HSE CEO Paul Reid says process of decrypting stolen data is 'fraught with risk'

The CEO of the HSE has warned that the process of getting the health service's IT systems back up...

08.58 22 May 2021

Share this article

HSE CEO Paul Reid says process...

HSE CEO Paul Reid says process of decrypting stolen data is 'fraught with risk'


08.58 22 May 2021

Share this article

The CEO of the HSE has warned that the process of getting the health service's IT systems back up and running will be "fraught with risk" in the weeks ahead.

Paul Reid welcomed the news that the hackers behind last week's ransomware attack had handed over a decryption tool to unlock the stolen data.

However, he added that it would not be a matter of simply switching back on the systems.


He said: "Access to the unlocking codes to our network is welcome. But it isn't a 'switch back on' process and is still fraught with risk.

"We'll continue to rebuild services and systems safely whilst evaluating the impact of these codes. The impact remains for the coming weeks for now."

The decryption code is being analysed this weekend to see if it can be safely used to regain access to patient data.

The criminal gang gave it to Irish authorities on Thursday, and the Government has said it has not paid a ransom to get the key.

Thousands of hospital appointments will be cancelled again next week, including outpatient consultations countrywide.

Dr Sean McSweeney, the Head of Department in Computer Science at Munster Technological University, said the process of decrypting the data and restoring systems will be slow.

hse File photo. Credit: Sebastian Kahnert/dpa-Zentralbild/dpa

Speaking to Newstalk Breakfast with Susan Keogh, said it wasn't "exceptionally unusual" that the hackers had provided a decryption key.

He explained: "Typically with the threat actor, in this case it's Wizard Spider as probably everyone is aware of at this point in time, it's not unprecedented for the threat actor to hand over decryption software.

"My understanding is the tool was verified yesterday to be genuine, however, there are concerns within the National Cyber Security Centre and their contractors that there are back doors to this tool.

"Additionally, they have been offered a piece of software by a company known as Emsisoft that will extract the decryption key from the tool that Wizard Spider have offered them, and this is a much safer, more efficient approach to decrypting these scrambled files."

He reiterated the comments of Mr Reid and the Taoiseach Micheál Martin that the process will be slow and painstaking.

"We should be under no illusions, this will take several weeks to have a full recovery of the system," Dr McSweeney said.

"Now that the extent of the damage is understood and has been identified, the NCSC is working to fully stand back up the HSE's systems but that will take a couple of weeks.

The move by the criminal gang to share the decryption tool proves that they have the power to unlock the data and verifies that they infiltrated the IT systems, he added.

"They are claiming that they have 700 gigabytes of unencrypted information so it lends some credence to that," he said.

"Really they're looking for the follow-on ransom payment, which is due on Monday and a figure of €20m has been quoted."

People advised to have 'a healthy level of scepticism'

Dr McSweeney urged people to be cautious about receiving calls from people claiming to be representing state agencies or banks as there are concerns that the cyber attack could lead to a wave of scams in the future.

"If this information is sold on the dark web then it's used by different types of threat actors to formulate different types of attacks," he stated.

"So the way that people could protect themselves against that is to have a healthy level of scepticism, about whether they're being contacted by people who are quoting their own personal information, no Government organisation would say that.

"Anybody that would be contacting you, including state organisations and banking agencies, will have contact numbers themselves and have clearly stated they won't contact you [looking for personal details].

"If it feels unusual, it's certainly better to ask for a ring back to that particular entity."

Main image: HSE CEO Paul Reid at Dr Steevens’ Hospital for the weekly HSE operational update on the response to Covid-19. Photo: Leon Farrell / Photocall Ireland

Share this article

Read more about

Decryption Key Hse Hse Cyber Attack Hse Ransomware Attack Ransomware

Most Popular