Cyberattack - HSE Locked Down & Held To Ransom



It’s a Gary Flitcroft moment for the HSE. This will make it worse.


I don’t think anyone who’s ever seen HSE IT systems is surprised at the hack. A lot of IT systems in Ireland are probably vulnerable and only just fit for purpose.

We had a review 4 years ago. Person with the HR section of the report had some job trying to figure out staff numbers even…


On the magical appearance of the key.

IIRC one part of the ransomware sequence of events, is the hacker group will offer to decrypt a test file or similar at some point, to prove their bona fides and that who you are feeling with really mean business.

If it’s that kind of key, event. It’s part of the script and might not be a full decrypt of all servers or whatnot.

Time will tell.

@diana that journal article read is a bit suspect, not only contradictory but a bit all over the place.


I’m going to give you an award for the number of obscure references I have to look up. :medal_sports:

I’m sport challenged so can you expand on the metaphor a whee little bit.


It’s the journal! And a lot about this hack is sounding contradictory… talk about chinese whispers


During his marriage, Flitcroft had two affairs, one with a nursery nurse and the second with a lap dancer. After a disagreement with one of the women, the media began to pursue the story, so Flitcroft took out a High-Court injunction, banning media coverage of the affairs.[7] After a long legal battle, during the 2001–02 season an injunction preventing Flitcroft being named ran out.[8] The lawsuit resulting from this allegation, presided over by Lord Chief Justice Lord Woolf, was notable for the way it weighed personal privacy rights against the right to freedom of expression under the European Convention on Human Rights (applicable since the Human Rights Act 1998 came into force in 2000).[

He popularized the Super Injunction. Making matters worse for him in the long term - as well as in the short term and the medium term.


Hmmm…why does this discussion have parallels with Greys Anatomy season 14 episode 8?

Hospital hacked
20m ransom sought etc etc

Just a coincidence im sure.


Ha ha yea ok… so we now know for sure, that when they say they are throwing everything they’ve got at this cyberattack it’s to make sure no one finds out what’s really going on or get to see politically devastating information.

He said that the court order secured by the HSE yesterday makes anyone with possession of this information obliged to hand it over and not publish it.

Minister Donnelly said while criminals will not be concerned by a court order, it should prevent people from sharing information out of their own interest.



DAY 9 - Cyberattack & The Magical Keys

This headline is wrong.

Live RTE headline:

IT specialists assess decryption tool to try to recover stolen data

This would be the correct headline More accurate headline:

IT specialists assess decryption tool to try to decrypted data

Stolen data is a separate complication as outlined in the opening post of this thread. If it is stolen. It is already stolen. Unless these are magical quantum keys.

Now where it might make sense is if they are watching or are being allowed remotely test the keys on the off-site, non-HSE servers, perhaps hackers server/service (portal) to prove that it works and also to prove that the data is fully outside their control in case they doubt the capabilities and intentions of the hackers.

The error continues in the opening paragraph, implying that the decryption keys can somehow get back the stolen data. This is like saying if you found you spare set of keys after a robbery to let yourself back into your ransacked home, that the spare keys would magically return your prized stolen Star Wars figurines when the reality is they’re up on eBay being sold to the highest bider.

The National Cyber Security Centre and private IT specialist contractors are testing and assessing the integrity of a decryption tool to determine if it is safe to use on healthcare systems as part of efforts to restore data stolen in the cyber attack on the HSE a week ago.

Otherwise we must assume it is being used to decrypt on-site data in HSE servers, and if so then the headline is nonsensical and any stolen data, will remain very much stolen even after a full decryption. Meaning potentially all HSE, Dept Of Health and Tusla data is stolen and at large.

It is no surprise the Regime need to cover up the largest and greatest security breech ever to hit the Island Regime power nexus.


One wonders if the vacancy for head of NCSC was intentional or jist ANOTHER coincidence?

Also given the recent scandal involving the DOH keeping tabs on autistic children and the investigation into who knew what and who did what etc will those records be recovered ???


Well the project fear Psychological campaign unit on Covid in the UK are already feeling ashamed of what they’ve done as immoral so you can be sure there’s emails in the system here which openly state: “this isn’t that dangerous, but it’s running through immigrant communities, but we can’t just say that or we’d have to take discriminatory action , so we’ll have to lock down everyone”


Yea a lot of pre-positioning in advance everywhere.

The Swamp Island Provid creatures so far as sticking to their will not pay ransom, it is possible they have actually paid it and part of the agreement is for return fo access to their servers, the files, and other safe guards, that they can also claim they never paid the money in the end, or ahem, Bitcoins.

Bitcoins don’t appear in state coffers afaik.

So you might never know exactly what they did, are doing.


Magical - Beta Release, or maybe Alpha.

Meanwhile, the decryption key offered to the HSE following last week’s cyberattack has been verified as genuine following examination by cybersecurity experts and the National Cybersecurity Centre (NCSC).

However, despite working, it is unlikely to significantly speed up the restoration of the health service’s IT systems as it has been described as “buggy” and “flawed”.


It comes less than 24 hours after it emerged that the cyber gang targeting the HSE had provided the tool to Irish authorities — one it claimed will allow them to repair their IT systems after the hacking that has thrown much of the health service into chaos.



The Chief Executive of the Health Service Executive has said that he was “pleased” and “glad” to have the decryption key which has been provided by the cyber criminals who attacked its computer services last week.

However, Paul Reid said that there were no easy solutions and even with the key they were “a long way from being out of the woods just yet.”

Speaking to RTÉ News, he said that “very significant checks” are being carried out on the key to make sure it is safe and secure.

Mr Reid also highlighted the challenges involved in rolling out any decryption tool.

He said that the HSE did not have a single location computer network, instead it had over 2,000 systems and over 4,000 servers across the country.

So these cyber-actors took out 4000 servers, or was it they took out some and the DOH shut 'em down before it rippled to all. I wonder does this include the Dept of Health & Tusla servers.

Meanwhile, The Mark of the Mess.

…He said the impact of this cyber attack has strengthened the rationale to have a national patient number for each individual.

He said as it stands there could be several different numbers for one patient across all the hospitals they have previously attended.

"We need a national health identifier and we need it now."

He said other countries have done this successfully. He gave the example of Denmark where he described how the vaccination process was smooth because of having this system in place.

He said without access to computers and patient records they are currently “flying blind”, with no previous information on any previous scans or blood results.

“We now see the impact of not having a national health identifier.” He said if people do not know their hospital number then healthcare providers can’t find out evidence about them and it becomes even more difficult.

His advice for any patients is if they had communication from a hospital it would have their number on it and to bring this with them. He said it can also help if people bring in a list of their medication or a prescription.

Dr Hickey has also called for substantial investment in Information and communications technology (ICT).


Soon you’ll need one or use that one to log online, because it is the only way we can ever be sure you are “safe” :white_flag: again and not going to infect our beautiful machines, so we know ya know that you’re not Vlad :black_flag:


Flaws in the Story

They now need to remove the associated “flaws and bugs” and incorporate them into a decryption tool that is compatible with the HSE systems to safely restore the stolen data.

The agency along with IT specialists are testing and validating the key which is a complicated algorithm and is “highly flawed.”

So this reads as previously suspected. That they only got a key to sample decrypt, to prove bona fides of the perps (if they exist) and also demonstrate it’s efficacy, and further, they believe they can back-engineer it and deploy their own tool use it to do decrypt the lot, i.e. skip paying any money , do it on the cheap?

IT specialists were able to then use it within that safe environment on a sample of the HSE’s encrypted data, and discovered that the key decrypted the data.


However, while they now have the algorithm, the decryption code, they need to build “an engine” in order to be able to use the code to unlock the corrupted data.

“We have the cargo but we now have to build the truck” one specialist said.

The criminal gang inserted “a rolling encryption” into the HSE’s systems to capture the data but also pushed that encryption down through the entire system.

IT specialists say it is therefore a complicated task to unlock the data even with the algorithm code because the code changes or “reiterates” every time they go into the system and they must recommence at the exact same place.

They say it is a complex procedure which if not done carefully could corrupt the data.

The IT specialists also have to undo some of the protections that they put into the system to use the decryption key “a long string code”.

As one specialist put it “we have to take reverse engines and take one step back to move five steps forward.”

The NCSA and its private contractors are continuing to work 24 hours to avoid corrupting or losing data and to resolve the issue.

Officials say once the decryption key that can be used on the HSE systems has been built they can begin rolling it out online.

They can also put it on USB keys and send officials to hospitals and health clinics and use it to restore systems onsite, however they are cautioning that this will take some time and some systems will take longer to restore than others.

Sounds fun.


So… they think they (HSE) with their very obviously not world-class systems, can outsmart the hackers (that outsmarted them in the first place) by reverse-engineering the sample encryption key to work on all data, and that they won’t bump into any little land mines, or problems doing that?

I thought of using a popcorn emoji, but no :disappointed_relieved:


So what’s the main concern here?

That bank details will be accessed/published?

Or that patient records will?

Who’s really interested in a record of Mrs Murphy GP visits? If GP records are whats at issue.


Ah. But what about Mr Murphy’s visit for a “social disease”?

Then there is the whole trust thing. Would you trust the HSE with any private information now? Even your telephone number. After all these people have form. Going back many decades.

I know after the Chinese walked off with all 22 million US Federal Form 86 records quiet a few people would have been very happy to see Obama and the fat moronic bitch responsible, (his Election Committee Head), dead. Given how much personal information the Chinese now had and the utterly criminal incompetence that handed the data to them

After that only the really stupid would go through the Form 86 process. Which is why so much is now done through third party contracting companies now. Sidesteps the official Form 86 process. Who cannot be trusted with any personal information.


Is that above and beyond China allegedly finding out the details of various USA personnel & contacts living in China? :grimacing:

With regards to trusting the HSE with data, yes, who will be holding all the data for these new digital passport systems, and will they be as detailed as the UK one. Which allegedly will also hold data on social circumstances etc. not just health details, although the website was quietly changed in the last 48 hours or so.

Twitter posts, and I didn’t screen grab them, so sorry, no details.


It was this one. The wiki article really does not do justice to how disastrous it was.

For this alone Obama was guilty of straight treason. The placing of Katherine Archuleta at the OPM was reckless in the extreme. Even the most cynical people in the swamp were aghast. She was so utterly unfit for any position like this. She was warned for years repeatedly about the severe security problems. By multiple agencies as well as the OPM security people who were actually pretty good. She did nothing. Spent her whole time managing the political spoils system, handing out jobs and contracts to “our people”.

Several friends got the letters afterwards. Your Form 86 info way have been compromised yada yada. For those with high security clearance the personal information compromised was total, profoundly personal, and complete. Its a given that many lives were ruined, as well as people killed, due to the Archuleta and Obama’s criminal negligence. There had been several attempts to remove Archuleta before the compromise became public, it was so obvious she was dangerously incompetent, but Obamas people vetoed it.

If there was any justice Archuleta should have been tried and got the electric chair. People responsible for far less damaging compromises of national security got the chair.