HSE as an entity as going too far.
"The HSE, effectively, could be seen as a soft target.
"When you put into the position of children dying with cancer not being able to get services because somebody wants to make money out of it on the far side of the world - it's a vicious, heinous attack.
"It's not out of the kindness of their hearts that the criminal community think that this should be done, but it's put the heat on them."
Explaining how a decryption key works, he said: "A decryption is effectively the key to unlock the data - so the digital assets, the data, of the HSE have essentially been kidnapped.
"They have been scrambled, they're unusable, you can see the files but you can't use any of them.
"So this key will allow those files, presumably, to be able to be unlocked and then be able to be used by the HSE themselves."
He added that many companies are now seen as weaker due to remote working practices.
"I think for all businesses, they have to wake up to the fact that the HSE is a victim - and it's a victim probably because a number of elements, and one of those is COVID itself.
"COVID has changed business models of organisations, it meant that people are working from home in stressed, shared environments.
"And all businesses have done this to keep the ship afloat... and the net effect is they've become more vulnerable to these kind of attacks.
"There's no shame is being a victim; so it's how you respond and how you recover is where the strength is shown about what kind of controls and resilience are in place".
The head of the HSE Paul Reid has warned the impact of the cyber attack will be felt for many, many weeks.
It comes amid reports that the hackers have given the HSE a deadline of Monday to pay a US$20m (€16.3m) ransom.
It has resulted in thousands of cancelled appointments, with outpatient activity down by up to 80% per day.
Some 27 files, linked to 12 patients, had been offered on the darknet as 'samples' to prove the hackers had access to private patient information.
In the case of one of the named files, it included a full admission report for a named individual.
It featured details of the person's doctor, contact names and numbers for their next of kin - as well as details of lab reports on the patient and notes on the patient's admission to hospital.
The Government has repeatedly insisted that it will not pay any of the ransom.