Ireland’s health service IT system has been shut down as a precautionary step, following a cyber attack today.
The Health Service Executive (HSE) believes the attack is by international lawbreakers trying to obtain money, although no need has actually yet been received.
HSE confirmed there had been “a substantial ransomware attack on the HSE IT systems” and it had actually shut down systems “to safeguard them from this attack and to allow us fully evaluate the circumstance with our own security partners.”
Irish health minister Stephen Donnelly stated the attack was having “a serious impact” on health and social care services, but emergency situation services and the National Ambulance Service were still in operation.
WHY IT MATTERS
Ransomware is a harmful software application that secures files on a computer system.
The attack has actually caused health services to momentarily go back to paper-based systems, resulting in hold-ups and cancellations to patient services.
Medical facilities impacted consist of the Rotunda Maternity Health Center and the National Maternity Health Center in Dublin, which have both reported significant disruption to services, as they are unable to gain access to electronic records.
The UL Hospitals group alerted of long delays for patients. In a statement on Twitter it stated it was “mainly operating manual back-up systems” and hold-ups would continue “until such time as client information, diagnostic reporting and other affected IT systems are safe and operational.”
COVID-19 vaccinations and tests will continue, however the registration website for vaccinations and testing recommendations system have actually bene closed down.
THE LARGER CONTEXT
The attack comes four years after the WannaCry infection attack, which affected more than 200,000 computer systems in 150 nations worldwide. It caused interruption to around 81 NHS trusts and more than 600 primary care organisations in England.
More just recently, the contracting out company behind NHS Test and Trace, Serco verified that parts of its facilities in mainland Europe had experienced a double extortion ransomware attack from cybercriminals.
In February, French insurance provider Mutuelle Nationale des Hospitaliers (MNH) suffered a ransomware attack that interrupted the company’s healthcare operations.
Last year, the Vastaamo treatment centre in Finland was targeted by who acquired medical records from patient treatment sessions.
Cybersecurity specialist, Saif Abed, establishing partner of AbedGraham, told Healthcare IT News the risk cyber-attacks position during mass vaccination programmes.
ON THE RECORD
The EU Firm for Cybersecurity (ENISA) said: “We strongly condemn this destructive behaviour in the midst of a health crisis. We are following the continuous circumstance and possible advancements closely with the authorities and at EU level with the CSIRTs Network.
” The health sector is considered as a susceptible sector to cyber incidents and crises. In the ENISA Risk Landscape report, it was found that more than 66%of health care organisations experienced a ransomware attack in 2019.
” In 2019, 45%of attacked organisations paid the ransom. The 45%of organisations that were assaulted and paid the ransom, half still lost their data.
” In relation to the COVID-19 pandemic, hospitals/labs/healthcare organisations have been prime targets for cybercrime related attacks. For example, hospitals in France and Czechia have been targeted.”
Brian Honan CEO of Dublin-based cybersecurity firm, BH Consulting, said: “Ransomware has over the past couple of years has quickly end up being a scourge that has impacted organisations all over the world. Wrongdoers have actually also intentionally targeted healthcare organisations during the pandemic as they are so critical in the fight against COVID19 High profile attacks like this, and certainly the attack against Colonial Pipeline, will ideally serve as a wakeup call to federal governments that cybercrime is a major risk to our society and method of live and needs to be dealt with accordingly.”
Robert Golloday, an EMEA and APAC director at cybersecurity company, Illusive, stated: “This attack versus HSE is the latest verification of how the professional-scale hack-for-ransom danger is spreading quickly. To name a few organizations, these groups are targeting medical facilities and other doctor, probably because of the value of the individual info their servers hold.”
George Daglas, primary operations officer at computer security service, Obrela Security Industries, stated: “Ransomware is an especially vicious risk because it is a double-extortion. Aggressors have the ability to leakage an organisations information, which likewise holds the organisation at ransom, putting the organisations and their customers, or in this case clients, in a very harmful position.”
The story was updated at 17.15 BST