Hospitals cancel outpatient consultations as Irish health service struck by ransomware

Ireland’s nationalised health service has shut down its IT systems following a “human-operated” Conti ransomware attack, causing a Dublin hospital to cancel outpatient consultations.

The nation’s Health Service Executive closed its systems down as a preventative measure, local reports from the Irish civil service broadcaster RTÉ stated, reporting that Dublin’s Rotunda Health center had actually cancelled appointments for outpatients– consisting of lots of for pregnant ladies.

” The maternity hospital said all outpatient sees are cancelled – unless expectant mothers are 36 weeks pregnant or later,” reported RTÉ, including: “All gynaecology centers are likewise cancelled today.”

Ireland’s National Maternity Health center, likewise in Dublin, was similarly impacted.

There is a substantial ransomware attack on the HSE IT systems. We have taken the precaution of closing down all our IT systems in order to safeguard them from this attack and to permit us fully evaluate the scenario with our own security partners.

— HSE Ireland (@HSELive) May 14, 2021

Fergal Malone, chief of the Rotunda Healthcare facility and a senior HSE bod, said: “There has been a considerable ransomware attack on the HSE IT systems.

Paul Reid, HSE chief officer, informed Ireland’s Newstalk FM radio station that the ransomware was “human-operated” and seemed the Conti stress:

Paul Reid says the significant ransomware attack targeting the HSE is “quite sophisticated”, while the COVID-19 vaccination program isn’t impacted as it’s on a different system. @NTBreakfast

— NewstalkFM (@NewstalkFM) May 14, 2021

” We have been the subject of a major ransomware attack … it’s what’s called a Conti human-operated attack to get access to data,” Reid told the radio station.

He included a separate interview that the Irish Defence Forces’ cybersecurity personnel were helping with the response. So far no ransom need has actually been divulged by the HSE and absolutely nothing associated to HSE has actually appeared on Conti’s Tor leaks blog.

Conti deployed by WizardSpider team

Conti formerly targeted the Scottish Environmental Protection Agency, though that January attack left the wrongdoers empty-handed after SEPA wisely chose not to pay The very same bad guys were behind the compromise of British clothes seller Fatface, successfully taking individual information and payment card information at the same time.

William Thomas, a researcher from infosec company Cyjax, informed The Register: “Conti is a human-operated ransomware stress linked to a cybercriminal gang tracked by the personal market as WizardSpider. It has actually leaked the highest number of victims to its darknet wall of shame, at 339 by my count.

Its connections to Ryuk ransomware are likewise considerable as it has also gone after medical facilities in the United States and France.

Crowdstrike’s summary of WizardSpider pegs the gang as being “Russia-based” and mainly “opportunistic” in its targeting. The lawbreakers’ activity was “sporadic throughout the very first half of 2020” but increased after they began using Conti, with Crowdstrike stating: “Conti victims cover numerous sectors and locations, the huge majority of which are based in North America and Europe.”

Sophos reckons the Conti malware deploys through the (ab) use of Cobalt Strike, with the business’s detailed analysis highlighting that Conti’s operators utilize the double-extortion ransomware business design: secure the target network after exfiltrating data and demand a ransom both for the decryption utility and to “prevent” publication of the data. Certainly nobody can ensure that wrongdoers stay with their promises.

Reg reader Pat hypothesized to us that the ransomware had not reached every part of the HSE’s IT estate: “The HSE vaccination IT system seems to utilize Salesforce, from looking at the headers of my registration email, so maybe that’s why report are stating that is unaffected.”

Ransomware attacks on health care organisations have slowly become the norm. As the COVID-19 pandemic took hold worldwide in March 2020 a handful of popular extortionist gangs promised not to attack healthcare facilities and medical research study institutes.

This lasted all of six months as criminal gangs, mostly based in Russian-speaking countries, understood that healthcare organisations were more likely to pay ransoms instantly than other sectors that might cope without their IT systems for days or weeks at a time. ®

Find Out More

Post Author: Izabella Jaworska

Izabella Jaworska 56 Southend Avenue BLACKHEATH IP19 7ZU 070 7077 0588