The IT system of Ireland’s health service has been severely disrupted by a “significant ransomware attack”.
The HSE (Health Service Executive) said the attack began at around 4:30am on Friday, and that IT staff switched off systems as a “precaution” in order to protect data and give time to “fully assess the situation with our own security partners”.
The incident has affected services across a range of hospitals. Dublin’s Rotunda Hospital has cancelled outpatient visits for everyone except those with scheduled paediatric outpatient appointments and women who are 36 weeks pregnant or later.
Meanwhile, all gynaecology clinics are cancelled and the National Maternity Hospital at Holles Street in Dublin said there would be “significant disruption” to its services.
The HSE has apologised to patients and the public, and said it would give further information as it becomes available.
There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.— HSE Ireland (@HSELive) May 14, 2021
It also confirmed that the National Ambulance Service is operating without disruption and COVID-19 vaccination appointments will go ahead as planned. However, people are currently unable to book new appointments.
A ‘significant and serious’ attack
The HSE’s chief executive, Paul Reid, described the attack as “significant and serious”, adding that the HSE has taken all precautionary measures to shut down its major systems.
“We are working with all of our major IT security providers and the national security cyber team are involved and being alerted, so that would be the major state supports including gardai, the defences forces and third party support teams,” he said.
“Obviously we do apologise for the impact that it has had, but we are at the very early stages of fully understanding the threat, the impacts and trying to contain them.”
Rotunda Hospital Master Professor Fergal Malone said they learned of the attack last night.
“We use a common system throughout the HSE in terms of registering patients and it seems that must have been the entry point or source,” he said.
He stated that all patients are safe and the hospital could continue to function using physical files while the IT system is down.
He conceded that this will slow down the processing of patients, which is why the hospital has limited the number of people attending appointments.
What do the attackers want?
Ransomware attacks are normally followed by a request for funds – typically in bitcoin – in exchange for a decryption key.
No ransom demand has been made at this stage, although that’s not unusual. It often takes several hours, if not days, for the attackers to make their demands.
Cyber security experts and law enforcement bodies urge organisations not to pay up, because it encourages future attacks. Moreover, there is no guarantee that the attackers will keep their word and delete the stolen data.
As such, there is little to be gained from negotiating with the criminals. The victim may be able to get back to work a little sooner, but in most cases this isn’t worth the cost of the ransom.
Of course, the Irish health service has more than finances to worry about. There is only so long that it can face delays to its essential services before it feels the pressure to do something.
Those affected by the attack on the Irish health service will hope that a solution is forthcoming, but they should understand that paying off the attackers will be a pyrrhic victory at best. The financial cost will have lasting ramifications, and attacks will continue to overwhelm organisations.
What should organisations do instead?
The key to effective ransomware response is to create regular backups. That way, you can wipe the infected systems and restore your systems.
The process will take anywhere from a few hours to a few days, but that’s no less of a delay than if you were to negotiate with attackers.
Those looking for advice on how to complete these steps should take a look at our Cyber Incident Response service. Our experts provide the help you need to deal with the threat, guiding you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.