Ireland's health service hit by 'significant' ransomware attack

Ireland's health service said it had shut down its IT systems as a precaution.

May 14, 2021, 4:06 PM

DUBLIN -- Ireland’s health care system was hit by a major ransomware attack on Friday, forcing its health service to shut down its IT systems and locking many hospitals out of their computers, in what one government minister said was possibly the most serious cyber attack in the country's history.

The ransomware attack began overnight, targeting Ireland's Health Service Executive which said it had decided to shut down most of its IT systems as a precaution.

Many hospitals and clinics reported on Friday they had lost access to their computer systems -- suddenly shut out of patients' records, appointment booking and email systems -- prompting some to cancel most non-urgent appointments. Those facilities said they had contingency plans in place; medical equipment was not impacted; and care was being given as normal to patients.

The health service said the attack was also significantly disrupting Ireland's coronavirus testing program, although it said that its vaccination rollout was not affected.

"It's widespread. It is very significant, and possibly the most significant cybercrime attack on the Irish State," Ossian Smith, a state minister for procurement and eCommerce told the national broadcaster RTE on Friday. Smith told RTE that the attack was "not espionage" and was the work of a criminal gang seeking to extort money from the country. He said the attack went "right to the core" of the health service and that Ireland was now "deploying everything" in response.

He said Ireland's National Cyber Security Center and police were assisting in containing the attack and launching an investigation into the criminals responsible. Ireland has requested help from Interpol with the investigation.

The attack blindsides Ireland's health system amid the coronavirus pandemic and comes amid heightened attention to the threat posed by ransomware attacks following the hack of Colonial Pipeline in the United States that has wrought havoc on fuel supplies.

Paul Reid, the head of the Health Service Executive, told RTE radio that it had shut down its systems as a precautionary measure allow to specialists to contain the ransomware and assess the damage. The Irish government's chief information officer said it was working to ensure that ransomware had not spread to any other government networks and that for the time being that did not appear to have happened.

Smith said the National Cyber Security Center was now working through the health service's systems by "clearing through each section, each subunit of the network, and when it's safe, they're reopening."

He said that would continue throughout the weekend, "and possibly longer,"

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017.
Kacper Pempel/Reuters, FILE

The attack disrupted the Ireland health care system's ability to offer outpatient care, forcing some hospitals to suspend many key services, including cancer and stroke treatments as well as testing, such as CT scans.

Fergal Malone, the head of Dublin's The Rotunda maternity hospital, said the facility had had to shut down its computer systems after learning they were affected overnight. That meant the hospital had had to revert to paper systems for administration, a slower process he said, resulting in the cancellation of non-urgent appointments, except those for women over 36 weeks pregnant.

But for the hospital itself, he said it was able to function “absolutely normally" for the patients already there.

“All patients in the hospital are safe, all care is being provided,” Malone said.

Several other major hospitals said they were also seriously affected and canceled non-urgent appointments, although others continued to receive people.

The health service's chief operating officer, Anne O'Connor said that if the attack was not overcome by Monday "we will be in a very serious situation and we will be cancelling many services."

O'Connor said the attack was carried out using "a brand new variant of the Conti ransomware," a type of ransomware known to cybersecurity researchers and different to that involved in the Colonial Pipeline attack.

Conti is a so-called "double extortion" ransomware, which means that as well as locking victims out of their systems, the malware also steals data, which the criminals then threaten to release if they are not paid. Russian cybersecurity firm, Kaspersky listed Conti as nNo 2 on its list of top ransomware groups and estimates that it accounted for 13% of all ransomware attacks from late 2019 through 2020. Some security researchers have linked Conti to cyber criminal gang believed to operate from Russia.

Last month reports emerged that Conti ransomware hackers had encrypted the systems of the Broward County Public School District in Florida and demanded $40 million in ransom. The hackers released some files after the school said it would not pay the amount.

Related Topics