UK cyber expert praises Dublin government decision not to pay HSE hack ransom
The head of the UK’s cybersecurity agency has praised the Dublin government for refusing to pay any ransom to hackers involved in the HSE cyber attack.
Lindy Cameron, CEO of the UK’s National Cyber Security Centre, said the government’s action will deter ransomware operators from further attacks on health organisations in the Republic and across the world.
Ms Cameron made the comments as she addressed the Institute of International and European Affairs (IIEA).
The HSE suffered a ransomware attack that caused extensive disruption to hospitals and patients which led to some stolen patient data being published online.
“The government was quite rightly clear that – even by criminal standards – this had crossed a line,” Ms Cameron said.
“I would like to praise the Irish response not to pay the ransom.
“Cybercriminals are out to make money – the more times a method is successful, the more times it will be used.
“And payment of ransoms is no guarantee that you will get your data back – and certainly no guarantee you won’t be attacked again – in fact, advertising a willingness to pay may make you a more interesting prospect.
“So it’s important that we do all we can to ensure this is not a criminal model that yields returns.”
She said that the initial reaction was concern over the possible impact on the Covid-19 response.
“A fear calmed through clear and definitive reassurances that vaccines would not be affected,” she added.
“Coverage then shifted to how other services were compromised, such as cancer appointments and surgeries.
“Sadly, there were real-world examples of patients and families facing real-world consequences to this despicable attack.”
The cybersecurity official said it also had an impact on Northern Ireland and affected the region’s ability to access data held by HSE for some cross-border patient services.
“Thankfully the Northern Ireland Business Services Organisation, which provides IT to the NI health sector, was able to stand up its business continuity processes,” she added.
“The activity almost certainly originated from cybercriminals. The activity has almost certainly caused disruption to hospitals and endangered patient care.
“And we know that the cybercriminals likely voluntarily handed over the encryption key several days after the attack. We see this as a public relations move to lessen criticism.”
Earlier this week it emerged that the overall cost to the HSE following the recent cyber attack could amount to half a billion euro.
Chief executive Paul Reid warned he can “never be confident” that the HSE has seen the worst of the cyber attack.
Mr Reid said that the health service needs to put in place a security operation centre to monitor its network to prevent further attacks on its system.