Irish health service hit by ‘sophisticated’ ransomware attack

Ireland’s health service shut down its computer systems on Friday after being hit with a “sophisticated” ransomware attack.

The Irish health service executive said there was a “significant ransomware attack” on its IT systems, without commenting on further details.

“We have taken the precaution of shutting down all of our IT systems to protect them from this attack and to allow us to fully assess the situation with our own security partners,” the HSE said in a tweet on Friday.

“We apologize for the inconvenience caused to patients and the public and will provide more information as it becomes available.”

Ireland’s vaccination program has not been affected and appointments will proceed as planned, but the registration portal has been disconnected. Doctors are also unable to refer people for Covid-19 testing, so patients have been told to use walk-in testing centers. HSE said its ambulance service was operating normally.

Dublin’s Rotunda Hospital, a maternity hospital, said all outpatient visits on Friday were canceled, except for women who are 36 weeks pregnant or more. All gynecology clinics are canceled.

“It’s very sophisticated,” Paul Reid, executive director of HSE, told RTE Radio 1. “It’s affecting all of our national systems and, indeed, local ones that would be involved in all of our basic services.”

“We figured it out overnight and have obviously been acting on it right away. The main priority is obviously to contain this. But it is what we would call a human-operated ransomware attack in which they would seek to gain access to data. “

Ransomware is a type of malicious software designed to block access to a computer system. Hackers demand a ransom payment, usually cryptocurrencies, in exchange for restoring access.

In 2017, the UK’s National Health Service was one of many organizations affected by a malware known as WannaCry.

Peter Carthew, UK and Irish public sector director at security firm Proofpoint, said healthcare organizations are “high-value targets for ransomware attacks.”

“They would have the greatest motivation to pay to restore systems quickly,” Carthew said by email.

“Given the nature of the industry, healthcare personnel are often severely limited in time, leading them to quickly click, download, and handle email, while possibly falling victim to email-based attacks. carefully designed social engineering, ”he added.

The news follows a major cyberattack against Colonial Pipeline in the US that crippled gas supply systems in the southeastern states. Colonial restarted operations Wednesday afternoon, but said the delivery schedule would not return to normal for several days. The company paid a $ 5 million ransom to the hackers.

The attack is believed to have been perpetrated by the DarkSide hacker group. DarkSide is a relatively new group, but cybersecurity analysts believe they are dangerous. The group claimed Wednesday to have attacked three more companies, despite worldwide outrage over its attack on Colonial.

HSE was not the only organization that announced on Friday that it had been attacked by a ransomware attack. Toshiba Tec, a division of Japanese tech conglomerate Toshiba, said its European business was the victim of such a hack on May 4. The company also blamed DarkSide.

– CNBC’s Sam Shead and Eamon Javers contributed to this report.