Cyberattack on the Health Service Executive (HSE)
Early last Friday, the HSE announced it had temporarily shut down IT systems, after it was targeted in a ransomware attack, causing major disruptions to health services across the country. Minister of State for eGovernment, Ossian Smyth described it as “possibly the most significant cybercrime attack ever encountered in the Irish state”.
“Wizard Spider” is an organised cybercrime group, thought to be part of a cartel. It has been reported that it is seeking a ransom of up to €20 million in cryptocurrency in a “for-profit” crime that is not motivated by espionage or terrorism.
What is a ransomware attack?
The target’s computer systems are broken into with malicious software known as malware or ransomware, and files and other data are encrypted and copied. A ransom is then demanded, to be paid in untraceable Bitcoin, in exchange for unlocking the encrypted files. If the ransom is not paid, the stolen data is published on ‘leak sites’.
Wall of shame
On its leak site, press releases are issued by Wizard Spider. These are designed to humiliate the companies they have attacked and are trying to extort, using tactics to publicly embarrass them. This includes a “wall of shame” on which companies are nominated for “clown of the month” and where they are taunted with insults.
What does this mean for the HSE and patients?
Wizard Spider have effectively abducted the digital assets of the HSE. They claim if €20 million is paid to them in Bitcoin, they will unlock the systems. If they are not paid, they will not undo the encryption and will seek to exploit the data they have stolen. This means they may share it online or sell it to other criminals. If personal and or sensitive health information is shared or sold, this could be used extort people whose data has been accessed.
The Financial Times (19.05.2021) reports that some personal health data has already been published online by Wizard Spider and this is of great concern. However, both the HSE and the Government have stated that no ransom will be paid.
The HSE has shut down its systems and brought in specialists to carefully search the entire network in search of malware. Malicious domain names will be blocked and data restored: a painstaking process that could take weeks or even months.
According to the Irish Times (19.05.2021), the “silver lining” in this unprecedented incident will be a much-needed modernisation of the State’s “archaic” IT systems and cybersecurity services.
Who is affected?
The extent of the disruption caused by the attack varies across hospitals and services, but an estimated around 17,000 appointments each day will be cancelled, until normal service resumes. Currently, many X-Ray appointments are cancelled, and there are delays with blood test results and issue of birth and death certificates.
The COVID -19 vaccination programme continues as planned.
Updates on the HSE website are made daily and patients are advised to keep an eye on this.
Most community health services such as disability, mental health, primary care and older people’s services are operating as normal.
Up-to-date information is available on the HSE website: https://www.hse.ie/eng/
