Ireland’s health service hit by “significant ransomware attack”

Ireland’s health service IT system has been shut down as a precautionary measure, following a cyber attack today.

The Health Service Executive (HSE) believes the attack is by international criminals attempting to extort money, although no demand has yet been received.

HSE confirmed there had been “a significant ransomware attack on the HSE IT systems” and it had closed down systems “to protect them from this attack and to allow us fully assess the situation with our own security partners.”

Irish health minister Stephen Donnelly said the attack was having “a severe impact” on health and social care services, but emergency services and the National Ambulance Service were still in operation.

WHY IT MATTERS 

Ransomware is a malicious software that encrypts files on a computer system.

The attack has caused health services to temporarily return to paper-based systems, leading to delays and cancellations to patient services. 

Hospitals affected include the Rotunda Maternity Hospital and the National Maternity Hospital in Dublin, which have both reported significant disruption to services, as they are unable to access electronic records.

The UL Hospitals group warned of long delays for patients. In a statement on Twitter it said it was “largely operating manual back-up systems” and delays would continue “until such time as patient information, diagnostic reporting and other affected IT systems are secure and operational.”

COVID-19 vaccinations and tests will continue, but the registration portal for vaccinations and testing referrals system have bene shut down.

THE LARGER CONTEXT 

The attack comes four years after the WannaCry virus attack, which affected more than 200,000 computers in 150 countries worldwide. It caused disruption to around 81 NHS trusts and more than 600 primary care organisations in England.

More recently, the outsourcing firm behind NHS Test and Trace, Serco confirmed that parts of its infrastructure in mainland Europe had experienced a double extortion ransomware attack from cybercriminals.

In February, French insurance company Mutuelle Nationale des Hospitaliers (MNH) suffered a ransomware attack that disrupted the company’s healthcare operations. 

Last year, the Vastaamo therapy centre in Finland was targeted by who obtained medical records from patient therapy sessions.  

Cybersecurity expert, Saif Abed, founding partner of AbedGraham, told Healthcare IT News the threat cyber-attacks pose during mass vaccination programmes. 

 

 

ON THE RECORD

Robert Golloday, an EMEA and APAC director at cybersecurity firm, Illusive, said: “This attack against HSE is the latest confirmation of how the professional-scale hack-for-ransom threat is spreading rapidly. Among other institutions, these groups are targeting hospitals and other healthcare providers, most likely because of the value of the personal information their servers hold.”

George Daglas, chief operations officer at computer security service, Obrela Security Industries, said: “Ransomware is a particularly vicious threat because it is a double-extortion. Attackers are able to leak an organisations data, which also holds the organisation at ransom, putting the organisations and their customers, or in this case patients, in a very dangerous position.”

 

Source: Read Full Article