A Chi­nese na­tion­al based in Eu­rope has been iden­ti­fied as the hack­er be­hind the cy­ber­at­tack on the South­west Re­gion­al Health Au­thor­i­ty (SWRHA).

Sources at the au­thor­i­ty yes­ter­day re­vealed that the hack­er had been de­mand­ing that the SWRHA pay over US$7 mil­lion in bit­coin cryp­tocur­ren­cy to re­gain ac­cess to its da­ta af­ter il­le­gal­ly ac­cess­ing it.

Speak­ing to Guardian Me­dia on the is­sue yes­ter­day, SWRHA Cor­po­rate Com­mu­ni­ca­tions man­ag­er Kevon Ger­vais de­nied the au­thor­i­ty had to ne­go­ti­ate to re­gain its in­for­ma­tion from the hack­er. Rather, he said the au­thor­i­ty, through its lo­cal tech­nol­o­gy part­ners, was able to re­trieve the SWRHA in­for­ma­tion from back­up sources.

Since the at­tack last month, the SWRHA has been grap­pling to get its ser­vices back on track af­ter the cy­ber­at­tack forced it to re­turn to ana­log sys­tems in some de­part­ments and in­sti­tu­tions.

The SWRHA is among sev­er­al lo­cal en­ti­ties cur­rent­ly fac­ing cy­ber­at­tacks, with house­hold store chain Courts con­firm­ing over the week­end that it was re­cent­ly hit.

On Oc­to­ber 23, the SWRHA com­mu­ni­ca­tions and tech­nol­o­gy plat­form suf­fered a cy­ber­se­cu­ri­ty breach from an un­known ex­ter­nal par­ty that re­sult­ed in a loss of con­nec­tiv­i­ty and ac­cess to in­for­ma­tion data­bas­es.

This at­tack com­pro­mised its abil­i­ty ac­cess tech­no­log­i­cal sys­tems in re­al time.

Guardian Me­dia un­der­stands that pa­tient records and oth­er in­for­ma­tion are still cur­rent­ly af­fect­ed and on­ly par­tial­ly ac­ces­si­ble from last Fri­day.

Sources told Guardian Me­dia that since the hack­ing three and a half weeks ago, it has been a try­ing sit­u­a­tion for staff, as all com­put­ers were man­dat­ed to be switched off as they sought to rec­ti­fy the is­sue.

In the in­ter­im, the pay­roll, ac­counts, fi­nance, hu­man re­sources, le­gal, ad­min­is­tra­tion, phar­ma­cy and med­ical records de­part­ments have been run man­u­al­ly.

How­ev­er, sources said it was dif­fi­cult for staff to go through a man­u­al sys­tem to re­trieve in­for­ma­tion for ex­ist­ing pa­tients, and in some in­stances, new and re­turn­ing pa­tients had to be giv­en tem­po­rary reg­is­tra­tion num­bers.

Guardian me­dia un­der­stands that even as the sys­tem came back par­tial­ly last Fri­day, the files re­trieved on the sys­tem were shar­ing in­cor­rect da­ta from hos­pi­tals in Den­mark and Chi­na.

In a state­ment to Guardian Me­dia, the SWRHA said it au­to­mat­ed pa­tient ser­vices had re­sumed n a phased ba­sis in sev­er­al sig­nif­i­cant ar­eas, such as the San Fer­nan­do Gen­er­al Hos­pi­tal’s Emer­gency De­part­ment, Phar­ma­cy and Med­ical Records. The au­thor­i­ty said it is an­tic­i­pat­ing full restora­tion to all SWRHA fa­cil­i­ties by No­vem­ber 20. It said in the pe­ri­od fol­low­ing the cy­ber­at­tack, man­u­al sys­tems were utilised by ad­min­is­tra­tive and clin­i­cal staff mem­bers. It added that once full restora­tion has been en­abled, clients will be up­dat­ed.

The SWRHA said it is al­so work­ing with ex­ter­nal agen­cies, in­clud­ing the Trinidad and To­ba­go Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse Team and Trinidad and To­ba­go Po­lice Ser­vice, to ful­ly re­store op­er­a­tions in the short­est pos­si­ble time, giv­en its on­site and off­site data­base.