The Irish National(HSE) has been forced to shut off its IT systems following a major ransomware attack. At the same time, it triages and investigates the scale of the incident, causing significant and unavoidable disruption to patient services across Ireland, although appointments are operating normally.
In a statement, the HSE said: “There is a significanton the HSE IT systems. We have taken the precaution of shutting down all our IT systems to protect them from this attack and to allow us assess the situation.”
The services chief executive Paul Reid told RTÉ’sthat the attack was severe and significant. The HSE is working alongside Ireland’s , the Garda, and security partners on the initial investigation.
“We do apologize for the impact that it’s had, but we are at the veryof fully understanding the threat, the impact, and trying to contain [it],” said Reid.
At the time of writing, the strain of ransomware involved in the incident had not been disclosed, and nor has the HSE given any indication that it has entered intowith those responsible.
Steve Forbes said that if there had been any doubt that malicious actors were escalating their attacks on critical national infrastructure (CNI), the past few days have proved it twice over. “National healthcare , which will make this ransomware attack even more devastating,” he said.
“That fact will not be lost on the hackers –and the Irish health care system both demonstrate that criminal groups are choosing targets that will have the greatest impact on governments and the public, regardless of the collateral damage, to apply the most leverage. It is an increasingly alarming pattern of criminal behavior.”
CISO Ben Carr said the innate characteristics of healthcare organizations make them uniquely vulnerable to such attacks. “Ransomware will continue to impact the , where bad actors have concluded that the threat to life makes this sector more likely to pay,” he said.
“Ransomware has, and this is also because there is an increasing perception that bad actors will get paid when systems can’t be allowed to go down.”
The HSE had previously been warned over its cyber security posture after it was reported at the end of 2020 that thousands of its computers.
According to RTÉ, the health service spent over €1m in 2020 on Microsoft’sprogram to protect its Windows 7 estate.
As of the end of 2020, it allegedly had about 37,000 systems running on the old operating system, for which Microsoft ceased support. The HSE said the pandemic had heavily impacted its migration to 10.