At a glance.
- Ransomware attacks afflict Ireland's healthcare services.
Ireland’s HSE and Department of Health suffer unprecedented ransomware attacks.
Over the weekend, two of the Irish government’s health agencies were hit by massive cyberattacks that were carried out by a sophisticated group of international threat actors. On Friday, the Health Service Executive (HSE), Ireland’s publicly funded healthcare system, experienced a ransomware attack that forced the agency to shut down much of its IT system. DublinLive reports that the HSE learned of the attack in the wee hours of Friday morning and immediately moved to shut down its systems in order to prevent further damage. Because the zero day attack involves malware that has never before been encountered, the attackers were able to evade all antivirus protections and avoid detection. The Irish Times described the incident as the “biggest cybercrime attack seen in the State,” as thousands of appointments and services were disrupted and most elective procedures were postponed, resulting in disruptions that will likely last into the coming week.
Bleeping Computer notes that the threat group behind the attack has been identified as Conti, the same Russian-based cybercriminals that infiltrated the Scottish Environment Protection Agency last Christmas and later released 1.2 GB of stolen data. Conti’s modus operandi is to breach enterprise networks and acquire access to administrator credentials, using DLL injection techniques to deploy payloads. Though the attackers have requested a $20 million ransom in order to unlock the HSE systems, the Irish Prime Minister insists they will not be meeting the cybercriminals’ demands. “We’re very clear we will not be paying any ransom,” Taoiseach Micheál Martin stated. The attackers also claim they’ve stolen over 700GB of HSE data, including patient and employee data, contracts, and financial documents, and there’s a possibility a second ransom might be requested with the threat of releasing the sensitive data.
By Sunday, NewsTalk reports, the HSE had made some progress in restoring its IT systems. However, CEO of SmartTech247 Ronan Murphy stated that the attack was one of the most substantial of its kind: "It's very disruptive, it's very significant, and I think the fallout from it is going to be quite profound.” In their official statement, Ireland’s Department of the Environment, Climate and Communications stated that Minister Eamon Ryan and Minister of State Ossian Smyth will be working with the National Cyber Security Centre (NCSC) and HSE officials on an investigation.
As early as Friday, Minister of State at the Department of Public Expenditure and Reform Ossian Smyth stated that issues had been also detected at Ireland’s Department of Health, and indeed on Sunday the Irish Times confirmed that the department had been hit by a similar ransomware attack likely carried out by the same threat group. The Department of the Environment, Climate, and Communications stated, “The Department of Health has implemented its response plan including the suspension of some functions of its IT system as a precautionary measure...There are indications that this was a ransomware attack similar to that which has affected the HSE.” The incident is being investigated by the NCSC in conjunction with the Garda police force and Europol.