Duncan Riley| Siliconangle.com »
Medical and personal information stolen from Ireland’s health service in a ransomware attack last week is now being shared online after the service refused to pay the demanded ransom.
The ransomware attack by the Conti ransomware was first detected on the health service’s IT systems late last week, crippling diagnostic services, disrupting COVID-19 testing and forcing hospitals to cancel appointments.
Disruptions are ongoing today. Ireland’s Health Services Executive advised that patients needing nonurgent care will experience long delays from “IT issues and manual work arrangements.”
“This criminal ransomware attack has had a significant impact on hospital appointments and there continues to be major disruptions,” the HSE said. “Work continues today in assessing the impact and beginning to restore HSE IT systems. This work will take many weeks and we anticipate major disruption will continue due to the shutdown of our IT systems.”
The HSE ruled out paying the ransom on May 17. “Following an initial assessment, we know this is a variant of the Conti virus that our security providers had not seen before,” HSE said at the time. “A ransom has been sought and won’t be paid in line with state policy.”
The Conti ransomware gang is a well-known group that partakes in so-called double-tap ransomware attacks where it encrypts files and steal data, threatening to publish stolen data if the ransom is not paid.
According to The Financial Times, Conti has started publishing stolen patient data as samples to prove that it has confidential information. The sample files were small, only 27 files covering 12 individuals, but the group claims to have stolen 700 gigabytes of data, including patients’ home addresses and telephone numbers as well as staff employment contracts, payroll data and financial statements.
“The good news is that we are businessmen,” the Conti ransomware gang is reported to have said. “We want to receive ransom for everything that needs to be kept secret.” That ransom is $19.99 million.
Previous Conti victims include industrial computer manufacturer Advantech Co. Ltd. in November, VOIP hardware and software maker Sangoma Technologies Corp. in December and hospitals in Florida and Texas in February.
“This is yet another troubling ransomware attack on the healthcare industry,” Saryu Nayyar, chief executive officer of unified security and risk analytics company Gurucul Solutions Pvt Ltd. A.G., told SiliconANGLE. “Medical records hold highly sensitive personal data that can be used to socially engineer money from fragile patients who are not cyber-savvy like the elderly, not to mention the obvious identity theft.”
The fact that the Irish government will not give in to the attacker’s demands is a good sign that it’s confident it has backups to restore its systems and dat, Gurucul noted. “But the cybercriminals will likely publicize their stash of sensitive patient health data just because they can and they’re evil,” he added.