Health IT services in the Republic of Ireland have remained switched off following a “significant ransomware attack”.
The Health Service Executive, which provides public health and social care services to everyone living in Ireland, tweeted on 14 May to say it had shut down all of its IT systems as a “precaution” and to “protect” health systems from the attack.
On May 16, EHealth Ireland tweeted an update to say “HSE IT Teams are working to map out what systems can be brought back online in a safe way”.
Update: HSE IT Teams are working to map out what systems can be brought back online in a safe way. Progress is being made on the foundational HSE IT infrastructure. This will take time. Please continue to leave all your systems switched off until further notice @HSELive
— EHealth Ireland (@eHealthIreland) May 16, 2021
HSE have confirmed that vaccinations would not be affected and would go ahead “as planned” while another confirmed that Ireland’s National Ambulance Service is operating as normal. It has also told staff not to turn on their work PC or laptop.
There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.
— HSE Ireland (@HSELive) May 14, 2021
An update, published by the Irish National Cyber Security Centre (NCSC) on May 16, said it was first “made aware of potential suspicious activity” on Ireland’s Department of Health (DoH) network on May 13.
“Preliminary investigations indicated suspected presence of cobalt strike Beacon, which is a remote access tool,” the update adds.
“Cobalt strike is often used by malicious actors in order to move laterally within an environment prior to execution of a ransomware payload.”
The update adds that at 7am on 14 May “the NCSC was made aware of a significant incident affecting HSE systems” and “initial reports indicated a human-operated ‘Conti’ ransomware attack that had severely disabled a number of systems”.
NHS Digital defines Conti as a “an advanced ransomware tool that uses a unique encryption routine to identify and encrypt files incredibly quickly” and can affect all types of Microsoft Window versions.
Also on May 14, “malicious cyber activity” detected on Ireland’s DoH network, however “due to a combination of anti-virus software and the deployment of tools during the investigation process an attempt to execute ransomware was detected and stopped”.
This led to HSE making the decision to shut down all its IT systems as a precaution.
“There are serious impacts to health operations and some non-emergency procedures are being postponed as hospitals implement their business continuity plans,” NCSC’s update adds.
HSE has set up a page which provides updates to services and appointments including Covid-19 vaccination appointments.
“Most healthcare appointments will go ahead as planned but x-ray appointments are severely affected,” the page states.
17 May 2021 @ 10:39
The challenge to all healthcare organisations is not from the devices they control but from the ones they don’t.
Each healthcare organisation will have a significant amount of IoT and medical devices that IT can’t install any security agents or antivirus/malware – and quite often these devices are also running out of date and vulnerable operating systems, devices such as CT scanners, analysers to medical workstations, the list goes on.
Despite the positive steps taken since Wannacry these devices are not controlled by hospital IT but rather their manufacturers who are very slow to respond (if at all) meaning medical and IoT devices are often completely exposed and easy for a threat actor to compromise as seen before with Wannacry and unfortunately with HSE.
There was a webinar (which can be viewed again) from Digital Health on this exact subject
https://www.digitalhealth.net/events/protecting-medical-devices-from-cyber-attacks/
14 May 2021 @ 17:02
How can this be the case again, did the HSE not learn anything from ‘last time’.
I am sure a certain (now UK) CIO who used to be at the HSE claimed that they had successfully created protection from cyber crime for the future by learning clear lessons from Wanna Cry.
When do health systems learn that if they want to have IT as a back bone then IT needs to be invested in.