Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THE HSE HAS shut down its IT systems after it became aware of a “significant ransomware attack”.
The HSE chief executive Paul Reid has called it a “major incident” for the health service.
The HSE was made aware of the attack during the night and it is currently being contained by shutting down all national and local IT systems in order to protect them.
Let’s take a look at the type of attack this seems to be, and what it means for the HSE.
‘Targeted form of attack’
Ransomware is a type of malicious software that encrypts files on a computer system. Attackers demand a ransom from the victim to restore their access to the data after payment is issued.
The systems were hit by a Conti ransomware attack, the Chief Operations Officer of the HSE Anne O’Connor confirmed today.
Barry O’Sullivan, professor at the School of Computer Science at University College Cork, compared this type of attack to a bank robbery, saying there is a lot of preparation before it’s made known that the attack is happening.
“All ransomware attacks are forms of extortion. Basically, people effectively steal your data while leaving it on your machine and don’t let you access it again until you pay a ransom,” he told The Journal.
“Conti attacks are a very targeted form of attack usually undertaken by human beings. These people know what they’re doing, they know what data they’re attacking.”
Attackers enter into a computer system and study how it works, before compromising anything they can and announcing their attack to the victim.
O’Sullivan said servers can become compromised “in all sorts of ways” through weak passwords, phishing scans or weak Wi-Fi servers.
“One of these guys gets on to an important machine, and from there they basically try to penetrate the network in different ways,” he said.
These folks have been probably on the network for quite some time. They understand the structure of the network.
“When you’re faced with a ransomware attack your data is no longer under your control. You’re faced with a choice of – do you pay these people in the hope they release it, or do you not?”
He said all ransomware attacks are a “form of extortion”, and a Conti attack is no different.
“The people who lock this data will also threaten to release it either publicly or sell it,” he said.
Security sources have said that the most likely suspects for the attack are criminals who are ‘state actors’.
“This is an almost daily occurrence and the HSE were targeted this time. In terms of cyber security the most difficult thing is that these hackers are state backed and are most likely from North Korea, Russia or China,” a cyber security source said.
Some hospitals have cancelled all non-urgent appointments today following the cyber attack.
The Covid-19 vaccination programme has not been affected, and people should attend those appointments as normal.
However, the GP and Close Contact referral system is currently down after the cyber attack.
GPs are to advise patients to attend walk-in testing centres with priority given to symptomatic and close contacts at these centres.
Valuable information
O’Sullivan said that “health services are very vulnerable to these kinds of things” because there is “massive pressure” to retrieve the sensitive information.
He said the kind of important medical details contained in the HSE files is highly valuable and sensitive information.
O’Sullivan said these attacks have become “extremely sophisticated” and “difficult to detect”.
“It’s important to recognise the fact that the HSE has been attacked in this way should not be seen as some sort of fundamental weakness in the HSE infrastructure,” he said.
He added that with remote working, people are connecting to their work accounts over “all sorts of insecure Wi-Fi” networks and it is “very, very easy to compromise a computer”.
“Cyber attacks of any kind are wrong. When you’re going after medical data from health services, this is really the lowest of the low,” he said.
“Apart from the devastating impact it has on health services, people will be worried about what data could be published. Personal data, family histories, PPS numbers, health insurance details, all sorts of things.”
He said the attackers generally threaten to release the information on dark web “dump sites”.
“In Conti attacks you have to assume that everything has been compromised and all of your systems have been listened to.”
“These attacks often happen when there are reduced defences, so it’s not surprising it happened during the night,” he said, on the timing of when the HSE became aware of the cyber attack.
He said it gives the HSE limited time to respond on a Friday, but it creates “an additional level of urgency” ahead of the weekend.
He said attacks like this can also often happen on Bank Holiday Fridays.
“Even if the HSE knew yesterday that they would be attacked, a lot of the work and damage has already been done,” O’Sullivan said.
In terms of the ransom, it is usually requested to be paid in cryptocurrency such as Bitcoin as it is “really difficult, if not impossible” for gardaí to trace.
The National Cyber Security Centre, an inter-agency body which involves among other experts the Defence Forces and the gardaí, will be the lead agency on identifying who launched the attack.
Former Communications Minister Denis Naughten told The Journal that attacks like these are a “huge issue that we must keep on top of”.
He has discussed this topic in the past, especially under his remit as minister when he said he focused on resourcing the National Cyber Security Centre.
He added that this continues to be an area that needs “significant investment right across our public service”.
Other systems attacked in the past
Last October, it emerged that the then-CEO of Finnish company Vastaamo had covered up a data breach that exposed the confidential treatment records of tens of thousands of psychotherapy patients.
Many patients reported receiving emails with a demand for €200 in bitcoin to prevent the contents of their discussions with therapists being made public.
In 2017, the United States and Britain blamed North Korea for a ransomware attack that infected some 300,000 computers in 150 countries.
The ‘WannaCry’ attack in May 2017 hit one-third of hospitals in Britain, as well as Spanish telecoms company Telefonica and US logistics company FedEx among others.
Data on infected computers was encrypted and users faced a ransom demand to unlock their devices.
A total of 80 of 236 NHS trusts across England suffered disruption, because they were either infected by the ransomware or had turned off their devices or systems as a precaution. The ransomware infected another 603 NHS organisations including 595 GP practices.
The health service was forced to cancel almost 20,000 hospital appointments and operations as a result and five A&E departments had to divert patients to other units.
This attack was described as “relatively unsophisticated” in that it locked devices but did not seek to alter or steal data.
This week, British Foreign Minister Dominic Raab called for a global effort to counter online threats as he slammed countries including Russia, China, Iran and North Korea over cyberattacks.
Authoritarian states “are the industrial-scale vandals of the 21st century”, he said in a speech.
- Additional reporting by Niall O’Connor, Christina Finn and AFP.
This will likely cost the HSE, and the Irish taxpayer, one way or another. Personally I’d prefer to tell those behind it where they can go fu… You get the picture. They may have some data belonging to me as well as ten’s of thousands of others. Yes it’s private, but share my scans an X-rays all to your hearts content, just don’t pay a cent.
@Arch Angel: probably North Korea, busy little bees at this carry on.
@Arch Angel: if it was only x-rays that would be grand but we’re talking about records of abortions, psychiatric care, family histories, STDs etc that would be devastating for patients lives if it were to be published on the internet.
@Bananaquit: Then you sue the HSE for not protecting your data, take the money and move to Spain. I see that as a win, personally.
@ianglen: Most likely Israel, cyber warfare is their MO
The NHS was similarly attacked some time ago, they got someone in who professionally hunts and kills malware.
true what was said , the states who back or sponsor these criminals are the lowest of the low.
@RJ.Fallon: they’re all at it! Except Ireland
Welcome to the new kind of terrorism folks, there’s a reason now state sponsored terrorist attacks are going more cyber now is that its easier to cripple countries using software like ransomware and do lasting damage as much as any suicide bomber could. Instead of killing or hurting maybe 1000 people, terrorists can now cripple and panic millions by sabotage via things like the hse, pipe lines, electrical etc….and sadly this may only be the beginning cos if they can find a way in to systems once, it means they will try again or look at other government systems that maybe legacy in cases and not as prepared for such attacks
The reason they were targeted is because they were vulnerable, their IT system like the HSE itself is creaking, money spent in the wrong areas.
Windows 95
Until our government starts investing in proper IT upgrades and security expect more of this to happen.
Why would they be state backed? Are China really that stuck for money?
Not a cent should be paid to these individuals,
This will only encourage them and they will be back for seconds.
have your say