Donnelly criticises law firms ‘licking their lips’ over potential cases from cyberattack

Minister finds advertising following attack ‘very distasteful’

Minister for Health Stephen Donnelly. Photograph: Brian Lawless/PA Wire
Minister for Health Stephen Donnelly. Photograph: Brian Lawless/PA Wire

Minister for Health Stephen Donnelly has criticised some law firms for "licking their lips" at the prospect of law cases against the State as a result of the cyberattack on the HSE and potential release of data of patients.

“I have seen some legal firms already advertising, potentially licking their lips at the thought of being able to sue the State,” he told Newstalk Breakfast show. “I find it very distasteful – we have been attacked as a nation, our patients and the HSE have been attacked.

“There are serious GDP laws in place which, obviously, we comply with. We saw the same with the vaccine programme, we had online materials being published by law firms talking about future law cases that patients would be able to take against the State.”

Asked if what the law firms were doing was legal, the Minister said presumably it was legal. “If there are cases that can be taken then people have a right to take those cases, but certainly I find that when we are in the middle of trying to get urgent healthcare services back up and running for sick patients, I certainly find it very distasteful that any law firm would be putting stuff up on their websites to that end.

READ SOME MORE

“Some of them have done the same on the vaccine programme as well unfortunately it does seem to be a facet of at least a small part of the country that we live in.”

Vicious act

The chief executive of the HSE Paul Reid has described the ransomware cyberattack on the HSE as “a vicious and callous act.”

What had happened was “a really serious criminal act” that was having a major impact on vulnerable people, he told RTÉ radio’s Today with Claire Byrne show.

Mr Reid defended the HSE’s record on cybersecurity and said that it was far too early to assess if weaknesses identified in the system some years ago had been the cause for the attack. No direct link had been identified, he said.

The weaknesses in question had been identified by an internal audit, he said and if they had not been identified that would have been an even more significant failing. As a result of the identification of the weaknesses actions had been taken.

The approach adopted by the HSE had been to invest in new systems such as the Covid testing system and the vaccination programme, both of which were new and separate and therefore had not been impacted by the cyberattack, he added.

While he could not validate reports that patient data was being revealed, Mr Reid said there was a strong likelihood that had happened. What he did know was that a significant proportion of data had been encrypted and was backed up.

“For us in the health service every day is about balancing risks, what they did has tipped the risks. It is difficult to operate without full services.”

The best international and Irish technology and security experts were working on providing a rapid response. The priority was to get hospitals brought back online safely while systems such as radiology, laboratories and maternity services were also reconnected.

Mr Reid acknowledged that the attack on the HSE would have a knock-on effect on other government departments such as Social Protection and that emergency departments were having to use “pens and paper”. It was unfortunate that such a process was required, but slow progress was being made.

Darknet

Gardaí were on Wednesday night trying to establish if Irish patient details shared on the “darknet” this week were files that came from the cyberattack on the HSE, but they believed it was “very likely” the same gang was involved.

The Garda National Cyber Crime Bureau is leading the criminal investigation in co-operation with the National Cyber Security Centre and the HSE.

The Garda said there was “a risk that the medical and other data of patients will be abused, either for fraud or by means of public release”.

Criminal groups involved in ransomware attacks, it said, “habitually release stolen information as a means of pressurising organisations into paying a ransom”. Garda investigators were working to assess any leaked material to verify it and to limit the exposure of personal data online.

Detectives working on the Garda investigation into the HSE attack believe it is very likely that the small number of heavily redacted documents that have been shared on the darknet represent a fraction of the material accessed by the Russian-speaking ransomware gang during its attack on the HSE.

Gardaí suspect the files were shared in a bid to put pressure on the HSE and the Irish Government to pay a ransom under threat that all of the files and documents accessed would be shared publicly in the same way or sold to other criminals.

Some of the redacted documents related to patients based in the Munster area and include forms that contain all of the patients’ personal details, information about their medical history and the medical professionals treating them.

Other documents appear to be commercial in nature, and relate to contracts between the HSE and some of the suppliers and other partners it works with.

Conor Lally

Conor Lally

Conor Lally is Security and Crime Editor of The Irish Times