Investigation reveals cause of HSE cyberattack. Brazilian health ministry suffers ransomware attack.

Summary

By the CyberWire staff

At a glance.

Investigation reveals cause of HSE cyberattack.
Brazilian health ministry suffers ransomware attack.

Investigation reveals cause of HSE cyberattack.

In the wake of the massive cyberattack on Ireland’s Health Service Executive (HSE) earlier this year, a report commissioned by HSE from PricewaterhouseCoopers has revealed the breach stemmed from a malicious Microsoft Excel file attached to a phishing email. The Irish Times reports that although the attachment was opened by an HSE staffer in March, the malware was allowed to slowly infect the HSE systems for two months before the system was fully hijacked in May, with little to no action taken in the interim, despite a number of system alerts. The Irish Examiner details the many warning signs that went unheeded due to flaws in the HSE’s security monitoring systems and a general lack of awareness on the part of security staff, which is composed of only fifteen employees. The Independent adds that, when asked if earlier detection could have prevented the attack, HSE chief executive Paul Reid responded, “the simple thing to say is we did not have the significant response to the alert that we could have. It’s impossible to say if we could have killed it all but it was a risk that we did not address to the significant level that it should have been.” The investigation labeled the HSE’s dispersed IT system as “frail” and recommended a multi-year investment program to improve the service’s cybersecurity. Reid says an extra €100 million has been allocated to the issue over the next year. BBC News notes a small silver lining, as the report shows no data was destroyed, nor were any COVID-19 vaccination systems or medical devices attacked.

Brazilian health ministry suffers ransomware attack.

When it comes to COVID-19 data, ZDNet reports that the Brazilian Ministry of Health (MoH) was not as fortunate. The ministry has confirmed a ransomware attack has shut down several of its systems, including one linked to the national immunization program and another used for issuing digital vaccination certificates. Ransomware gang Lapsus$ Group has taken credit for the attack, claiming that they exfiltrated and deleted 50TB of data, and demanding that MoH "contact us if you want the data back." Brazilian health minister Marcelo Queiroga says that fortunately the ministry has backups of the allegedly stolen data. Reuters notes that the timing is less than ideal, as a new measure requiring unvaccinated travelers to Brazil to be quarantined and tested for COVID-19 will have to be postponed for a week as a result of the attack. The National Data Protection Authority (ANPD), which is investigating the incident in cooperation with the Institutional Security Office and the Federal Police, says MoH has been asked for further details per the General Data Protection Regulation.

Selected Reading

EFF sues spyware maker DarkMatter for illegally hacking Saudi activist (TechCrunch) The Electronic Frontier Foundation (EFF) has filed a lawsuit against spyware maker DarkMatter, along with three former members of U.S. intelligence or military agencies, for allegedly hacking the iPhone of a prominent Saudi human rights activist. The lawsuit was filed on behalf of Loujain al-Hathl…

This old malware has just picked up some nasty new tricks (ZDNet) The crafty Qakbot trojan has added ransomware delivery to its malware building blocks.

New 'Karakurt' hacking group focuses on data theft and extortion (BleepingComputer) A sophisticated cybercrime group known as 'Karakurt' who has been quietly working from the shadows has had its tactics and procedures exposed by researchers who tracked recent cyberattacks conducted by the hackers.

Brazil health ministry website hit by hackers, vaccination data targeted (Reuters) Brazil's health ministry said its website was hit on Friday by a hacker attack that took several systems down, including one with information about the national immunization program and another used to issue digital vaccination certificates.

Brazilian Ministry of Health suffers cyberattack and COVID-19 vaccination data vanishes (ZDNet) Hackers claimed to have copied and deleted 50 TB worth of data from internal systems.

Swiss Minister’s Data Exposed After Buying Crypto, Paper Says (Bloomberg) Swiss federal councilor Alain Berset was the victim of a data breach that made his address, private email and home phone number public after a company he used to buy cryptocurrency was hacked, Swiss newspaper Le Matin Dimanche reported.

Opening of email attachment led to HSE cyber attack, report finds (The Irish Times) Ransomware attack could be repeated and HSE is taking steps to mitigate risk, says Reid

Irish health cyber-attack could have been even worse, report says (BBC News) A report found the attack on the healthcare system had "a far greater" impact than initially expected.

HSE cyber attack: How Russian criminals laid the bait that would ultimately bring the Irish health service to its knees (independent) The bait that would bring the Irish health service to its knees was secretly laid by an unscrupulous Russian criminal just before St Patrick’s Day.

Q&A: How did the HSE miss warning signs that could have prevented the cyberattack? (Irish Examiner) The PriceWaterhouseCooper report says concerns flagged by hospitals were not acted upon or reported to the gardaí

()