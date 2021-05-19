



In a new state for the cybercriminal fraternity, the Conti ransomware gang has begun leaking personally identifiable information about Irish hospital patients, stolen in its attack on the country’s Executive Health Service (HSE), in the face of refusals to negotiate or pay a reward from the Irish government. This is consistent with Times Financial, who assessed some of the alleged leaked data disseminated by the Conti gang in a conversation with an unidentified party as evidence that they possessed HSE data. The paper found that the data included information on 12 individuals, one of whom was receiving palliative care and subsequently died. The gang is seeking a $ 19.99 million ransom from the HSE, which was forced to shut down its systems on Friday 14 May when the attack was discovered, causing tremendous disruption to hospital services and patient care across Ireland, although the program Its Covid-19 vaccine has continued to function normally. In a statement released earlier in the week, the Irish government said: These ransomware attacks are disgusting crimes, especially especially when they target critical health infrastructure and sensitive patient data. Significant disruption of health services should be punished, especially at this time. Any public release by the criminals behind this attack of any stolen patient data is equally and utterly despised. There is a risk that medical and other patient records will be misused. Anyone affected is encouraged to contact the HSE and Guard authorities. This is extremely sensitive personal information and the fact that it is now going online raises major privacy concerns for any affected patient.

Ray Walsh, ProPrivacy

Describing the apparent leak as the worst case scenario, ProPrivacys Ray Walsh said: “This is extremely sensitive personal information and the fact that it is now coming out online raises major privacy concerns for any affected patient. There is always the risk that when systems are attacked with ransomware, cybercriminals will make copies of the data to sell on the dark network or to be used for secondary attacks and criminal activities such as fraud, fraud or identity theft. Saryu Nayyar, CEO i Gurucul, agreed that leaked health care data raised the possibility of social engineering attacks on patients in Ireland, many of whom may be more vulnerable or less thought of by cyberspace due to old age. She said there were, however, some encouraging signs in the government’s wider response. The fact that the Irish government will not give in to the attackers’ demands is a sign that they are confident that they have enough backup to restore their systems and data, she said, though noting that this will result in more leaks. of data below the line. The investigation into the attack continues, but the HSE has warned that with 80,000 patient equipment and 2,000 IT systems to be fully evaluated and restored, some dating back to the 1990s, expects the process to take weeks. The ransomware attack is now being treated as an incident of the General Data Protection Regulation (GDPR), which could result in significant fines for the HSE. Full service updates are available from HSE.

