Skip to content
#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dr Colm Henry, the HSE's Chief Clinical Officer (file photo)
Dr Colm Henry, the HSE's Chief Clinical Officer (file photo)
Image: Leah Farrell/RollingNews.ie

HSE won't comment on ransom figure, as other departments take precautions after cyber attack

The Department of Health was impacted by the cyber attack on Friday, but has not been targeted by a fresh attack today.
May 16th 2021, 7:52 AM 81,462 90

Updated May 16th 2021, 5:38 PM

HSE STAFF MEMBERS have been advised to prioritise patient safety and “protect unscheduled and urgent care” as the organisation continues to grapple with the impact of a massive cyber attack.

The HSE has confirmed that a ransom has been sought but said it will not be paid, in line with State policy.

The Department of Health’s IT and email systems were also affected by the cyber attack, as previously confirmed. A spokesperson said reports of a fresh attack on the department today are incorrect.

Various ransom figures have been reported today but the exact amount has not been confirmed by the HSE.

Hackers have demanded three bitcoin or $150,000 (about €124,000), the Business Post is reporting, citing multiple sources. 

However, a number of other news outlets are reporting a much higher ransom figure of $20 million – about €16.5 million. This figure was first reported by tech website Bleeping Computer.

The Journal is aware that screenshots purporting to be of an online conversation between the HSE and the hackers about a $20 million ransom are being circulated amongst HSE staff. However, the authenticity of these screenshots has not been confirmed.

The Journal has contacted the HSE about the Bleeping Computer article, but the organisation is not commenting on the figure.

It is understood that Gardaí in national units have been instructed to be careful online and to be wary of any suspicious approaches online.

Foreign Affairs Minister Simon Coveney has said that the Government is working with Interpol in the aftermath of the ransomware attack.

Other departments

A spokesperson for the Department of Health said reports of a fresh attack today are incorrect.

“The Department of Health can confirm that late last week it was subject to a ransomware attack similar to the attack on the HSE. Since Thursday we have been working to respond to this incident.

“We continue to work closely with all relevant authorities, including the National Cyber Security Centre, An Garda Siochana and the HSE. We continue to assess the impact across all our systems and our focus is on protecting our data,” they told The Journal.

Meanwhile, the Department of Social Protection has “temporarily suspended” its electronic communication channels with the HSE “while the HSE systems are offline”.

A statement noted: “The Department’s systems are fully operational and are monitored at all times. The Department of Social Protection has cyber defence systems in place which react to any threat to its systems in the event of a cyber incident.”

A spokesperson for the Department of the Environment, Climate and Communications told us: “This attempted attack remains under investigation, however there are indications that this was a ransomware attack similar to that which has affected the HSE. As the investigations into both incidents are ongoing, it is not possible to make further comment on the nature of these attacks at this time.

“The NCSC is supporting the Department of Health in its response to this attempted cyber attack, together with An Garda Síochána, the Office of the Government Chief Information Officer (OGCIO) and third party contractors.

“The NCSC has issued an advisory notice to other Government Departments and agencies in relation to this attempted cyber attack. The NCSC is in ongoing contact with the OGCIO and our Government stakeholders to provide appropriate advice and guidance.”

Clinical guidance 

Speaking to RTÉ’s This Week, Chief Clinical Officer Dr Colm Henry said that hospital diagnostics are among the most heavily impacted services.

“The diagnostic services are the most severely impacted in the short term. They rely heavily on IT systems for ordering tests, for imaging tests, for comparing with previous history,” said Henry.

“Anything that requires our hospitals and our systems or our healthcare professionals and services to speak to each other and to plan and organize patient care is severely disrupted.”

In a memo sent to staff outlining clinical guidance, Henry said the advice is “underpinned by the need to prioritise patient safety and is focussed on unscheduled, urgent and time-critical care”.

He stated: “However, it is critical that this is monitored on a daily basis at service level to enable those services that can deliver scheduled care to do so.

“Additionally, while the duration of the attack and time to recovery is currently unknown, it is important to remain mindful of the scheduled care that could become urgent care or result in an adverse outcome e.g. non-continuation of certain types of radiotherapy, if it does not proceed.”

Staff have been asked to do the following:

  • Prioritise patient safety
  • Protect unscheduled and urgent care
  • Ensure continuation of time-critical care and treatment e.g. dialysis, surgical procedures, radiotherapy
  • Ensure involuntary admissions in Mental Health Services are conducted as safely as possible
  • Enable staff to work as safely as possible in the absence of usual digital support and enablement

Cancellations

Thousands of appointments have been cancelled by a number of hospitals since Friday and into this week. Patients have been advised to check the HSE’s website and Twitter account for the latest updates.

Individual hospitals and hospital groups have also been issuing guidance throughout the day, with Dublin Midlands Hospital Group outlining disruptions on Twitter this afternoon.

The Rotunda Hospital has said that it has been severely impacted by the attack on the HSE, with no access to patient charts or details, clinic schedules, appointment details or email addresses.

The hospital has created paper-based systems where it is possible but has said this has increased the strain on its resources. The Rotunda is also unable to contact patients directly currently.

Due to the disruption, the Rotunda will be focusing on urgent care for patients and will be extending the all changes and cancellations until next Saturday, 23 May.

These changes include:

  • Outpatient maternity appointments and scans in public/private and semi-private clinics are cancelled for those who are less than 36 weeks gestation.
  • All outpatient appointments, procedures and planned surgeries for gynaecology and colposcopy have been cancelled.
  • Paediatric outpatient appointments for babies older than two weeks are cancelled and will be rescheduled. Babies under two weeks may attend, only if an appointment has been made.
  • All non-urgent appointments at the early pregnancy unit are cancelled, as well as physio and dietitian appointments.

‘Slow, painstaking work’

Henry said that it would be “slow, painstaking work” to get through the disruption and rebuild the foundational layer of the HSE’s IT systems.

He could not give a time for when the disruption would be subsided and said that it would continue “well into the coming week”.

When asked if patient data had been compromised in the attack, Henry said that it was too early for the HSE to know.

“At this stage, it’s too early to say if patients information has been accessed and taken away.”

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

HSE CEO Paul Reid yesterday said that “safe and steady progress” was made overnight in dealing with the fallout of the “sophisticated” ransomware attack that the Government called “possibly the most significant cyber attack on the Irish State”.

The HSE was made aware of the attack in the early hours of Friday, and shut down all national and local IT systems yesterday in order to protect them from encryption by attackers.

Because computers are shut down as a precautionary measure, some health services have been affected: the extent of the disruption varies from each hospital and service.

The Covid-19 vaccination programme has not been affected by the attack, and people should attend those appointments as normal. The HSE is still planning to administer between 260,000 and 280,000 Covid-19 vaccine doses next week.

Speaking on Saturday with Katie Hannon yesterday, Reid encouraged the public to continue to register for a vaccine appointment through the online portal, saying that the system is safe to use. People aged between 50 and 69 are eligible to register, with information on those between 40 and 49 expected to be released in the coming week.

Covid test results and contact-tracing services have been successfully restored after being disrupted on Friday. Anyone who has symptoms of Covid-19 is asked to self-isolate and contact your GP, who may advise you to attend one of the walk-in Covid-19 test centres.

However, the Department of Health has said that “due to the current disruption of the HSE IT systems” daily Covid-19 figures are not available. Backdated figures will be published “when possible”, a spokesperson said.

Reid also said that due to how patient data is stored across multiple systems, there was currently no indication of how much patient data has been accessed by the attackers.

“We’re now assessing across each system, what level of data was encrypted [by attackers], what level of data may have been compromised. So that’s still a process that we’re going through before we move to the recovery phase,” he said.

The systems were hit by a Conti ransomware attack, where attackers enter into a computer system and study how it works, before compromising anything they can and announcing their attack to the victim.

With reporting by Garreth MacNamee, Tadgh McNally and Niall O’Connor

Send a tip to the author

Órla Ryan

COMMENTS (90)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a comment

     
    cancel reply
    Back to top