The Irish National Health Service Executive (HSE) has been forced to shut off its IT systems following a major ransomware attack. At the same time, it triages and investigates the scale of the incident, causing significant and unavoidable disruption to patient services across Ireland, although Covid-19 vaccine appointments are operating normally.
In a statement, the HSE said: “There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our IT systems to protect them from this attack and to allow us fully assess the situation.”
The services chief executive Paul Reid told RTÉ’s Morning Ireland that the attack was severe and significant. The HSE is working alongside Ireland’s National Cyber Security Centre, the Garda, and security partners on the initial investigation.
“We do apologize for the impact that it’s had, but we are at the very early stages of fully understanding the threat, the impact, and trying to contain [it],” said Reid.
At the time of writing, the strain of ransomware involved in the incident had not been disclosed, and nor has the HSE given any indication that it has entered into negotiations with those responsible.
Nominet’s Steve Forbes said that if there had been any doubt that malicious actors were escalating their attacks on critical national infrastructure (CNI), the past few days have proved it twice over. “National healthcare services are already under strain from the pandemic, which will make this ransomware attack even more devastating,” he said.
“That fact will not be lost on the hackers – the attacks on Colonial and the Irish health care system both demonstrate that criminal groups are choosing targets that will have the greatest impact on governments and the public, regardless of the collateral damage, to apply the most leverage. It is an increasingly alarming pattern of criminal behavior.”
Qualys CISO Ben Carr said the innate characteristics of healthcare organizations make them uniquely vulnerable to such attacks. “Ransomware will continue to impact the healthcare sector, where bad actors have concluded that the threat to life makes this sector more likely to pay,” he said.
“Ransomware has also been quite successful against municipal governments, and this is also because there is an increasing perception that bad actors will get paid when systems can’t be allowed to go down.”
The HSE had previously been warned over its cyber security posture after it was reported at the end of 2020 that thousands of its computers were still running out of date software.
According to RTÉ, the health service spent over €1m in 2020 on Microsoft’s Extended Security Update program to protect its Windows 7 estate.
As of the end of 2020, it allegedly had about 37,000 systems running on the old operating system, for which Microsoft ceased support on 14 January 2020. The HSE said its migration to Windows 10 had been heavily impacted by the pandemic.