[BreachExchange] Ireland’s health service hit by 'significant ransomware attack'

Mon May 17 10:43:14 EDT 2021

https://www.healthcareitnews.com/news/emea/ireland-s-health-service-hit-significant-ransomware-attack

Ireland’s health service IT system has been shut down as a precautionary
measure, following a cyber attack today.

The Health Service Executive (HSE) believes the attack is by international
criminals attempting to extort money, although no demand has yet been
received.

HSE confirmed there had been “a significant ransomware attack on the HSE IT
systems” and it had closed down systems “to protect them from this attack
and to allow us fully assess the situation with our own security partners.”

Irish health minister Stephen Donnelly said the attack was having “a severe
impact” on health and social care services, but emergency services and the
National Ambulance Service were still in operation.

WHY IT MATTERS

Ransomware is a malicious software that encrypts files on a computer system.

The attack has caused health services to temporarily return to paper-based
systems, leading to delays and cancellations to patient services.

Hospitals affected include the Rotunda Maternity Hospital and the National
Maternity Hospital in Dublin, which have both reported significant
disruption to services, as they are unable to access electronic records.

The UL Hospitals group warned of long delays for patients. In a statement
on Twitter it said it was “largely operating manual back-up systems” and
delays would continue “until such time as patient information, diagnostic
reporting and other affected IT systems are secure and operational.”

COVID-19 vaccinations and tests will continue, but the registration portal
for vaccinations and testing referrals system have bene shut down.

THE LARGER CONTEXT

The attack comes four years after the WannaCry virus attack, which affected
more than 200,000 computers in 150 countries worldwide. It caused
disruption to around 81 NHS trusts and more than 600 primary care
organisations in England.

More recently, the outsourcing firm behind NHS Test and Trace, Serco
confirmed that parts of its infrastructure in mainland Europe had
experienced a double extortion ransomware attack from cybercriminals.

In February, French insurance company Mutuelle Nationale des Hospitaliers
(MNH) suffered a ransomware attack that disrupted the company's healthcare
operations.

Last year, the Vastaamo therapy centre in Finland was targeted by who
obtained medical records from patient therapy sessions.

Cybersecurity expert, Saif Abed, founding partner of AbedGraham, told
Healthcare IT News the threat cyber-attacks pose during mass vaccination
programmes.

The EU Agency for Cybersecurity (ENISA) said: “We firmly condemn this
malicious behaviour in the midst of a health crisis. We are following the
ongoing situation and possible developments closely with the authorities
and at EU level with the CSIRTs Network.

“The health sector is regarded as a vulnerable sector to cyber incidents
and crises. In the ENISA Threat Landscape report, it was found that more
than 66% of healthcare organisations experienced a ransomware attack in
2019.

“In 2019, 45% of attacked organisations paid the ransom. The 45% of
organisations that were attacked and paid the ransom, half still lost their
data.

“In relation to the COVID-19 pandemic, hospitals/labs/healthcare
organisations have been prime targets for cybercrime related attacks. For
example, hospitals in France and Czechia have been targeted.”

Brian Honan CEO of Dublin-based cybersecurity firm, BH Consulting, said:
“Ransomware has over the past few years has rapidly become a scourge that
has impacted organisations all over the globe. Criminals have also
deliberately targeted healthcare organisations during the pandemic as they
are so critical in the fight against COVID19. High profile attacks like
this, and indeed the attack against Colonial Pipeline, will hopefully serve
as a wakeup call to governments that cybercrime is a serious threat to our
society and way of live and needs to be dealt with accordingly.”

Robert Golloday, an EMEA and APAC director at cybersecurity firm, Illusive,
said: "This attack against HSE is the latest confirmation of how the
professional-scale hack-for-ransom threat is spreading rapidly. Among other
institutions, these groups are targeting hospitals and other healthcare
providers, most likely because of the value of the personal information
their servers hold.”

George Daglas, chief operations officer at computer security service,
Obrela Security Industries, said: "Ransomware is a particularly vicious
threat because it is a double-extortion. Attackers are able to leak an
organisations data, which also holds the organisation at ransom, putting
the organisations and their customers, or in this case patients, in a very
dangerous position.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210517/b608d10d/attachment.html>