At a glance.
- Investigation reveals cause of HSE cyberattack.
- Brazilian health ministry suffers ransomware attack.
Investigation reveals cause of HSE cyberattack.
In the wake of the massive cyberattack on Ireland’s Health Service Executive (HSE) earlier this year, a report commissioned by HSE from PricewaterhouseCoopers has revealed the breach stemmed from a malicious Microsoft Excel file attached to a phishing email. The Irish Times reports that although the attachment was opened by an HSE staffer in March, the malware was allowed to slowly infect the HSE systems for two months before the system was fully hijacked in May, with little to no action taken in the interim, despite a number of system alerts. The Irish Examiner details the many warning signs that went unheeded due to flaws in the HSE’s security monitoring systems and a general lack of awareness on the part of security staff, which is composed of only fifteen employees. The Independent adds that, when asked if earlier detection could have prevented the attack, HSE chief executive Paul Reid responded, “the simple thing to say is we did not have the significant response to the alert that we could have. It’s impossible to say if we could have killed it all but it was a risk that we did not address to the significant level that it should have been.” The investigation labeled the HSE’s dispersed IT system as “frail” and recommended a multi-year investment program to improve the service’s cybersecurity. Reid says an extra €100 million has been allocated to the issue over the next year. BBC News notes a small silver lining, as the report shows no data was destroyed, nor were any COVID-19 vaccination systems or medical devices attacked.
Brazilian health ministry suffers ransomware attack.
When it comes to COVID-19 data, ZDNet reports that the Brazilian Ministry of Health (MoH) was not as fortunate. The ministry has confirmed a ransomware attack has shut down several of its systems, including one linked to the national immunization program and another used for issuing digital vaccination certificates. Ransomware gang Lapsus$ Group has taken credit for the attack, claiming that they exfiltrated and deleted 50TB of data, and demanding that MoH "contact us if you want the data back." Brazilian health minister Marcelo Queiroga says that fortunately the ministry has backups of the allegedly stolen data. Reuters notes that the timing is less than ideal, as a new measure requiring unvaccinated travelers to Brazil to be quarantined and tested for COVID-19 will have to be postponed for a week as a result of the attack. The National Data Protection Authority (ANPD), which is investigating the incident in cooperation with the Institutional Security Office and the Federal Police, says MoH has been asked for further details per the General Data Protection Regulation.