We need your help now
Support from readers like you keeps The Journal open.
You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.
If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.
Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
By continuing, you are indicating that you accept our Terms of Service and Privacy Policy.
Updated: 6pm
THE HSE HAS confirmed that its IT system has not been compromised after a suspected case of ransomware occurred in a health care centre in Wexford.
The affected computer system is not part of the HSE’s internal system but instead belongs to a centre which receives HSE funding, according to RTÉ.
Just two hours ago, Communications Minister Denis Naughten had told TheJournal.ie that hackers had attempted to access the HSE’s internal network but had been unsuccessful.
It is believed the suspected case in Wexford has been contained and will not spread to other systems. The HSE is helping the health centre with IT support.
Earlier today, Naughten said the international attack is “unprecedented” in its size. He admitted that the HSE had been targeted by the hackers but that they had been “rebuffed” thanks to the internal security system in place.
He said: “There has been attempts in relation to the HSE infrastructure but thankfully they have been rebuffed. This is being monitored on an ongoing basis. There is no guarantee we will avoid an attack but steps are being taken to minimise that.”
Christina Finn / TwitterMinister Denis Naughten on the recent cyber attacks pic.twitter.com/d3PncYy6Y7
— Christina Finn (@christinafinn8) May 13, 2017
(If you can’t view the video. please click here.)
In a statement this afternoon, the HSE said it is taking precautions to ensure 1,500 electronic devices are not at risk.
Devices that deliver diagnostic imaging (NIMIS) and biomedical control machines are among the electronics which are being protected.
Among organisations affected by the international hacking onslaught were computer networks at hospitals in Britain, Russia’s interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx and many other organisations.
A spokesperson for the Department of Communications said that there had been no reports of malware attacks, and the National Cyber Security Centre was monitoring the situation.
“The attack is a ransomware or cryptolocker type event, a relatively common low-level form of cyber attack usually aimed at extorting relatively small sums of money,” the spokesperson said.
Overnight, the HSE’s IT department has been working closely with the organisations that deliver technology to the health system regarding assurance and levels of preparedness for this recent cyber-attack.
Hackers
The statement read: “Anti-virus updates are currently being installed in these devices and a process of testing is underway. As there are approximately 1,500 devices it is expected that this process will take a number of days to complete.
The HSE’s IT National Service Desk has been placed on high alert to support all staff queries and actions on this matter.
“Staff have been extremely supportive during this difficult time. All Health Services staff are advised to have an increased level of digital vigilance while this cyber threat exists. They are advised “if you don’t know the source, don’t click it”.
With reporting by Christina Finn
I will leave any HSE emails on a trolley in my inbox for 3 days
@Justin Devaney: hilarious comment wish I’d thought of that.
Our broadband speeds probably aren’t fast enough for a cyber attack to access data
@⚡ Seánie ⚡: Wha wha wha …. stop moaning lad! Decent 4G coverage and up to 360Mb on broadband in many parts – some people love whining far to much!
@John Fahey: relax there man
Fun fact: Apparently Britain’s nuclear submarines also use Windows XP.
@Neal Ireland Hello.:
Another fun fact:
Nearly all ATM’s in the UK and Ireland use XP
@Neal Ireland Hello.: Most Irish Rail trains use Windows XP as the operating system!
@Neal Ireland Hello.: True, however they aren’t exactly connected to the web…
@Andy Sinclair: true but are protected from the rest of the internal in any such organisation ?
@Neal Ireland Hello.: I think that the US Navy also uses XP and pays Microcoft for support – so I am not surprised to hear that other organisations also use XP.
But something to consider is that as XP gets older neither software nor viruses will be written for that OS – so there could be an element of protection through obsolescence – bring back DOS and Windows 3.1 please…
@Neal Ireland Hello.: They do and they seem not to use anti virus software either, all it would take is an infected device to connect to their XP system???
@Niall Ó Cofaigh: Knowing the US the password will be password like the DNC had lol.
Just finished a cyber security course with a top expert. You wouldn’t believe the crazy gaping holes there are in Windows and iphones. Sensible Android use isn’t as problematic as it’s less proprietary and more modern. Currently people won’t pay for security experts in their organisations as lead administrators know next to nothing about infosec. Accountants in charge of the purse strings will eventually change their tune when a few organisations get hit with colossal law suits and fines. Then you can expect infosec workers to start getting paid handsomely. Watch this space.
@Virtual Architect:” Sensible Android use isn’t as problematic as it’s less proprietary and more modern”
Android is literally an malmare magnet, I don’t know how much the course costs with a top expert but I’d be looking for my money back.
Android has so many versions, unsecure apps and devices that they are endless attack vectors then say ios.
@Virtual Architect: lol, did the instructor get his notes out of a lucky bag?
Well, if there’s someone offering me 1 million tax free a year they hardly expect me to ignore it
There’s no money to be gotten out of our HSE it’s all spent on middle management.
The hackers trying to to get into the HSE were put on trolleys and gave up……
Happened to me last year on my laptop, had to go back to factory settings and lost everything!
It wouldn’t have happened if all the organisation’s had installed the march windows security update. No links had to be clicked on to get the crypto locker. It just installed itself on machines that we not updated.
@Stephen Cole: Easier said than done. When considering “validated” machines the vendor will often not allow monthly patching as re-validation needs to happen before putting back into service/production and any changes voids their SLA’s / service until this is done. Production related SCADA systems and computers with bespoke devices connected to them are the real pain to update and replace as they are so heavily vendor dependent to do anything with, including patching. That’s why its not generally “front office” systems being affected as these are usually administered by internal ICT teams who will force updates on their systems (file servers, app servers, mail, sharepoint etc etc).
The industry needs to get better but this is the reality.
The patch didn’t fix the hole, they only fixed “some” of the issues, the problem remains open. Moved to linux years ago.
@Fake Avast: Ubuntu 12.04 and I know already what you are going to say, and in reply *NO ONE IS TARGETING LINUX*
So in summary, the attack didn’t target MS-DOS v4.0.
@Paraic McDonagh: Nor Windows 3.1 is seems
I hope the banks follow suit next…
@John Flanagan: So you don’t get paid?
@Neal Ireland Hello.: Only through cash lol.
He means nobody opened the emails and after looking for them, they found them! Regardless of if the hse was attacked or not, he’d say this anyway because it’s an opportunity to give the gov some credibility, which they desperately need.
Huray! The HSE have their software up to date! Pity about the waiting lists!
Public organisations and private companies should have proper infosec training for new and existing employees. Or get massive fines.
@Virtual Architect: I suspect a lot do but you can only educate and still people will make the mistake of opening based on social engineering.
Another fun fact…….. ah……. sorry I forgot
Common factor in HSE and NHS: windows XP, out of support and 5 versions behind.
Microsoft have today released a security update for XP to prevent this malware….
Idiots will still click stuff.
Can’t code against d’Oh!
@Ryan Comiskey: there are very few organisations without one idiot!
@Ryan Comiskey: “Social Engineering” is the tech term for “Idiots will still click stuff”
@Ryan Comiskey: And so you did !
It’s an old virus anyone gets this
Go to antivirus
Hitman.pro
They will show you how to make a reboot disk
It kills this virus
Will ya Look at the head on him
Updating their anti-virus systems as the HSE statement says won’t do any good…..It a Windows critical patch they need to apply….
@John003: don’t forget the sutures!!!
@John003: they need to do both. There are two things to consider. First is stopping it getting into your network and secondly how to stop it propagating it does.
Extremely implausible what D is yapping about.
Have to laugh that its reported that hackers specifically targeted the hse
I am not a geek so l have no info on this story but it does strike me as a bit of a dichotomy (opposites in the same place) that the day the man in the dresses are trying to keep us in the dark ages with their witchcraft some geek can infiltrate a good percentage of the worlds IT system……time will tell which is more powerful witchcraft or upwardly mobile geeks with lots of IT savvy…
It’s been stopped for now…
https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0
Computers can all be hijacked by a small bunch of people who have the know how. All the big software companies pay a team of people to try and break into their systems. Then when they discover the holes in their systems they patch them. External emails should be rejected if they contain attachments before they get to the receiver. Fax is a safer method
Use precise geolocation data. Actively scan device characteristics for identification. Store and/or access information on a device. Personalised advertising and content, advertising and content measurement, audience research and services development.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not be able to monitor our performance.
Cookies, device or similar online identifiers (e.g. login-based identifiers, randomly assigned identifiers, network based identifiers) together with other information (e.g. browser type and information, language, screen size, supported technologies etc.) can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here.
Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).
Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.
Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.
Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.
Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects. This can for example be used to adapt the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.
Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.
Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non-advertising) content e.g. reached its intended audience and matched your interests. For instance, whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on this service and the web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you.
Reports can be generated based on the combination of data sets (like user profiles, statistics, market research, analytics data) regarding your interactions and those of other users with advertising or (non-advertising) content to identify common characteristics (for instance, to determine which target audiences are more receptive to an ad campaign or to certain contents).
Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.
Content presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type, or which content you are (or have been) interacting with (for example, to limit the number of times a video or an article is presented to you).
With your acceptance, your precise location (within a radius of less than 500 metres) may be used in support of the purposes explained in this notice.
With your acceptance, certain characteristics specific to your device might be requested and used to distinguish it from other devices (such as the installed fonts or plugins, the resolution of your screen) in support of the purposes explained in this notice.
Your data can be used to monitor for and prevent unusual and possibly fraudulent activity (for example, regarding advertising, ad clicks by bots), and ensure systems and processes work properly and securely. It can also be used to correct any problems you, the publisher or the advertiser may encounter in the delivery of content and ads and in your interaction with them.
Certain information (like an IP address or device capabilities) is used to ensure the technical compatibility of the content or advertising, and to facilitate the transmission of the content or ad to your device.
Information about your activity on this service may be matched and combined with other information relating to you and originating from various sources (for instance your activity on a separate online service, your use of a loyalty card in-store, or your answers to a survey), in support of the purposes explained in this notice.
In support of the purposes explained in this notice, your device might be considered as likely linked to other devices that belong to you or your household (for instance because you are logged in to the same service on both your phone and your computer, or because you may use the same Internet connection on both devices).
Your device might be distinguished from other devices based on information it automatically sends when accessing the Internet (for instance, the IP address of your Internet connection or the type of browser you are using) in support of the purposes exposed in this notice.
The choices you make regarding the purposes and entities listed in this notice are saved and made available to those entities in the form of digital signals (such as a string of characters). This is necessary in order to enable both this service and those entities to respect such choices.
Non-TCF/GVL Vendors
have your say