Irish Health IT remain shut down following ‘significant ransomware attack’

  • 17 May 2021
Irish Health IT remain shut down following ‘significant ransomware attack’

Health IT services in the Republic of Ireland have remained switched off following a “significant ransomware attack”.

The Health Service Executive, which provides public health and social care services to everyone living in Ireland, tweeted on 14 May to say it had shut down all of its IT systems as a “precaution” and to “protect” health systems from the attack.

On May 16, EHealth Ireland tweeted an update to say “HSE IT Teams are working to map out what systems can be brought back online in a safe way”.

HSE have confirmed that vaccinations would not be affected and would go ahead “as planned” while another confirmed that Ireland’s National Ambulance Service is operating as normal. It has also told staff not to turn on their work PC or laptop.

An update, published by the Irish National Cyber Security Centre (NCSC) on May 16, said it was first “made aware of potential suspicious activity” on Ireland’s Department of Health (DoH) network on May 13.

“Preliminary investigations indicated suspected presence of cobalt strike Beacon, which is a remote access tool,” the update adds.

“Cobalt strike is often used by malicious actors in order to move laterally within an environment prior to execution of a ransomware payload.”

The update adds that at 7am on 14 May “the NCSC was made aware of a significant incident affecting HSE systems” and “initial reports indicated a human-operated ‘Conti’ ransomware attack that had severely disabled a number of systems”.

NHS Digital defines Conti as a “an advanced ransomware tool that uses a unique encryption routine to identify and encrypt files incredibly quickly” and can affect all types of Microsoft Window versions.

Also on May 14, “malicious cyber activity” detected on Ireland’s DoH network, however “due to a combination of anti-virus software and the deployment of tools during the investigation process an attempt to execute ransomware was detected and stopped”.

This led to HSE making the decision to shut down all its IT systems as a precaution.

“There are serious impacts to health operations and some non-emergency procedures are being postponed as hospitals implement their business continuity plans,” NCSC’s update adds.

HSE has set up a page which provides updates to services and appointments including Covid-19 vaccination appointments.

“Most healthcare appointments will go ahead as planned but x-ray appointments are severely affected,” the page states.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Crisis communications: how to cope when the NHS is held to ransom

Crisis communications: how to cope when the NHS is held to ransom

Building a reputation in health tech can take decades, yet it can be undone by a single crisis, writes Silver Buck’s Sarah Bruce
Three things we must do now to prevent patient harm from digital tech

Three things we must do now to prevent patient harm from digital tech

In the wake of reports linking IT flaws to deaths of patients, and the recent cyber attack on pathology in south east London, Chris Fleming…
Cyber attacks on critical national infrastructure predicted to increase

Cyber attacks on critical national infrastructure predicted to increase

Mark Edwards, CISO at Digital Health and Care Wales has warned that cyber attacks on critical national infrastructure are likely to increase.

2 Comments

  • The challenge to all healthcare organisations is not from the devices they control but from the ones they don’t.

    Each healthcare organisation will have a significant amount of IoT and medical devices that IT can’t install any security agents or antivirus/malware – and quite often these devices are also running out of date and vulnerable operating systems, devices such as CT scanners, analysers to medical workstations, the list goes on.

    Despite the positive steps taken since Wannacry these devices are not controlled by hospital IT but rather their manufacturers who are very slow to respond (if at all) meaning medical and IoT devices are often completely exposed and easy for a threat actor to compromise as seen before with Wannacry and unfortunately with HSE.

    There was a webinar (which can be viewed again) from Digital Health on this exact subject

    https://www.digitalhealth.net/events/protecting-medical-devices-from-cyber-attacks/

  • How can this be the case again, did the HSE not learn anything from ‘last time’.

    I am sure a certain (now UK) CIO who used to be at the HSE claimed that they had successfully created protection from cyber crime for the future by learning clear lessons from Wanna Cry.

    When do health systems learn that if they want to have IT as a back bone then IT needs to be invested in.

Comments are closed.