On the Irish Health Services Executive Hack

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices:

The report notes that:

  • The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.
  • It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event.
  • Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. (The antivirus server was later encrypted in the attack).
  • There was no security monitoring capability that was able to effectively detect, investigate and respond to security alerts across HSE’s IT environment or the wider National Healthcare Network (NHN).
  • There was a lack of effective patching (updates, bug fixes etc.) across the IT estate and reliance was placed on a single antivirus product that was not monitored or effectively maintained with updates across the estate. (The initial workstation attacked had not had antivirus signatures updated for over a year.)
  • Over 30,000 machines were running Windows 7 (out of support since January 2020).
  • The initial breach came after a HSE staff member interacted with a malicious Microsoft Office Excel file attached to a phishing email; numerous subsequent alerts were not effectively investigated.

PwC’s crisp list of recommendations in the wake of the incident ­ as well as detail on the business impact of the HSE ransomware attack ­ may prove highly useful guidance on best practice for IT professionals looking to set up a security programme and get it funded.

Posted on February 11, 2022 at 6:17 AM25 Comments


Clive Robinson February 11, 2022 7:12 AM

@ ALL,

“… may prove highly useful guidance on best practice for IT professionals looking to set up a security programme and get it funded.

In one hand “fixed costs” in the other “ransom demands” and worse…

Hmm, tell me, just how well has that worked in the past?

It’s against the mabtra of “do not leave cash on the table” and the increadably “short term thinking” of senior managment…

OK the Irish had Win7 that was out of date/support… But why, when there had been dire warnings of what could happen… Such as,

Just across the sea in the UK the NHS had thousands of WinXP systems out of date/support due to the decision of a very senior political numpty, that went horribly horribly wrong (not that he cared). When a worm came knocking a few years back…

Lesson, “Managment neither listen, nor learn, so won’t spend money”.

quantum February 11, 2022 8:14 AM

Sometimes would probably not surprise if it came out that it all started as an inside job. Starting with someone who knows enough of IT and thinks that they are not getting paid enough.

Clive Robinson February 11, 2022 10:42 AM

@ Ted,

130,000 staff and no CISO. Jeez.

Remember quite a few of those staff will not have any IT role within their job description, so no access to computers as such.

But even if only 1% had computer access a CISO would generally be appointed to atleast give representation at board level…

John February 11, 2022 11:31 AM



My late uncle who worked on Wall Street had a stamp:

“This came out of a computer and not to be doubted or disbelieved.”


Ted February 11, 2022 12:28 PM


Being a very large public health system, would there have been regulations to compel a stronger cybersecurity posture? The report notes that a lack of upper level management taking a lead in this role “is highly unusual for an organisation of the HSE’s size and complexity with reliance on technology for delivering critical operations and handling large amounts of sensitive data.”

Untitled February 11, 2022 1:59 PM


Remember quite a few of those staff will not have any IT role within their job description, so no access to computers as such.

I’d bet money that at least 90% of those 130,000 staff have access to computers as such. Almost everyone needs to use a computer nowadays. All those people have to be educated and restrained by information security. The report says that the attack orignated when a user opened a malicious Excel document that was attached to a phishing email. There’s no indication that that user had any enhanced priviliges – apparently, it was just a plain vanilla user.

The point of the story is an all-too-familiar one: HSE management thoought information security was unimportant. I’d also bet money that now, the current HSE management pays a bit more attention. In too many organizations, it takes a well-publicised breach to get management attention.

lurker February 11, 2022 2:40 PM


… would there have been regulations to compel a stronger cybersecurity posture?

Regulations to compel?

Regulations have to be formulated by people who understand the problem, and can then write them in a manner that the intended recipients can read and understand. Then how does a bookshelf full of regulations in the CISO’s office compel the few techs (numbers reduced by upper level penny pinching) to apply methods to timely update security on desktop machines used by persons higher in the social order.[1]

or as @SLF might say, Turtles all the way down.

The problem in this case is ethical. At the opposite end of the ethical scale from the perpertrators of this attack on a public health system there is an ethical incentive for the operators of a public health system to take all steps necessary to protect the private data of the persons who make up the public. The HSE is a public service, but there is a dismaying recent trend for such services to have lost the meaning of “public” and “service”.

Then there is @Clive’s question: why were so many machines connected to the internet? Formulating regulations to prevent someone finding a good reason to need internet access is a interesting problem. And, how do you regulate against cross domain access in a Windows system?

[1] I have had to explain to one on a higher payscale that I did not have the means or authority to stop their machine from rebooting first thing in the morning a couple of days after Patch Tuesday.

vas pup February 11, 2022 3:35 PM

IT technician jailed for revenge cyber-attacks

“An IT technician has been jailed for revenge cyber-attacks on a school and IT firm after both of the employers sacked him.

Adam Georgeson’s attack on Welland Park Academy in Leicestershire caused some pupils to lose coursework and parents to lose irreplaceable family photos.

It also stopped remote learning for four days, when pupils were reliant on this due to the coronavirus lockdown.

Judge Mark Watson gave Georgeson, who is 29, a 21-month sentence.”

Read the article for more details.

SpaceLifeForm February 11, 2022 4:31 PM


There is no surprise that they were using 7 because post 7, Microsoft kept making things more difficult.

If I had to use Windows today, it would be 7. I do not care that it is out of support. Security patches still arrive.

That is probably because a lot of IC still use 7.

Now, Microsoft is finally correcting a major opsec problem of their own creation.


Which is what LibreOffice does. By default.

Note Microsoft is going to slow-walk this back to Office 2013 (works on 7), but it would make more sense to use LibreOffice as the short-term solution.

Save money too.

Clive Robinson February 11, 2022 4:47 PM

@ Ted, lurker, ALL,

Being a very large public health system, would there have been regulations to compel a stronger cybersecurity posture?

First a life lesson everyone should take to heart,

Q: What is the difference between a bureaucrat and a business man?

A: A bureaucrat, provided they stay within the rules and guidelines will remain safely employed. A businessman who does not skate on the edge of legislation and regulation will not compete with those that do, so will go out of business.

They are totaly different mindsets, something many many people find out the hard way.

The Irish health system unlike the US health system is a bureaucracy not a corporation. Way to many neo-con types think that turning a bureaucracy into a business is simply one of moving money around. They find out the hardway that not only does that not work it can not work for legal and moral reasons.

But to the point…

Note “Rules&Guidelines -v- Legislation&Regulation”

Except at ministerial level bureaucracies do not work to “legislation&Regulation”. The ministerial level makes the Rules&Guidelines for all those down the organisational chart to follow, and that is what a bureaucrat who is wise does.

Whilst not legal as such, bureaucrats are effectively “legally protected” via things like “Ministerial Codes”. That is if there is conflict between the Rules&Guidelines, as long as the bureaucrat has followed those then they are safe behind a “firewall of Government” and it is thus “not an individual failing but an organisational failing”.

Which in the great golden get out, as it in turn makes it “A failing of the Crown” and as it is nonsensical for the crown to prosecute the crown, so there is no criminal prosecutions. Unless… You can show malfeasance in public office, a crime of such gravity the tariffs are near unlimited, for obvious reasons such cases are very rare, and bringing them privately near impossible (which is why there is the civil misfeacence with quite high levels of damages).

But with regards “would there have been regulations to compel” absolutly not. First rule of making Rules&Guidelines,

“Make no rule that compels expediture, unless compeled by Legislation&Regulation.”

In fact almost the first rule you bump into when working within a bureaucracy is,

“Any new spending must create a saving of greater magnitude.”

This is so ingrained that even when the spending is required by Legislation it still has to “create a saving” for it to be acted upon, otherwise it gets “back burnered” via “the long grass” or similar untill it goes away or gets replaced by a new initiative…

So the actual “real game in town” is to “show savings you are not responsible for” then when they don’t happen –as the won’t– it’s not your fault, because the responsible person not you failed…

This is also coupled with the “rat jump”. What you do is you start a massive project, where all the spending is at the front of the project and the savings at the back of the project. You then do grandiose things that look good on your C.V. and then like any sensible rat jump ship before others notice the iceberg or hole below the water line. Now the clever bit… If the project succeeds you claim it as your success as you put in the solid foundations… If however it fails it’s the fault of those who ran it “off the rails” by not following your foundation rules… So you can not loose, and if you “rat jump” as a career you can rise upto the point where you become “strategic” or “visionary” and get paid large amounts of money for basically sounding enigmatic or new paradigm creating… Where your real job function is “networking” or more correctly making sure your name is in everyones head, oh and “buffing the organisational image” as well. The hard part is never ever saying anything on which you can be pinned down on, so you are always right and it is other people who fail to grasp the concept etc etc etc.

So now you know one highly immoral way to be a success in life, and get away with it…

JonKnowsNothing February 11, 2022 5:02 PM

@ Ted, @Clive, @All

@T: 130,000 staff and no CISO. Jeez.

@C: Remember quite a few of those staff will not have any IT role within their job description, so no access to computers as such.

Nearly everyone in major companies uses a computer but may not have “technical access”. The computers come in all shapes, forms and functions.

  • The payroll clock-in/clock-out with full RT data feed to the accounting/payroll department.
  • The Stab-Button-Kilroy-Was-Here for patrolling workers which must punch them on a timed window. That’s security guards, cleaners, chart and paper delivery couriers. These buttons have RT data feeds to accounting and into Time&Motion graphic determining who’s taking too long in the loo. Amazon didn’t invent this but uses it to extreme; other companies use it the same way to: shed those who walk too slow or have medical needs that take longer than 3 minutes per day.
  • The automated “Lights On Lights Off” with “Heat On Heat Off” with matched cooling for when someone makes a physical move inside a room, corridor or entry. Sometimes known at the 15m-30m-60m auto lights off timer. This triggers not only the building environment system with RT feed to account Building and Utility Expense sections but also maps the motions of people around the buildings. Similar to the Stab-Button but on a random or semi-fixed access path.
  • The folks that are doing Tele-Anything, are used by the computer as input devices with somewhat functioning brains. They have more brains than the computer since the computers are unable to do anything Not In Fixed Column Format. The folks mimicking input devices have lots to say about this but the computer isn’t listening. The NSA and Workforce Management might be listening. The first is a Don’tTellAnyoneButUs and the second is a GoTellTeslaBros.
  • In the format of High Price Input Devices are Drs, RNs, and anyone that does anything with patients and carry RFID readers and up-loaders. Anything they want to put in a patient gets scanned many times in hopes that the computer will REDBEEP!! if they are putting something in the wrong spot. All those monitors and lines and hookups run not only to local devices in the room but are BeamedUpScotty to a Central Admin Station and then split beamed to Account Patient Billing in case any of those hookups can be charged to the patient for an extra nickle or thousand.
  • There are also the folks bopping around with modified tablets poking answers to survey questions as directed by the tablet app. Sometimes these are passed to people in generic waiting rooms (aka the drop dead clinic) or profiteered to scheduled patients waiting for their appointment to take place. Sometimes there are roving survey taker hanging around the elevators and entrance areas.

Humans form the myriad input devices to computers. If you see a human, there’s a computer somewhere using it as keyboard.

Clive Robinson February 11, 2022 5:32 PM

@ Untitled,

I’d bet money that at least 90% of those 130,000 staff have access to computers as such.

I’d keep your wager small if I were you.

I’m guessing you are from the west side of the puddle, where healthcare is a business.

Over on the east side things tend to work differently where healthcare is a bureaucracy.

You have “nationally employed” staff who get computer access by need, and you have “subcontractor employed” staff who do not get computer access unless the subcontractor supplies it. Most subcontractors try very hard not to supply computing that is in anyway connectd to the healthcare organisation as the clawbacks can be profit destroying. Subcontractors now tend to use “mobile computing” where computing is required and they try to minimise that, even forcing BYOD on their employees…

So in theory… “national” and “subcontractor” computer resources in healthcare are segregated very strongly if not entirely. This is in part due to “patient confidentiality” but also “bureaucratic wallpapering” to reduce the likelyhood of scandles.

But even so most subcontracting is not “core healthcare” it’s “services” like “Housekeeping”, “Maintenance”, and “Services” such as transportation and logistics, security, and, groundswork, garbage etc. Few of such staff require computer access, and their employers tend to take the viewpoint they would just use computer access as an excuse to shirk[1] so don’t provide it. Such staff can be more than half of headcount in or visiting a healthcare site like a hospital.

[1] Funny little story for you. During the summer I was in hospital for two weeks having dragged myself in in a more than half dead state and going into organ failure due to being on the incorrect drugs. Whilst they quickly stabalised me, they had lots to do and nature does not like to be hurried in such matters (and in part why I was back in hospital last week). Well due to “Covid” restrictions I got a “side room” which happened to be next to a supply storage cupboard. It did not take me long to realise something odd was going on in it. Cleaning staff used to disappear into it and not come out for quite some time…

Being a curious soul when it comes to “odd” I applied careful observation whilst pretending to use the patient tea trolly that was next to the storage cupboard. Turns out not only was there several power points in the room but also a network hub that was connected to the in room “entertainment service”. Someone had connected a WiFi AP into it and removed the aerials… So if you went in the cupboard with your mobile phone and plugged it into charge… You could also sit on an upturned packing case and use the Internet via WiFi… After a discreet enquiry, it turns out that a lot of the “housekeeping” staff on that floor would “charge and check their phones” as an excuse to sit there for quite a long time on the internet… I wonder how long they can keep getting away with it, or if other staff are turning a blind eye etc.

Clive Robinson February 11, 2022 5:39 PM

@ EvilKiru, ALL,

To really foul things up requires a computer.

You forgot the rider at the end of,

“to be blaimed.”

I do not think mankind has ever come up with a better way to divert blaim than,

“The Computer Says”…

jbmartin6 February 14, 2022 7:08 AM

I think the most interesting thing to note here is how long they got away with their shoddy practices. This sheds a little light on how things like this happen in the first place, because one can get away with it for quite some time. No attacks? I guess we are fine. I worked for a US hospital that had roughly the same attitude.

ResearcherZero February 15, 2022 12:42 AM

Ransomware may be a symptom of a larger problem.

I’m going to take a guess that it these kinds of hiccups that have something to do with improper information security, otherwise missing funds and strange account activity would be too easily detected:

It doesn’t really help that they have guys like this making senior decisions and stealing money hand over fist from health services for decades.

“The senior public servant at the centre of one of WA’s biggest corruption scandals is set to plead guilty to more than 530 charges of stealing $22 million in public funds over 11 years,”


They only investigated 11 years, though he had been at it for 30, and was originally reported in the 1990’s. Paul Whyte (and his wife who also worked in the health services) were successfully prosecuted in the 1990’s, but the prosecution did not proceed to sentencing (although instructed to by the court ???).

I noticed a lack of following up on the hack at the hospital when he was in charge, it was almost like someone was covering up something, and altering information in an attempt to do that, while they were physically in the hospital conducting the “operation”.

Paul Whyte’s wife was posing as the hospital’s social worker during the attack. Some guys fell through the ceiling who were trying to illegally access the wiring ducts.

All very odd.

ResearcherZero February 15, 2022 1:08 AM

Stranger still, why did the then police commissioner repeatedly try and force his way into the intensive care unit and recover a USB stick that was used during the cyber attack on the hospital (Fiona Stanley Hospital), then promptly resign?

The police information systems audit for that period was even worse, no, ‘the worse’ I’ve ever read. You can not have 123456 as the police system password for multiple years running when it is in each previous audit.

One would imagine there are laws and regulations about this kind of thing.

…When I finally lose it, I’m going to wonder around the streets with an A-framed sign that reads…

One would imagine there are laws and regulations about this kind of thing.

123456 is not a secure password on the back.

Winter February 15, 2022 9:22 AM

@Bob Paddock
“Has there been any ransomware attracts that don’t involve Window?”

Linux has been a target because it is heavily used in the server space:

There have been some, isolated, ones on MacOS

Clive Robinson February 15, 2022 1:07 PM

@ Bob Paddock,

Has there been any ransomware attracts that don’t involve Window?

I would depend on how you look at it.

In the strict sense the current ransomware attacks are not against the commercial/consumer OS’s but against the applications that run on them. The opening gained by co-opting users into making mistakes within such applications that alow an attacker inside the security perimeter.

By far the majority of such user applications do run in a MS Windows OS of the NT family of OS’s, but not all.

We do know there are such “opening attacks” against applications on @nix descendants including Linux, MacOS, and Solaris. But also against applications on mobile OS’s on Android and iPhone OS’s.

Once inside the security perimeter the attackers then go on to find the actual targets they are after, that again are usually application software not OS’s.

I would say that nearly all the ransomware attacks we have heard of publically are actually “targets of opportunity” not “targets of choice”.

That is the criminal attackers have one type of “opening attack” they will use at one time and they will go where that gets them in. In recent times these have mainly involved users directly. Knowing that their opening attack will get “burned” the more astute criminal attackers will get inside quite a number of targets and put some kind of bridgehead in place to ensure they can get back in before moving forward into any actual ransomware attack. They take an almost “industrial process” view point where each step may be performed by different people, in some cases with insiders actuall chosing to use the criminals tools etc supplied as a service.

We assume that APT / State Level attackers however go after specific targets, and have multiple opening attacks most of which do not involve actuall users. But once inside they likewise establish one or more bridgeheads to ensure future access.

Irrespective of who the attacker is they probably all involve Window’s applications in some way, simply by weight of numbers. Most likely for the “opening attacks” to get inside the security perimeter. Where they move onto once inside is more dependent on where the majority of the data of interest is stored.

As @Winter notes this often depends on the server side applications a lot of which run on platforms other than MS Windows.

If we look at state level APT rather than criminal ransomware, we know a lot less, and we assume they will use what they can to get inside the security perimeter of specific “chosen targets” rather than “any they can get into”.

However depending on who’s reports you believe… Asia and Russia favour getting in “any targets” they can via user actions as some form of “social engineering”. Whilst the West allegedly prefere something more covert based on “business logic” or other application implementation errors put in by accident / design, or deliberate implant in the supply chain. With some access by aquired credentials of automatic processes or occasionaly individuals.

The fact is we actually don’t know, we only get occasional glimpses into the state level APT attacks.

The reasons are firstly, we generally only hear about state level APT attacks only because they have failed in some way. Secondly we tend to hear about criminal ransomware attacks not when they fail, but when they have got to the point they have succeeded in denying the target access, and the target can not deny they have been attacked as their normal operational behaviour has been significantly impeded.

Gerard Farrell February 15, 2022 1:36 PM

I read you book Applied Cryptography back in the 90’s. I am curious as to your thoughts on the attack noted above. The provincial government has refused to release any information about the nature of the attack, attackers, anything really. Do you think that has to do with the nature of the attack or their lack of preparation for being attacked?

ResearcherZero February 16, 2022 6:03 AM

@Chris Drake

I totally believe it, as I’ve seen it in action for myself. Apparently it is how the fast track job promotion system has worked for some time.

Paul Whyte took my sister hostage in the local hospital 30 years ago, while the police were executing his arrest, allegedly. I was there at the time watching it unfold.

Paul Whyte also kidnapped both my wife and I back then, again allegedly. We did testify in court. He was not the first kidnapper, just another who lined up after numerous previous kidnappings, so him and his wife could “go places”, which is what she said to me, allegedly. The previous kidnappings were also career fast tracking options as well.

The prosecutors probably just forgot to sentence Paul Whyte, I am not implying in any way that money had anything to do with it.

Paul Whyte then went on to head the Department of Communities, although he allegedly, started his career stealing medical files and laundering fiances from the local hospital, with just little kidnapping on the side.
Excellent credentials!

Unsurprisingly the hospital system has a few minor operational issues due to poor planning.

Poor planning with $4.3 billion (Fiona Stanley Hospital)

18 August 2014.

The hospital that was first announced as having no storage space for paper medical files is now going to have to find some, and the identity management system is also in doubt, with the WA government announcing in late June that the $6 million it had spent trying to design a role-based, single sign-on smartcard for physical and computer access to the hospital was wasted because the solution doesn’t work.

Tendering for other elements of FSH has also been problematic. The planned closed-loop medications management system, which includes pharmacy robots, automated guided vehicles and automated medication units as well as prescribing software and interfaces with the WebPAS patient administration system, the LIS and RIS systems and iPharmacy, is a huge undertaking that only the largest companies can handle, ruling out many smaller vendors that can offer quality software systems but not the whole hardware deal.

Pi**ed off public servants

A lot of the problems seem to come back to poor planning. The full contract with Serco, which is in charge of building and operating the hospital on the government’s behalf, is worth $4.3 billion over 20 years, $2 billion of which is the actual build of the hospital. However, Mr Marney told the February committee inquiry that Treasury had only been given two weeks to review the contract before it went to cabinet, and that Treasury was quite rightly “pissed off” about it.

Dr Hames rejected this in WA’s parliament, saying that a person contracted to Treasury was on the organising committee the whole time. “The under-treasurer was, to use his words, ‘pissed off’ in the end with the time he had to look at the final contract, but I can tell members that a few people in health might have been ‘pi**ed off’ with him as well, in terms of how a very detailed and complex contract was worked through with Treasury.”

Former director-general Kim Snowball also defended his role in the contract negotiations and planning for the hospital. “Those being criticised are the same people who have worked incredibly hard to deliver for the state, including the Treasury, the biggest health infrastructure project of all time, on time and on budget in Fiona Stanley Hospital,” he said.

“In fact all of the major projects under construction in health were on time and on budget at the time I left the role. This doesn’t happen by accident, but by good, solid and careful management.”

While the reasons are unclear, it is pertinent to note that WA has not had a permanent director-general for health since Mr Snowball resigned in December 2012, standing down officially the following March. Nor has there been a permanent appointment as CIO of Health Information Network (HIN), the WA Health agency that oversees clinical IT. Bill Leonard was appointed as acting CIO in January after Andy Robertson stood down from the role, also acting, after just over a year.

Not much of this should have come as a surprise to experts in the health IT field.

IT Problems

There have been many over the years, so here are just the latest

November 16, 2021

Doctors and nurses have no access to the digital medical records of patients, while imaging and laboratory results must be obtained from Fremantle Hospital.

Access to medication and anaesthetic drug stations was temporarily unavailable and internal telephones are not working, so clinicians are having to communicate via their personal mobile phones when in operating theatres.

Even the carparks are all open as the boom gates have stopped working.

Mr Forden said engineers had determined there was no external attack to the hospital’s computer systems.

He said the problem was “something to do with the firewall”.

In a statement, a South Metropolitan Health Service spokesman said the hospital could still deliver imaging, pathology tests and medications.

The opposition said the outage was part of a “wider, systemic issue” at WA hospitals.

“It’s astounding that in a ‘world-class’ health system such as ours we are calling internal emergencies in our hospitals because the (information and communication technology) system can’t cope or is continually failing,” opposition health spokeswoman Libby Mettam said.

Ms Mettam said figures released to parliament showed there were 185 so-called “code yellows” in the WA health system in the past two years.

People have to actually work in these medical facilities and take care of patients under very trying conditions.

There are excellent staff working throughout the hospital who were completely failed by the planning process, and the justice process which failed to carry out sentencing of Paul Whyte 30 years prior.

There are a couple others who dropped of the sentencing radar after successful prosecution, but let’s not get carried away with following the court’s instructions.

ResearcherZero February 17, 2022 2:24 AM

@Chris Drake

There is so much rot, limbs may start falling off. It’s become systemic I believe.

I was threatened by a federal police officer when giving evidence. She asked me to give evidence to her alone about another case, which I refused, as it was not her case. She then threatened to have me charged for withholding evidence. It was funny because I was giving evidence and cooperating, and that was not her case either. She now works in the government as a minister.

I did encourage her to charge me, but it didn’t go any further, which was unfortunate. She also tried to abduct me when I was a child, got caught by the police though. It’s how some people get the top jobs, without all the bother of applying themselves to earn an honest living. Her two associates climbed the ranks of the WA state police force the same way. Hard to see where they fitted in the time for police work, given how often they were practicing kidnapping and cruelty to children.

The prosecutors are really touchy about bringing up previous cases of crime, they prefer to use all the details of your abductions for the kidnapper/abductor’s defense, if they are a cop. Somehow the evidence falls out of your file, then slides it’s way into their defense. No one understands how this happens with a couple dozen boxes of files.

Finally they slap a suppression order on all your files for “your safety”.

ResearcherZero February 17, 2022 2:42 AM

“The word whistle-blower suggests that you’re a tattletale or that you’re somehow disloyal,” he says. “But I wasn’t disloyal in the least bit. People were dying. I was loyal to a higher order of ethical responsibility.”

Jeffrey Wigand doesn’t like being called a whistle-blower.

the one-time tobacco executive who made front-page news when he revealed that his former employer knew exactly how addictive and lethal cigarettes were

whistle-blower does not describe well how when you are called as a witness, they make all kinds of promises to you, then everyone disperses after the campaign of terror begins. Victim-of-crime also sounds pretty wanky.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.