The Irish health service has taken down its IT system temporarily to protect it following a “significant” ransomware hack. Health and social care services are deeply impacted.
It's the latest in the ongoing threat of attack from ransomware, the term for malicious software that locks up sensitive data, bringing essential organizations to their knees until a ransom is paid.
The Effect of the Ransomware Attack
The Health Service Executive first noticed the attack early this Friday morning, immediately informing the National Cyber Security Centre (NCSC) and beginning its crisis response.
As a result, hospitals around the Republic of Ireland are being disrupted. Dublin's Rotunda Hospital has cancelled outpatients visits, citing a “critical emergency,” the BBC reports, while National Maternity Hospital in Dublin has announced a “significant disruption.” St Columcille's Hospital and Children's Health Ireland at Crumlin Hospital have also postponed and delayed appointments.
I have been in regular contact with @paulreiddublin this morning about this cyber attack on the @HSELive IT systems. We are working to ensure that the systems and the information is protected. COVID-19 testing and vaccinations are continuing as planned today.
— Stephen Donnelly (@DonnellyStephen) May 14, 2021
Thankfully, COVID-19 testing and vaccinations are continuing on schedule, according to a tweet from Minister for Health Stephen Donnelly. Still, the impact of this cyberattack is already serious due to the nature of the services being slowed.
How the Ransomware Works
While it's still too early for much clarity around the situation, the HSE chief executive has said the type of software used was Conti ransomware.
Conti first appeared in late 2019 and was responsible for 13% of ransomware incidents across 2020, according to Kaspersky. This type of software works on a “double extortion” model, both locking victims out of the network and its data while also stealing the data to be publically released if the ransom isn't paid.
Office macros are a common entry point. Hopefully Microsoft has software updates in the works to address this particular ransomware, as standard precautions like password managers and VPNs won't stop future attacks.
Ransomware Attacks Remain a Major Issue
It's reminiscent of a ransomware attack in the US from late last week, one which resulted in the multi-day shut down of Colonial Pipeline, the largest oil pipeline in the nation.
In that case, Colonial paid the roughly $5 million ransom in cryptocurrency just hours after the attack, but the hackers were slow to fix the issue anyway, as their decrypting tool turned out to be sluggish.
There's one difference between these two cases: The Colonial ransomware attack was carried by a group called DarkSide, which claims to never attack medical services or facilities, while the Conti group clearly doesn't have any moral qualms about it.
As businesses continue adapting new software and upgrading hardware, we'll continue seeing new types of malware attacks. Those operating in a flexible or entirely remote workforce will need the best remote access software available to cope. And, it seems, not even the medical industry is safe.