Irish health service shuts down IT systems after 'sophisticated' ransomware attack
LONDON — Ireland’s health service shut down its computer systems on Friday after being hit with a “sophisticated” ransomware attack.
The Irish Health Service Executive (HSE) said there was a “significant ransomware attack” on its IT systems, without commenting further on specifics.
“We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us (to) fully assess the situation with our own security partners,” the HSE said in a tweet Friday.
“We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available.”
Ireland’s vaccination program has not been affected and appointments will go ahead as planned, however the registration portal has been taken offline. Doctors also can’t refer people for Covid-19 tests, so patients have been told to into walk-in testing centers. HSE said its ambulance service was operating normally.
Dublin’s Rotunda Hospital, a maternity hospital, said all outpatient visits for Friday had been cancelled, with the exception of women who are 36 weeks pregnant or later. All gynaecology clinics are cancelled.
“It’s very sophisticated,” Paul Reid, HSE’s chief executive, told RTE Radio 1. “It is impacting all of our national and indeed local systems that would be involved in all of our core services.”
“We did become aware of it during the night and we’ve been obviously acting on it straight away. The major priority is obviously to contain this. But it is what we would call a human operated ransomware attack where they would seek to get access to data.”
Ransomware is a type of malicious software that’s designed to block access to a computer system. Hackers demand a ransom payment — typically cryptocurrency — in return for restoring access.
In 2017, the U.K.’s National Health Service was one of many organizations hit by a malware known as WannaCry.
Peter Carthew, director of public sector U.K. and Ireland at security firm Proofpoint, said health care organizations are “high value targets for ransomware attacks.”
“They would have the highest motivation to pay up to restore systems quickly,” Carthew said via email.
“Given the nature of the industry, healthcare personnel are often severely time constrained, leading them to click, download, and rapidly handle email, while possibly falling victim to carefully-crafted social engineering based email attacks,” he added.
The news follows a major cyberattack on Colonial Pipeline in the U.S. which crippled gas delivery systems in Southeastern states. Colonial restarted operations Wednesday afternoon but said the delivery schedule wouldn’t return to normal for several days. The firm paid a $5 million ransom to hackers.
The attack was believed to have been perpetrated by the hacker group DarkSide. DarkSide is a relatively new group, but cybersecurity analysts believe they are dangerous. The group claimed on Wednesday to have attacked three more companies, despite the global outcry over its attack on Colonial.
HSE wasn’t the only organization to announce on Friday that it had been hit by a ransomware attack.
Toshiba Tec, a division of Japanese tech conglomerate Toshiba, said that its European business was the victim of a ransomware attack on May 4, according to Reuters. The company said the attack came from DarkSide.
– CNBC’s Sam Shead and Eamon Javers contributed to this report.