Revealed: Contents of the HSE files posted online

The criminals behind a cyber-attack on the HSE have started offering people's personal informatio...
Jack Quann
Jack Quann

10.27 19 May 2021

Share this article

Revealed: Contents of the HSE...

Revealed: Contents of the HSE files posted online

Jack Quann
Jack Quann

10.27 19 May 2021

Share this article

The criminals behind a cyber-attack on the HSE have started offering people's personal information online.

The Health Service Executive shut down its computer systems last Friday after a ransomware attack in the early hours of the morning.

The Financial Times says it has seen screenshots and files containing patient data, minutes of meetings and equipment purchase details.


It is the first confirmation that people's private information has been leaked.

The files were offered by the 'ContiLocker Team' as samples to prove that they had confidential information, according to screenshots seen by the FT.

Conti is the name of the type of cyber attack perpetrated on the HSE.

The HSE patient and business files were offered in a chat between ContiLocker Team and an unnamed user.

Laura Noonan is acting Ireland correspondent for the Financial Times. She told Pat Kenny the detail in the files has been varying.

"What has been published online is a link which allowed people to download a selection of the files which were obtained from the HSE network last week.

"So basically, you could use this link to download 27 files - those files were a combination of patients - 12 of them were about individual patients.

"The others were internal HSE files, things like meeting minutes.

"There is some extremely private, sensitive information in them.

"We reviewed a minimum number of these files, because we didn't want to be reviewing people's personal information.

"So in the case of one of the named files we reviewed, it included a full admission report for a named individual.

"It included details of the person's doctor, contact names and numbers for the person's next of kin, details of lab reports on the patient, notes on the patient's admission to hospital.

"This is clearly highly-sensitive information.

"Of the other files we saw, they don't appear to be terribly commercially sensitive".

'A sample of the information'

She said the personal information available "would also enable someone to steal their identity and to do other things which could be very damaging for them".

"These files were given or offered as part of an exchange, where they were asked to prove that they had the information.

"And they said 'Here's the link and we can show you a sample of the information which we have'.

"They're basically proving that they do in fact have all of this confidential information".

The Government has insisted that it will not pay any of the ransom, reported to be in the amount of US$19.99m (€16.28m).

Ms Noonan said it is not clear where the issue goes from here.

"It's obviously a very slippery slope, and there's no guarantee that if you hand over this random that's going to be the end of the matter.

"I think the Government has been unequivocal in saying 'We will not pay this ransom' - what isn't clear really is where this goes from here.

"You have a situation where the HSE systems just are not operating, and there's also this incredible trove of very, very sensitive data - some of which has already been released and is already in circulation.

"It's obviously a very, very problematic situation for the Government - and it isn't clear how to actually stop this.

"Were they to release this kind of information on every HSE patient, obviously it would be hugely problematic".

But she explained: "These files are no longer available online, so the link doesn't actually work anymore.

"So that should give some reassurance  - however, they have been downloaded, they are in circulation.

"So they can't be gotten by new people, but they still can be shared by people who have already obtained them".

Main image: An illustration shows binary code on a laptop monitor between the text "Hacked" in January 2019. Picture by: Jens B�ttner/DPA/PA Images

Share this article

Read more about

ContiLocker Team Darkweb HSE Files Laura Noonan Pat Kenny Ransomware Attack The Financial Times

Most Popular