HSE hack explainer: Should I be worried about my data and how can I protect it?

Officials fear there could be a wave of scams using data stolen in the HSE cyber attack. The Gove...

15.26 22 May 2021

Share this article

HSE hack explainer: Should I b...

HSE hack explainer: Should I be worried about my data and how can I protect it?


15.26 22 May 2021

Share this article

Officials fear there could be a wave of scams using data stolen in the HSE cyber attack.

The Government has received a decryption key that could let it regain access to the locked files and the code is being assessed this weekend.

However, hackers still have copies of the information, and it is thought they could start releasing it online.


Newstalk's Technology Correspondent Jess Kelly says the issue is not going to be resolved quickly, while the impact of the ransomware attack is going to be felt for some time.

On this week's Tech Talk, she explained that IT specialists will need to verify that the decryption tool is legitimate and that it doesn't contain any further malware.

The entire situation is a bit like a chess match, she explained, and that by paying the ransom demanded, it would be setting up a precedent that would attract future attacks.

Jess issued some advice for people who may be concerned about their personal information being posted online and how to safeguard their digital accounts.

HSE hack explainer: Should I be worried about my data and how can I protect it?

00:00:00 / 00:00:00


"If this data set that the hacker has access to is uploaded to the dark web, it's fair to say we will see an increase in phishing attacks and scams so just do what you can to get your ducks in a row," she said.

Two-factor authentication, while not bullet-proof, should be in place as it will alert people that someone is trying to access their account.

"If you are concerned that some of your data may be online, if you see any of your data online as a result of this attack, you're encouraged to contact the Gardaí and the HSE," she added.

Jess explained that we all need to be vigilant at the moment, which means not clicking on links we don't trust, not passing on misinformation, visiting trusted news outlets, and verifying that whoever is calling you is who they say they are, such as banks or State bodies.

"Don't hand over any details unless you are 100% sure that it is legitimate," she added.


She outlined an explainer on the HSE ransomware attack by addressing two important questions, whether the public should be worried about our information being shared online, and what can we do to be vigilant with our data.

Jess said: "The attackers, in this case, have said they will begin to upload data on Monday if the ransom is not paid.

"The Government has repeatedly said it will not pay the ransom.

"That leaves us with two questions: Firstly, should be worried about our data? And secondly, what can we do about it?"

"One the first question, should we be worried, the answer, unfortunately, is yes," she said.

"There is a significant amount of information involved in this case, that could include things like full names, your address, date of birth, telephone number, PPS, a lot of the information we use to verify our identity.

"Unfortunately, there is nothing stopping these hackers from uploading the data to the dark web even if the ransom is paid.

"While there is nothing you can do about that, you are being encouraged to contact the HSE or the Gardaí if you suspect your information has been uploaded."

What to do

Jess then explained what we can do if we receive calls or emails from people claiming to be representing a Government agency or bank.

"We have to remain vigilant. If you get a call from someone purporting to be from a bank, a GP, another service provider, do not hand over your financial information," she added.

"Look to verify you are talking to the person who they're purporting to be, try and verify it.

"If you're not in a position to do that, just say you will call them back. Then call the number you usually use to get in touch and verify that this is legitimate.

"They won't mind you taking extra precautions to ensure of your data, and indeed, your financial information.

"We need to be very careful when opening emails. It's no longer the 'Algerian 'Prince' looking to give you €1m, these are very sophisticated scams and a lot of them, unfortunately, do fall for them."

Jess explained: "Always look for tell-tale signs, look for the email address, does it look suspicious in any way, shape or form. Look for typos throughout the email.

"If it's purporting to be from a service provider, look and try and verify things like the logo, the company colours, all of these small tell-tale signs can be very beneficial.

"Be extremely cautious when clicking on links, or downloading attachments. And we have to be aware that sometimes these hackers, these scammers, will use email attachments as a way to get a virus onto your device and into your system.

"So be super vigilant even if the email is coming from somebody that you know, somebody within your organisation, if it looks in any way dodgy, just hit delete.

"Another thing you can do is be careful what information you are sharing around, there's a lot of misinformation out at the moment, it's a very unnerving time and it's understandable and to be appreciated.

"However, don't be the person that screenshots whether it be scams, fearmongering, whatever it is, and pas sit around in WhatsApp groups. Get your information from trusted sources."

She added: "Again the bottom line here unfortunately is that the onus is on us to be vigilant. Do keep an eye out, enable things like two-factor authentication on your different social media platforms and your email accounts.

"That won't stop hackers from targeting you but it will alert you sooner rather than later if that were to happen."

Main image:  IT security scientists training in the "Cyber Range" room in the Athene cybersecurity centre in Germany. Photo: Frank Rumpenhorst/dpa

Share this article

Most Popular