Irish health service suffers 'significant' ransomware attack

The incident is having a major impact on all local and national systems involved in core services

Ireland's Health Service (HSE) said today that it has shut down all its IT systems after suffering a "significant" cyber attack that affected diagnostic services and forced many hospitals to cancel appointments.

"There is a significant ransomware attack on the HSE IT systems," the heath service said in a tweet.

"We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners," the post added.

HSE chief executive Paul Reid told RTÉ's Morning Ireland that the incident was having a major impact on all local and national systems involved in core services.

Dublin's Rotunda Hospital reportedly cancelled outpatients visits following the attack, except for women 36 weeks pregnant or more.

The services at the National Maternity Hospital (NMH) have also been disrupted, although NMH said that people with an appointment may visit the hospital as normal.

The security incident did not affect the National Ambulance Service, and the system for Covid-19 vaccinations is also operating as normal, according to HSE.

Reid said that the hackers were likely targeting data stored on central servers. He described the incident as "an internationally operated criminal operation", although he said the HSE has not received any ransom demand so far from the attackers.

Reid added that the HSE IT security staff was working with the national cyber security team and major cyber security providers to investigate the incident. He said that they were at the initial stages of "fully understanding the threat" and its impacts.

Reid also apologised to people for inconvenience caused due to the incident.

Commenting on the incident, Ben Carr, CISO at Qualys, said: "Ransomware will continue to impact the healthcare sector, where bad actors have concluded that the threat to life makes this sector more likely to pay."

"Ransomware has also been quite successful against municipal governments, and this is also because there is an increasing perception that bad actors will get paid when systems can't be allowed to go down.

"Companies outside these sectors shouldn't consider themselves safe as there is a 'Spray and Pray' mentality in operation here where a wide distribution of malware isn't costly and as such it is a way to cast a wide net and hopefully return victims who will pay."

Stuart Reed, UK director at Orange Cyberdefense, said: "In the wake of Covid-19, hospitals are still struggling to get back to normality, seeing yet another ransomware attack take hold is truly worrying. This incident also comes almost exactly four years from the 12 May 2017 WannaCry ransomware attack on the NHS, which devastated services."

The ransomware attack on HSE comes about a week after a massive ransomware attack on the US fuel pipeline operator Colonial Pipeline last week that forced the company to shut down its IT systems, halting critical pipeline operations.

Colonial Pipeline disclosed the security incident on Saturday, confirming that it involved ransomware.

The attackers reportedly stole over 100 gigabytes of data from Colonial Pipeline's systems and threatened the firm with leaking stolen data online if they are not paid.

Bloomberg reported on Thursday that Colonial has paid nearly $5 million (about £3.55 million) ransom to hackers, in return of a decryption tool to restore its disabled computer network.