Ireland’s health service IT system has been shut down as a precautionary measure, following a cyber attack today.
The Health Service Executive (HSE) believes the attack is by international criminals attempting to extort money, although no demand has yet been received.
HSE confirmed there had been “a significant ransomware attack on the HSE IT systems” and it had closed down systems “to protect them from this attack and to allow us fully assess the situation with our own security partners.”
Irish health minister Stephen Donnelly said the attack was having “a severe impact” on health and social care services, but emergency services and the National Ambulance Service were still in operation.
WHY IT MATTERS
Ransomware is a malicious software that encrypts files on a computer system.
The attack has caused health services to temporarily return to paper-based systems, leading to delays and cancellations to patient services.
Hospitals affected include the Rotunda Maternity Hospital and the National Maternity Hospital in Dublin, which have both reported significant disruption to services, as they are unable to access electronic records.
The UL Hospitals group warned of long delays for patients. In a statement on Twitter it said it was “largely operating manual back-up systems” and delays would continue “until such time as patient information, diagnostic reporting and other affected IT systems are secure and operational.”
COVID-19 vaccinations and tests will continue, but the registration portal for vaccinations and testing referrals system have bene shut down.
THE LARGER CONTEXT
The attack comes four years after the WannaCry virus attack, which affected more than 200,000 computers in 150 countries worldwide. It caused disruption to around 81 NHS trusts and more than 600 primary care organisations in England.
More recently, the outsourcing firm behind NHS Test and Trace, Serco confirmed that parts of its infrastructure in mainland Europe had experienced a double extortion ransomware attack from cybercriminals.
In February, French insurance company Mutuelle Nationale des Hospitaliers (MNH) suffered a ransomware attack that disrupted the company’s healthcare operations.
Last year, the Vastaamo therapy centre in Finland was targeted by who obtained medical records from patient therapy sessions.
Cybersecurity expert, Saif Abed, founding partner of AbedGraham, told Healthcare IT News the threat cyber-attacks pose during mass vaccination programmes.
ON THE RECORD
The EU Agency for Cybersecurity (ENISA) said: “We firmly condemn this malicious behaviour in the midst of a health crisis. We are following the ongoing situation and possible developments closely with the authorities and at EU level with the CSIRTs Network.
“The health sector is regarded as a vulnerable sector to cyber incidents and crises. In the ENISA Threat Landscape report, it was found that more than 66% of healthcare organisations experienced a ransomware attack in 2019.
“In 2019, 45% of attacked organisations paid the ransom. The 45% of organisations that were attacked and paid the ransom, half still lost their data.
“In relation to the COVID-19 pandemic, hospitals/labs/healthcare organisations have been prime targets for cybercrime related attacks. For example, hospitals in France and Czechia have been targeted.”
Brian Honan CEO of Dublin-based cybersecurity firm, BH Consulting, said: “Ransomware has over the past few years has rapidly become a scourge that has impacted organisations all over the globe. Criminals have also deliberately targeted healthcare organisations during the pandemic as they are so critical in the fight against COVID19. High profile attacks like this, and indeed the attack against Colonial Pipeline, will hopefully serve as a wakeup call to governments that cybercrime is a serious threat to our society and way of live and needs to be dealt with accordingly.”
Robert Golloday, an EMEA and APAC director at cybersecurity firm, Illusive, said: “This attack against HSE is the latest confirmation of how the professional-scale hack-for-ransom threat is spreading rapidly. Among other institutions, these groups are targeting hospitals and other healthcare providers, most likely because of the value of the personal information their servers hold.”
George Daglas, chief operations officer at computer security service, Obrela Security Industries, said: “Ransomware is a particularly vicious threat because it is a double-extortion. Attackers are able to leak an organisations data, which also holds the organisation at ransom, putting the organisations and their customers, or in this case patients, in a very dangerous position.”
The story was updated at 17.15 BST