Ransomware Strikes Irish Health Service, Forcing Shutdown

Ireland’s health service has temporarily shut down its IT system after experiencing a “significant ransomware attack”.

The incident has affected services across a range of hospitals. Dublin’s Rotunda Hospital has cancelled outpatient visits for everyone except those with scheduled paediatric outpatient appointments and women who are 36 weeks pregnant or later.

Meanwhile, all gynaecology clinics are cancelled and the National Maternity Hospital at Holles Street in Dublin said there would be “significant disruption” to its services.

The HSE (Health Service Executive) has apologised to patients and the public, and said it would give further information as it becomes available.

It later confirmed that the National Ambulance Service is operating without disruption and COVID-19 vaccination appointments will go ahead as planned. However, people are currently unable to book new appointments.

‘Working to contain’ the attack

The HSE’s chief executive, Paul Reid, described the attack as “significant and serious”, adding that the HSE has taken all precautionary measures to shut down its major systems.

“We are working with all of our major IT security providers and the national security cyber team are involved and being alerted, so that would be the major state supports including gardai, the defences forces and third party support teams,” he said.

“Obviously we do apologise for the impact that it has had, but we are at the very early stages of fully understanding the threat, the impacts and trying to contain them.”

Rotunda Hospital Master Professor Fergal Malone said they learned of the attack last night.

“We use a common system throughout the HSE in terms of registering patients and it seems that must have been the entry point or source,” he said.

He stated that all patients are safe and the hospital could continue to function using physical files while the IT system is down.

He conceded that this will slow down the processing of patients, which is why the hospital has limited the number of people attending appointments.

Commenting on the incident, IT Governance Cyber Incident Responder Cliff Martin said: “As we have seen over the past couple of weeks, ransomware continues to impact and disrupt national services globally. The attack against Ireland’s National Health Service reminds us that the impact of these cyber/ransomware attacks is significant and cyber criminals know it.”

He added: “As we see in this example, patients are being turned away which is affecting individual’s health and safety. By targeting services like this one, cyber criminals realise that they are more likely to be paid because of the impact and the sensitivity of the data.

“Therefore, it is crucial that organisations should have a cyber incident response plan in place which has been tested to ensure that organisation can identify, assess, and respond quickly and effectively.”

What do the attackers want?

Ransomware attacks are normally followed by a request for funds – typically in bitcoin – in exchange for a decryption key.

No ransom demand has been made at this stage, although that’s not unusual. It often takes several hours, if not days, for the attackers to make their demands.

Cyber security experts and law enforcement bodies urge organisations not to pay up, because it encourages future attacks. Moreover, there is no guarantee that the attackers will keep their word and delete the stolen data.

As such, there is little to be gained from negotiating with the criminals. The victim may be able to get back to work a little sooner, but in most cases this isn’t worth the cost of the ransom, which is on average over £100,000 – although for high-profile attacks such as this the demand is likely to be much higher.

Of course, the Irish health service has more than finances to worry about. There is only so long that it can face delays to its essential services before it feels the pressure to do something.

This is why healthcare organisations are targeted so often by ransomware gangs. According to our 2020 review of the year, the healthcare and health sciences was the most vulnerable to attacks – with ransomware among the leading causes.

Those affected by the attack on the Irish health service will hope that a solution is forthcoming, but they should understand that paying off the attackers will be a pyrrhic victory at best. The financial cost will have lasting ramifications, and attacks will continue to overwhelm organisations.

We are currently in a ransomware crisis, with some of the world’s largest organisations joining forces with the Ransomware Task Force to protect organisations from making payments. If the Irish health service was to contradict that advice, it would be a huge blow to that cause.

What should organisations do instead?

The key to effective ransomware response is to create regular backups. That way, you can wipe the infected systems and restore your systems.

There are few other things you should do in the meantime, with the process taking anywhere from a few hours to a few days, but that’s no less of a delay than if you were to negotiate with attackers.

Those looking for advice on how to complete these steps should take a look at our Cyber Incident Response service. Our experts provide the help you need to deal with the threat, guiding you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.