There was no confirmed mass leaking of Health Service Executive patient data on Monday, as a deadline set by the cybercriminals came and went.
The criminal gang had threatened to release or sell masses of sensitive data taken during the attack on Monday unless it received a ransom payment of €16.4 million.
There was no evidence of the data being dumped online on Monday, although it is understood the Garda have been dealing with several complaints from people believing their data was exposed in the attack and is being utilised by fraudsters.
However, as of now, there is nothing definitive to link these fraud attempts to the cyber attack. Officers believe criminals unconnected to the attack are attempting to take advantage of the confusion it has caused to implement their own scams.
Messages are circulating widely on social media that cybercriminals are already taking advantage of leaked data, although these reports are unconfirmed.
“Just a heads up everyone, the hackers have started their calling campaign, ringing folks pretending to be from the HSE. They have all details such, DOB, PPS and date of stay in Hospital. They ask for bank details to give a refund,” is a typical example of the messages in circulation.
Garda sources said that while this is a known tactic used by fraudsters, they have yet to connect such activity to the HSE attack.
A review of the main ransomware data-dump websites used by cybercriminals such as the Wizard Spider collective showed no evidence of HSE data being published on Monday evening.
There is also no evidence of HSE data for sale on the main darkweb marketplaces used by cybercriminals.
However, officials still believe publication is more than likely. “We’re thinking sooner rather than later,” said one security source.
“There’s always a chance something else could intervene to stop them in their tracks but we’re not holding our breath,” said another.
A spokesman for the National Cybersecurity Centre said it is working closely with the Garda and others in investigating the crime. “The Gardaí are also liaising with international policing and security partners. It would not be appropriate to comment on the specifics of what is an ongoing criminal investigation.”
He said people are advised to be cautious of “criminals seeking to take advantage of fears around the HSE attack by contacting them to attempt to obtain information or payments. Any such attempts should be reported to An Garda Síochána. ”
A Garda spokesman said it has not confirmed “with full certainty that any personal records or data reported to have been circulated are in fact genuine even though this is probable and would be a feature of these attacks”.
Sexual assault records
Meanwhile, it has been confirmed that identifiable records relating to the country’s six sexual assault treatment units (SATUs) have not been compromised in the attack.
This is a result of the units relying primarily on “pen and paper”, something described as a “blessing in disguise” by victims’ advocates.
SATUs are typically the first place victims are brought when they make a complaint of rape or sexual assault. They are used to treat victims and gather physical evidence.
Obstetrician and gynaecologist at the Rotunda Hospital Dr Maeve Eogan said no identifiable data from the SATUs is stored in electronic form.
“We have a database to monitor key service activity and produce relevant reports, measure [key performance indicators] etc hosted on the HSE server but this is de-identified data.
“I hope we get it back though as it is very useful for monitoring trends to ensure we continue to provide a responsive service,” she told The Irish Times.
Noeline Blackwell, head of the Dublin Rape Crisis Centre said SATU systems are not up to date technically in terms of electronic storage, which has turned out to be a “blessing in disguise.”
Ms Blackwell said the news will be a great relief for victims.