Irish health system hit by 'significant' ransomware attack
Ireland's national health service, the Health Service Executive (HSE), temporarily shut down its IT systems today after suffering a ransomware attack overnight.
The organization, which is in the mid of its COVID-19 vaccination program, said the attack did not impact its ability to provide urgent medical care but that some routine checks and services might be delayed or canceled.
The HSE described the ransomware incident as "significant" and "human-operated," a term used to describe high-end sophisticated ransomware groups which orchestrate targeted attacks against carefully big organizations.
In a morning radio show with public broadcaster RTE, HSE Chief Executive Paul Reid said the agency's IT teams are currently investigating the incident to find out its breadth.
In a different radio show, Reid identified the ransomware gang behind the attack as Conti, a ransomware gang that started operating in the summer of 2020.
Paul Reid says the major ransomware attack targeting the HSE is "quite sophisticated", while the COVID-19 vaccination programme isn't impacted as it's on a different system.@NTBreakfast pic.twitter.com/XXtzlzBQAV— NewstalkFM (@NewstalkFM) May 14, 2021
Fergal Malone, Master of the Dublin Rotunda Hospital, told RTE in a different interview that the attack impacted its staff's ability to access online systems and patients' electronic records.
An HSE source told The Record this morning that the attack came to the organization's attention overnight after some of its apps and databases became inaccessible. Employees arriving at work in the morning were told to shut down and leave systems offline.
Although the incident has been formally identified as a Conti ransomware attack, no ransom note has been currently discovered, although one is very likely to exist and that investigators have yet to find the file containing the attacker's demands.
HSE said its COVID-19 vaccination program remains on track, as it runs from a different system. The organization promised to share more details about the attack via its official channels, as they learn more.
There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.— HSE Ireland (@HSELive) May 14, 2021
News of the attack comes after last week a ransomware gang managed to disrupt fuel delivery on the entire US East Coast through its attack on Colonial Pipeline. The attack led the White House and major US institutions to look into cracking down on ransomware gangs who carry out disruptive attacks.
In the aftermath of the Colonial attack, XSS, one of the forums where ransomware groups often go to advertise their offerings, announced a ban on ransomware ads going forward, in an attempt to distance itself from ransomware groups, currently internet pariahs.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.