Ransomware: Ireland's Health Service Remains 'significantly' Disrupted Weeks After Attack

Ireland's health service is still suffering from significant disruption more than three weeks after falling victim to a ransomware attack.

The Health Service Executive (HSE), which is responsible for healthcare and social services across Ireland, shut down all of its IT systems following the attack last month.

Many of these systems were shut down as a "precaution" in order to stop the spread of the ransomware, which HSE described as a variant of Conti ransomware.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

The health service vowed not to pay the ransom – which has been reported as a demand for $20 million in Bitcoin – and Dublin's High Court issued an injunction against Conti in an effort to prevent the criminals leaking stolen data for not being paid.

HSE has been providing regular updates following the cyberattack and as of 3 June – three weeks after the initial incident – services around Ireland continue to see what's described as "significant impacts and disruptions to services".

Essential and urgent services, including COVID-19 vaccinations, are operating, but patients are still being warned they could face delays and cancellations to appointments because "systems are not functioning as usual" due to "critical IT systems" still being out of action.

Services like blood tests and diagnostics are taking much longer to operate than usual because the ongoing fallout means doctors, nurses and other staff are relying on manual processes in the meantime.

According to HSE, this is expected to continue for "a number of weeks" as efforts are made to safely deploy a decryption tool to the restore 2,000 IT systems – each consisting of infrastructure, multiple servers and devices – affected by the ransomware, based on clinical priority.

Despite the attempt at an injunction, HSE has warned the public that criminals could attempt to exploit the confusion and worry around the safety of their medical data to scam and defraud people.

"People receiving any suspicious calls, texts or other contacts seeking personal or banking details are advised to report these contacts to their local Garda station or the Garda confidential line 1800 666111," said an HSE statement.

SEE: This company was hit by ransomware. Here's what they did next, and why they didn't pay up

The HSE incident is just one of a string of high-profile ransomware attacks to have hit organisations around the world in recent weeks. Colonial Pipeline, which supplies almost half of fuel to the United States eastern seaboard, was hit by a ransomware attack and paid cyber criminals using Darkside ransomware over $4 million in Bitcoin in exchange for the decryption key.

Meat processor JBS was recently hit with a ransomware attack by the REvil criminal group, while Fujifilm has also fallen victim to a ransomware attack in recent days.

The rise in ransomware attacks has led to the White House urging organisations to take the threat posed by cyber criminals seriously.

"All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location," said Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technology.

"Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat."

MORE ON CYBERSECURITY

• Ransomware: Five questions you need to ask about your defences, before you get attacked
• Ransomware attacks are not a matter of if, but when
• Ransomware: How the NHS learned the lessons of WannaCry to protect hospitals from attack
• Colonial Pipeline CEO confirms $4.4 million ransomware payment
• Ransomware is now a national security risk. This group thinks it knows how to defeat it