Ransomware Attack Cripples Ireland's Health Sector

A ransomware attack on the health service in Ireland has been described as “catastrophic”, while a decryption tool is currently being tested.

Earlier this year, we discussed the targeting of the health sector by cybercriminals over recent months, and unfortunately, a serious attack has been carried out in Ireland. The ransomware attack on the Health Service Executive’s (HSE) IT systems last week if believed to have been carried out by the Conti group of hackers, based in Russia. The perpetrators have warned that confidential patient data will be released on Monday 24th May unless the ransom demand, $20m, was paid. Health Minister Stephen Donnelly has commented that no ransom has been paid. The ransomware attack has caused widespread disruption, causing Ireland to shut down most of its healthcare IT systems. This has caused widespread disruption, with appointments for services such as cervical cancer checks and X-rays postponed. Medical staff have had to use paper records, and in some parts of the country, the number of appointments has dropped by 80% since the attack. Other sectors have been affected by the attack, too. Tulsa, the country’s child protection agency, uses the HSE network to share files and databases, leading to delays in court cases.   

Around 700GB of data is believed to have been stolen, including patient files, bank statements, and payroll information. As well as not having access to their network, there is also a chance that this confidential data may make its way online, if the cybercriminals follow through on their threat to distribute it. This practice – known as “doxware” – is becoming increasingly common, as hackers look to maximise profits.

Meanwhile, Dublin’s High Court have granted an injunction preventing the sharing, selling or publishing of any data obtained in the attack. It is believed this measure will prevent websites such as Facebook, Twitter and Google from hosting any of the confidential information stolen during the attack.

As is standard during ransomware attacks, HSE’s data was encrypted, rendering it inaccessible. Irish authorities are reportedly testing a decryption tool that, if successful, will allow the encrypted data to be accessed again, and for services to resume. The head of the Health Service Executive, Paul Reid, remarked: To launch an attack of such a massive scale on sick and vulnerable people in this country in the midst of a global pandemic is quite an extraordinary thing to do.”