Ireland’s health service hit by ‘significant’ ransomware attack

(DUBLIN) — Ireland’s health care system was hit by a major ransomware attack on Friday, forcing its health service to shut down its IT systems, which affected some hospitals.

Ireland’s Health Service executive said it had taken many of its major IT systems offline as a precaution and that it was still investigating the full impact of the attack, which it described as “significant.”

At least two major maternity hospitals said their computer systems were significantly affected and one, the Rotunda hospital in Dublin, canceled most non-emergency appointments. The hospitals said they had contingencies in place and that medical equipment was not impacted and care was being given as normal.

The health service said Ireland’s coronavirus vaccinations program was also unaffected by the attack.

“It’s quite a significant one, quite a serious one. We’ve taken a precautionary measure to shut down a lot of our major systems to protect them,” Paul Reid, the head of the Health Service Executive, said in a radio interview with the national broadcaster RTE.

The attack is unsettling for Ireland amid the coronavirus pandemic and it comes amid heightened attention to the threat posed by ransomware attacks following the hack of the Colonial pipeline in the United States that has wrought havoc on fuel supplies for a week.

The Irish health service said it had shut down its IT systems while specialists assessed the extent of the attack and the threat it posed. Reid said the health service had requested help from Ireland’s national cybersecurity advisory team and the police and military were also assisting.

“We are at the very early stages of fully understanding the threat, the impact and trying to contain,” Reid said.

Fergal Malone, the head of the Rotunda maternity hospital, said it had had to shut down its computer systems after learning they were affected overnight. That meant the hospital had had to revert to paper systems for administration, he said, which were much slower and therefore it had canceled non-urgent appointments, except for women over 36 weeks pregnant.

But for the hospital itself, he said it was able to function “absolutely normally,” and there was no effect on patients already there.

“All patients in the hospital are safe, all care is being provided,” Malone said.

Ireland’s National Maternity hospital said it had also been significantly affected but said that for now, patients with appointments should still come.

The health service did not say what ransomware was used in the attack or who was behind it, but Malone told RTE that it appeared the attack involved “Conti ransomware.”

“We discovered during the night that we were the victim of what’s called a ‘Conti ransomware attack’, Malone told RTE radio.

Conti ransomware is well-known to cyber researchers and was listed by the Russian cybersecurity firm, Kaspersky, as number two on its list of top ransomware groups.

Conti is a so-called “double extortion” ransomware, which means that as well as locking victims out of their systems, the malware also steals data, which the criminals then threaten to release if they are not paid. According to Kaspersky, Conti accounted for 13% of all ransomware attacks from late 2019 through 2020. Some security researchers have linked Conti to a well-known cyber criminal gang believed to operate from Russia.

Last month it emerged Conti ransomware hackers had encrypted the systems of the Broward County Public School District in Florida and demanded $40 million in ransom. The hackers released some files after the school said it would not pay the amount.

Copyright © 2021, ABC Audio. All rights reserved.