Ireland healthcare system paralysed as hackers conduct cyber crime against state amid ransom demand

Ireland’s healthcare system is currently paralysed with hospital appointments cancelled and Covid-19 testing disrupted as hackers carried out what could be the most significant cyber crime in the history of the state.

The country’s health service operator was forced to shut down all its IT systems on Friday to protect them from the crippling ransomware attack. 

An international cyber crime gang was behind the attack on the Health Service Executive (HSE), Ireland’s minister responsible for e-government said, as officials are still waiting for the ransom demand.   

Ireland’s COVID-19 vaccination programme was not directly affected, but the attack was affecting IT systems serving all other local and national health provision, the head of the HSE said. 

Minister Ossian Smyth has described the cyber attack as ‘possibly the most significant cyber crime attack on the Irish state’. 

He told national broadcaster RTE that the hack ‘goes right to the core of the HSE’s system’, but said it is ‘not espionage’. 

‘It was an international attack, but these are cyber criminal gangs, looking for money,’ Mr Smyth said.

‘What they’re attempting to do is to encrypt and lock away our data, and then to try to ransom it back to us for money.’

The HSE has not yet received a ransom demand, officials said. The gang exploited a previously unknown vulnerability, a so-called ‘zero-day’ attack because the software maker has had zero days’ notice to fix the hole. 

It shut down the system as a precaution after discovering the attack in the early hours of Friday morning and will seek to gradually reopen the network over the course of the weekend or possibly longer, Smyth said.  

The hack comes just one week after a fuel network in the US had to shut down its systems until a $5million ransom was reportedly paid. 

In Ireland, the cyber attack was largely affecting information stored on central servers and officials said they were not aware that any patient data had been compromised. 

Hospital equipment was not impacted, with the exception of radiography services.  

‘More services are working than not today,’ the HSE’s Chief Operations Officer Anne O’Connor told RTE.

‘However, if this continues to Monday, we will be in a very serious situation and will be cancelling many services. At this moment, we can’t access lists of people scheduled for appointments on Monday so we don’t even know who to cancel.’  

While scheduled COVID-19 tests will go ahead as planned on Friday, the HSE said its referrals system was down, meaning anyone else requiring a test must attend walk-in sites which are currently operating in just over half of Ireland’s 26 counties.

It was also unable to take new vaccine appointments but did not expect that to delay the rollout given the lag between registration and the administering of the jab. 

The Rotunda maternity hospital in Dublin cancelled all outpatients on Friday other than those for women who are at least 36 weeks pregnant or in need of urgent care ‘due to a serious IT issue’. 

Routine appointments were also cancelled in some but not all other hospitals.   

Hospital chief at Rotunda hospital, Fergal Malone, said the attack had targeted computers storing patient records.

But he reassured the public that ‘there’s no problem for patient safety and life-saving equipment has not been affected. 

He added that the hospital has switched to backup paper records. ‘But obviously throughput will be much slower,’ he told RTE while urging out-patients with routine appointments to stay away.    

The state’s child and family agency, Tusla, said its IT systems, including the portal through which child protection referrals are made, are not currently operating.

At Cork University Hospital, the largest in Ireland’s second city, staff arrived to find IT systems paralysed, with all computers switched off.

‘Our main concern is patient safety and results that might be outstanding, laboratory data that needs to be available to manage patient care today. It’s very distressing for patients,’ Medical Oncologist Seamus O’Reilly told RTE. 

HSE chief executive Paul Reid said the attack in Ireland was ‘an internationally operated criminal operation’, and the authority was working with police, the army and its major IT security providers.

‘We are at the very early stages of fully understanding the threat,’ he told Irish broadcaster RTE, adding it was trying to ‘contain’ the issue. 

The HSE said the attack was an adaptation of ransomware known as ‘Conti’, in which hackers have already compromised a computer system and lie low until springing their trap. 

‘We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us (to) fully assess the situation with our own security partners,’ the Health Service Executive (HSE) said on Friday.

 ‘We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available,’ it added, stressing Ireland’s coronavirus vaccination programme was unaffected and ‘going ahead as planned’.

Ireland’s ambulance service is also ‘operating as per normal with no impact on emergency ambulance call handling and dispatch nationally’, the HSE added.

And Irish premier Micheal Martin was pressing ahead with a visit Friday to Britain to meet Prime Minister Boris Johnson amid tensions over Brexit, aides said.

Liz Canavan, a top official in Martin’s office, said the outage was also affecting child protection services, which are hosted on HSE servers.

But at a televised Covid-19 briefing, she stressed: ‘Emergency departments are operating as normal and if you need to attend a hospital, please do so.’

Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups. Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.

They differ from a data breach or other types of hacking, which may steal large batches of customer data or other information from companies or individuals. 

Another ransomware attack last Friday forced the shutdown of the United States’ largest fuel distribution system, leading to some panic buying at gasoline stations along the east coast.

Moscow has rejected US accusations that a Russia-based group was behind the cyberattack.  

Last October, it emerged that the then-CEO of Finnish company Vastaamo had covered up a data breach that exposed the confidential treatment records of tens of thousands of psychotherapy patients.

Many patients reported receiving emails with a demand for 200 euros ($240) in bitcoin to prevent the contents of their discussions with therapists being made public.

In 2017, the United States and Britain blamed North Korea for the ‘WannaCry’ ransomware attack that infected some 300,000 computers in 150 countries, including one-third of British hospitals.

This week, British Foreign Secretary Dominic Raab called for a global effort to counter online threats as he slammed countries including Russia, China, Iran and North Korea over cyberattacks.

Authoritarian states ‘are the industrial-scale vandals of the 21st century’, he said in a speech.

‘They want to undermine the very foundations of our democracy,’ Raab added, as Britain prepares to host a G7 summit next month.