We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Shahid Jamil
Cyber Attack

HSE ransomware attack: Healthcare disruption could 'mount' in days and weeks ahead

A former Chief Information Officer for the HSE said that it is difficult to keep healthcare security systems up-to-date from cyber attacks.

LAST UPDATE | 18 May 2021

THE HSE IS continuing to grapple with the fallout of a ransomware attack on its IT systems, and is bringing as many computer services back online without compromising security or private data.

It’s unclear what exact amount has been sought by the hackers, but numerous Government ministers – including Justice Minister Heather Humphreys this morning – have said that a ransom will not be paid, in line with State policy.

Officially, the Government and HSE have not confirmed what information the hackers have gained access to; it could be patient, staff or administrative data that was compromised.

HSE payroll, and PPS numbers

Senior sources told The Journal that the private, personal information belonging to potentially tens of thousands of Irish people could be packaged up and sold off on the darkweb to the highest bidder unless some form of deal is brokered with the hackers.

If this were the case, access could be gained to PAYE records and Revenue services. A source said: “In an ideal world, we’d all get new online identifications and PPS numbers.”

Since the HSE was made aware of the attack on Friday, around 85,000 computers have been turned off as a precaution, and 2,000 different IT systems are being cleared and assessed one-by-one by cyber security teams.

The HSE’s Chief Clinical Officer Colm Henry told RTÉ’s Morning Ireland that progress continued to be made to bring hospital services back, and that voluntary hospitals may be able to resume diagnostic imaging shortly.

The ordering of tests, the visualization of images,the comparing of results and the conveying of those results is completely linked to IT… It’s not the same as before.

He said that the HSE had “no choice” but to close down systems that were corrupted, so that they wouldn’t corrupt other systems. HSE staff are due to be paid on Thursday; Dr Henry said it’s hoped that a contingency plan will ensure staff are paid on time.

Speaking to RTÉ’s News at One, Health Minister Stephen Donnelly said that a number of HSE staff are due to be paid this Thursday. However, the payroll system is currently down. 

“At the moment [the pay system] is not operating. My understanding is that there would be a payment this Thursday but I know it’s an absolute top priority for the HSE to make sure that those payments go through,” Donnelly said. 

Services affected

The services that have been most impacted by the security response to the cyber attack are: radiology (X-ray, MRI and CT scans), paediatric services, maternity services, and outpatient appointments in hospitals located in the west.

As the voluntary hospitals are on a separate IT system to the HSE, they have been less severely impacted than other hospitals, and may return to normal service faster.

“There is some sign of hope with some of the bigger voluntary hospitals, but this will take a considerable period of time and there will be undoubtedly disruption that will mount in the coming days and weeks,” Dr Henry said.

The Covid-19 vaccination programme and testing regime is largely unaffected, as it’s a newer, separate IT system. But there are some issues with GP referrals, and Covid-19 test results may have to be received by a phonecall or mail, rather than by email.

The political fallout from the ransomware attack is also continuing: the Joint Committee on Transport and Communications Networks will meet with the National Cyber Security Centre in private session from 9.30am today.

This cyber attack, along with the housing crisis, are expected to dominate Cabinet discussions today, where Covid-19 related issues have been left to one side.

Healthcare systems are hard to protect

Richard Corbridge, who was the HSE’s Chief Information Officer from 2014-2017, said that a previous cyber attack against the HSE in 2017 called ‘WannaCry’ was different: it left data where it is but it’s encrypted, so it was made inaccessible.

But this latest ransomware is a day-zero attack, meaning they had no prior knowledge of it, and so it evaded its cyber security systems.

There isn’t a weakness that wasn’t prepared for, it’s a weakness that wasn’t understood, and the data has been taken away.

When asked whether the HSE’s older software system made it more vulnerable, Corbridge said that healthcare systems across the world find it difficult to invest in and keep up to the highest possible point of cyber-security protection.

It’s not just about machines that you see [clinicians using], it’s machines that’s connected to key healthcare solutions: blood analysers, CAT scanners, X-ray machines. When you need to replace the operating system to keep it up-to-date, to keep it safe from a cyber security point of view, at that point you’ve also got to consider the replacement of things like X-ray machines, CAT scanners.

“You can run into millions of euro when you need to keep simple IT systems up-to-date in healthcare systems, and that becomes really, really difficult to stay on top of.”

He said that in 2017, the HSE IT security system is a “smaller resource than perhaps it should be”, and that cyber security measures in place in the NHS are “still in their infancy” in the HSE.

Around 3-7% of a healthcare service’s total budget should be sent on IT systems, a US cyber security report recommended; former HSE chief Tony O’Brien said that a quarter of the recommended amount is spent on the HSE’s IT systems.

“It is very expensive, and it’s hard to show the benefit of it as a patient benefit when there are so many other financial needs.”

The HSE’s IT systems were hit by a Conti ransomware attack, where attackers enter into a computer system, study how it works, and encrypt the private data before announcing their attack to the victim and demanding a ransom for it not to be published online or sold off to a third party to be used for ill-intent. 

There have been reports that the hackers could have gained access to the HSE’s IT system up to two weeks before the attack was made known to authorities on Friday.

With reporting by Hayley Halpin

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel