Ireland’s healthcare system is currently paralysed with hospital appointments cancelled and Covid-19 testing disrupted as hackers carried out what could be the most significant cyber crime in the history of the state.
The country’s health service operator was forced to shut down all its IT systems on Friday to protect them from the crippling ransomware attack.
An international cyber crime gang was behind the attack on the Health Service Executive (HSE), Ireland’s minister responsible for e-government said, as officials are still waiting for the ransom demand.
Ireland’s COVID-19 vaccination programme was not directly affected, but the attack was affecting IT systems serving all other local and national health provision, the head of the HSE said.
Minister Ossian Smyth has described the cyber attack as ‘possibly the most significant cyber crime attack on the Irish state’.
He told national broadcaster RTE that the hack ‘goes right to the core of the HSE’s system’, but said it is ‘not espionage’.
‘It was an international attack, but these are cyber criminal gangs, looking for money,’ Mr Smyth said.
‘What they’re attempting to do is to encrypt and lock away our data, and then to try to ransom it back to us for money.’
The HSE has not yet received a ransom demand, officials said. The gang exploited a previously unknown vulnerability, a so-called “zero-day” attack because the software maker has had zero days’ notice to fix the hole.
The attack comes just one week after a fuel network in the US had to shut down its systems until a $5million ransom was reportedly paid.
The Irish attack was blamed on international criminals and was said to be targeting healthcare records, but officials said patient safety was not at risk.
‘We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us (to) fully assess the situation with our own security partners,’ the Health Service Executive (HSE) said.
Hackers are holding Ireland’s healthcare IT systems to ransom, one week after a US company was targeted for $5 million
‘We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available,’ it added, stressing Ireland’s coronavirus vaccination programme was unaffected and ‘going ahead as planned’.
Ireland’s ambulance service is also ‘operating as per normal with no impact on emergency ambulance call handling and dispatch nationally’, the HSE added.
And Irish premier Micheal Martin was pressing ahead with a visit Friday to Britain to meet Prime Minister Boris Johnson amid tensions over Brexit, aides said.
Liz Canavan, a top official in Martin’s office, said the outage was also affecting child protection services, which are hosted on HSE servers.
But at a televised Covid-19 briefing, she stressed: ‘Emergency departments are operating as normal and if you need to attend a hospital, please do so.’
Another ransomware attack last Friday forced the shutdown of the United States’ largest fuel distribution system, leading to some panic buying at gasoline stations along the east coast.
Moscow has rejected US accusations that a Russia-based group was behind the cyberattack.
Ransomware attacks use a type of malware that encrypts files on an infected computer, normally via an email attachment or download, and demands money to unlock them.
HSE chief executive Paul Reid said the attack in Ireland was “an internationally operated criminal operation”, and the authority was working with police, the army and its major IT security providers.
‘We are at the very early stages of fully understanding the threat,’ he told Irish broadcaster RTE, adding it was trying to ‘contain’ the issue.
The Rotunda maternity hospital in Dublin said that ‘due to a serious IT issue’, it was only admitting emergency cases and women who are at least 36 weeks pregnant.
Hospital chief Fergal Malone said the attack had targeted computers storing patient records.
Life-saving equipment is operating fine, ‘there’s no problem for patient safety’, and the hospital has switched to backup paper records, he told RTE.
‘But obviously throughput will be much slower,’ he said, urging out-patients with routine appointments to stay away.
The HSE said the attack was an adaptation of ransomware known as ‘Conti’, in which hackers have already compromised a computer system and lie low until springing their trap.
Last October, it emerged that the then-CEO of Finnish company Vastaamo had covered up a data breach that exposed the confidential treatment records of tens of thousands of psychotherapy patients.
Many patients reported receiving emails with a demand for 200 euros ($240) in bitcoin to prevent the contents of their discussions with therapists being made public.
In 2017, the United States and Britain blamed North Korea for the ‘WannaCry’ ransomware attack that infected some 300,000 computers in 150 countries, including one-third of British hospitals.
This week, British Foreign Secretary Dominic Raab called for a global effort to counter online threats as he slammed countries including Russia, China, Iran and North Korea over cyberattacks.
Authoritarian states ‘are the industrial-scale vandals of the 21st century’, he said in a speech.
‘They want to undermine the very foundations of our democracy,’ Raab added, as Britain prepares to host a G7 summit next month.