Updated 4.05pm
HSE STAFF WERE told to turn on their computers when they got to work this morning – but not to log in – to allow for anti-virus capability to activate in the wake of a massive global cyber attack.
Yesterday Europol said the ‘WannaCry2′ ransomware attack had hit more than 200,000 victims and warned the situation could escalate as people returned to work today.
The attack struck banks, hospitals and government agencies in more than 150 countries, exploiting known vulnerabilities in old Microsoft operating systems. Images appear on victims’ screens demanding payment of $300 (€275) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”
It warns locked files will be deleted if payment is not received within three days. On Friday, the NHS was plunged into chaos after being targeted by the attack, which forced some hospitals to divert ambulances and scrap operations.
Following the attacks on the NHS, the HSE removed all external access to its network on Friday night and this morning Director General Tony O’Brien said he had decided to keep the network isolated for a further 48 hours to maintain protection.
There was a confirmed case of this ransomware attack at a health care centre in Wexford over the weekend, but the HSE said the affected system is not part of its internal network.
‘Think before you click’
In a statement, the Department of Communications, Climate Action and Natural Resources said the HSE had been working over the weekend in order to prevent any of the 49,000 machines on its networks from being compromised.
Minister for Communications Denis Naughten is set to bring a memo to Cabinet tomorrow to update the government on the situation.
Naughten said: “There have been no further reported incidences of the ‘Wannacry2’ malware in Ireland, beyond the isolated case in a HSE funded facility in Wexford on Saturday.
It is still possible that further incidences will arise and a sustained period of vigilance will be required, both in terms of updating and patching software and monitoring equipment.
Access to external emails at Tusla has also been blocked since Friday evening as a precautionary measure while security work is undertaken and staff currently have no access to emails.
The Tusla (Child and Family Agency) network will continue to be disconnected from outside communications for another 48 hours as a precaution.
In a statement, the organisation said: “In many situations, Tusla relies on referrals from members of the public and organisations and individuals working with children to identify children at risk. If anyone has reported a child protection concern to Tusla by email since Friday evening, please be advised that this may not have been received.
“We ask anyone who has reported a child protection concern by email since Friday, or who has a concern about a child, to contact their local social work duty team immediately. Contact details for all social work duty teams are available on the Tusla website, www.tusla.ie.”
HSE staff
As staff return to work today, the HSE has advised all employees to turn on their computers but not to log in for a full two hours.
“This will allow the anti-virus capability to become active while still allowing the network will remain protected. Each health building will have an IT representative to provide assistance in the morning,” the department explained.
There is also a dedicated help-desk function in place for dealing with this crisis. An important message for all computer users is THINK BEFORE YOU CLICK.
The HSE’s Chief Information Officer Richard Corbett told RTÉ’s Morning Ireland that disaster recovery processes are in place to ensure that the healthcare system can continue without disruption by this malware.
Access to external emails has been shut off, which means HSE staff can only receive internal emails until a full analysis has been completed. This restricted access is expected to continue over the next two days.
He said GPs own and pay for their own IT systems and malware protection may not have been “a high priority” for them. The HSE has worked with systems providers over the weekend to ensure anti-virus updates are in place.
‘Unprecedented’
The National Cyber Security Centre (NCSC) is monitoring the situation on an ongoing basis and is in contact with international counterparts. A series of advisory notes were issued to government departments and agencies over the weekend with the latest giving a detailed assessment of the malware type.
The NCSC said it is “also cooperating with the Garda Cyber Crime Bureau and with the Defence Forces around this issue, and will bring any evidential material to the attention of the gardaí immediately”.
IT departments across the government and private sector have been working over the weekend to upgrade equipment and to apply patches [updates] to deal with the vulnerability that this malware exploits. There may be minor disruption to IT services this morning as work on these systems is completed and brought back online.
The department described the global cyber attack as “unprecedented in terms of scale and speed of onset”.
“Whereas ransomware attacks via malicous e-mail attachment have become commonplace, this newly discovered malware type, generally referred to as WannaCry2 is both “cryptor” and “worm” – it possesses the ability to replicate functional copies of itself to other networked hosts without the need for users to click on links or otherwise interact. As such, it can spread very rapidly from machine to machine.”
With reporting by Órla Ryan
To embed this post, copy the code below on your site
have your say