Irish health service shuts down major IT systems amid ransomware attack

The attack, which was discovered during the night, has struck the Irish health service’s national and local systems.

The HSE wrote on Twitter that it was temporarily shutting down many of its major systems as a precautionary measure. Affected systems include those used to manage GP surgeries, referrals for Covid-19 testing, and making child protection referrals to the national child and family agency.

However, Ireland’s Covid-19 vaccination programme has not been affected: people have been instructed to continue to book and attend appointments. Life-saving equipment, such as that used in intensive care units, continues to function as normal, as do all emergency services, GP systems and pharmacy systems.

There are “major problems” relating to services for radiology, radiation oncology, elective surgeries, and obstetrics and gynaecology appointments. Some paper-based record-keeping will be used while systems are unavailable.

HSE CEO Paul Reid said that people with outpatient appointments should still attend unless or until they hear otherwise, describing the precautionary action as “more or less IT systems and transferring information across networks”.

Professor Fergal Malone, the Master of Dublin’s Rotunda Hospital, asked women not to attend appointments there scheduled for Friday unless they are beyond 36 weeks pregnancy or experiencing an emergency. The National Maternity Hospital on Holles Street warned of “significant disruption” due to the attack, but wrote in a tweet that patients should continue to attend appointments as usual.

“We have been the subject of a very significant, major ransomware attack,” said Reid. “It’s a very sophisticated attack. It is impacting all of our national and local systems that would be involved in all of our core services. We did become aware of it during the night and have been acting on it straight away. The immediate priority is obviously to contain this.”

Addressing RTE’s Morning Ireland, he specified that the HSE was the target of a “human operated” ransomware attack. He said that no ransom demands have yet been received and that as the day progressed HSE would get greater clarity on the issue, its impacts and how to move forward from the attack.

The HSE is being supported by national cyber-security teams, including the Gardai (Eire's police force), the defence forces and third-party support teams. The Tanaiste, Leo Varadkar, blamed “international criminals” for the attack.

Varadkar said the attack could affect systems throughout the weekend and into next week: “It’s coming at a time when the health service is extremely busy doing lots of other things. It’s going to be a very difficult time for the health service. I spoke to the HSE this morning and also Eamon Ryan, the minister responsible for cyber security. It is a situation that’s still evolving.

“There’s lots we don’t know, but it appears to be a ransomware attack by international criminals. The problem could run through the weekend and into next week, unfortunately.”

Brooks Wallace of Deep Instinct commented: “Sadly, the higher the criticality and business or human impact an attack has, the more likely the victim is to pay. Healthcare organisations are at the top of the human impact chain, but they are also very vulnerable to cyber-attacks as they often don’t have significant IT security budgets to invest in the most comprehensive protection capabilities”

“The consequences of these attacks can impact healthcare workers and their patients who need treatments. These attacks can cause delays to the encrypted machines, cause the medical equipment healthcare workers use to stop working, and make potential lifesaving equipment inaccessible.”

Steve Bradford, a senior vice-president at SailPoint, added: “Outdated IT systems stand little chance against these attacks, which are becoming increasingly sophisticated in nature. A simple click on a link or web pop-up is enough to let the hackers in and bring everything to a standstill. Organisations must implement multiple security controls, enlisting the help of technologies such as AI which can help identify vulnerabilities. This is critical to reduce the risk or ransomware and other malicious malware threats.”

Blame for the May 2017 WannaCry attack, which affected NHS services and other organisations around the world, was pinned on North Korean hackers.