Ransomware attack disrupts Irish health services

 Ireland’s health care system was hit by a major ransomware attack on Friday, forcing its health service to shut down its IT systems and locking many hospitals out of their computers, in what one government minister said was possibly the most serious cyber attack in the country’s history. The ransomware attack began overnight, targeting Ireland’s Health Service Executive which said it had decided to shut down most of its IT systems as a precaution. Many hospitals and clinics reported on Friday they had lost access to their computer systems — suddenly shut out of patients’ records, appointment booking and email systems — prompting some to cancel most non-urgent appointments.

Ireland’s COVID-19 vaccination programme was not directly affected, but the attack was affecting IT systems serving all other local and national health provision, the head of the Health Service Executive (HSE) said.

The HSE’s chief described the attack as “very sophisticated.” Officials said the gang exploited a previously unknown vulnerability, known as a ‘zero-day’ attack because the software maker has zero days’ notice to fix the hole. Authorities shut down the system as a precaution after discovering the attack in the early hours of Friday morning and will seek to gradually reopen the network, although that will take “some days”, Martin said.

Several hospitals cancelled outpatient visits or urged patients with appointments not to attend. The Rotunda, a Dublin maternity hospital, said it was experiencing a “critical emergency” and cancelled all outpatients visits except for women who were more than 35 weeks pregnant. The oncology department at Cork university hospital was reportedly paralysed. The child and family agency Tusla said its IT systems, including email, internal systems and the portal through which child protection referrals are made, were not working.

Chief of the Rotunda Hospital and a senior HSE bod told the local Irish press that the HSE apologises for the inconvenience to patients and to the public due to abrupt obstruction in medical services. Paul Reid, HSE chief exec, told Ireland’s Newstalk FM radio station that the “human-operated” ransomware appeared to be the Conti strain. University of South Florida, US cited the VMware Carbon Black Threat Analysis Unit as describing the Conti ransomware “controlled by an adversary rather than executed automatically.” It said, Conti “human operators” breach a network and laterally progress to gain the domain access and admin credentials for admin privileges. All COVID-19 vaccinations, as a security measure, were taken offline in Ireland. HSE’s chief executive, Paul Reid, told RTE Radio 1 that the ransomware “is very sophisticated”, and has the potential of compromising “all of national systems” involved in core services. 

The state’s child and family agency, Tusla, said its IT systems, including the portal through which child protection referrals are made, are not currently operating.

At Cork University Hospital, the largest in Ireland’s second city, staff arrived to find IT systems paralysed, with all computers switched off.

“Our main concern is patient safety and results that might be outstanding, laboratory data that needs to be available to manage patient care today. It’s very distressing for patients,” Medical Oncologist Seamus O’Reilly told RTE.