Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Shahid Jamil

HSE ransomware attack: Healthcare disruption could 'mount' in days and weeks ahead

A former Chief Information Officer for the HSE said that it is difficult to keep healthcare security systems up-to-date from cyber attacks.

LAST UPDATE | 18 May 2021

THE HSE IS continuing to grapple with the fallout of a ransomware attack on its IT systems, and is bringing as many computer services back online without compromising security or private data.

It’s unclear what exact amount has been sought by the hackers, but numerous Government ministers – including Justice Minister Heather Humphreys this morning – have said that a ransom will not be paid, in line with State policy.

Officially, the Government and HSE have not confirmed what information the hackers have gained access to; it could be patient, staff or administrative data that was compromised.

HSE payroll, and PPS numbers

Senior sources told The Journal that the private, personal information belonging to potentially tens of thousands of Irish people could be packaged up and sold off on the darkweb to the highest bidder unless some form of deal is brokered with the hackers.

If this were the case, access could be gained to PAYE records and Revenue services. A source said: “In an ideal world, we’d all get new online identifications and PPS numbers.”

Since the HSE was made aware of the attack on Friday, around 85,000 computers have been turned off as a precaution, and 2,000 different IT systems are being cleared and assessed one-by-one by cyber security teams.

The HSE’s Chief Clinical Officer Colm Henry told RTÉ’s Morning Ireland that progress continued to be made to bring hospital services back, and that voluntary hospitals may be able to resume diagnostic imaging shortly.

The ordering of tests, the visualization of images,the comparing of results and the conveying of those results is completely linked to IT… It’s not the same as before.

He said that the HSE had “no choice” but to close down systems that were corrupted, so that they wouldn’t corrupt other systems. HSE staff are due to be paid on Thursday; Dr Henry said it’s hoped that a contingency plan will ensure staff are paid on time.

Speaking to RTÉ’s News at One, Health Minister Stephen Donnelly said that a number of HSE staff are due to be paid this Thursday. However, the payroll system is currently down. 

“At the moment [the pay system] is not operating. My understanding is that there would be a payment this Thursday but I know it’s an absolute top priority for the HSE to make sure that those payments go through,” Donnelly said. 

Services affected

The services that have been most impacted by the security response to the cyber attack are: radiology (X-ray, MRI and CT scans), paediatric services, maternity services, and outpatient appointments in hospitals located in the west.

As the voluntary hospitals are on a separate IT system to the HSE, they have been less severely impacted than other hospitals, and may return to normal service faster.

“There is some sign of hope with some of the bigger voluntary hospitals, but this will take a considerable period of time and there will be undoubtedly disruption that will mount in the coming days and weeks,” Dr Henry said.

The Covid-19 vaccination programme and testing regime is largely unaffected, as it’s a newer, separate IT system. But there are some issues with GP referrals, and Covid-19 test results may have to be received by a phonecall or mail, rather than by email.

The political fallout from the ransomware attack is also continuing: the Joint Committee on Transport and Communications Networks will meet with the National Cyber Security Centre in private session from 9.30am today.

This cyber attack, along with the housing crisis, are expected to dominate Cabinet discussions today, where Covid-19 related issues have been left to one side.

Healthcare systems are hard to protect

Richard Corbridge, who was the HSE’s Chief Information Officer from 2014-2017, said that a previous cyber attack against the HSE in 2017 called ‘WannaCry’ was different: it left data where it is but it’s encrypted, so it was made inaccessible.

But this latest ransomware is a day-zero attack, meaning they had no prior knowledge of it, and so it evaded its cyber security systems.

There isn’t a weakness that wasn’t prepared for, it’s a weakness that wasn’t understood, and the data has been taken away.

When asked whether the HSE’s older software system made it more vulnerable, Corbridge said that healthcare systems across the world find it difficult to invest in and keep up to the highest possible point of cyber-security protection.

It’s not just about machines that you see [clinicians using], it’s machines that’s connected to key healthcare solutions: blood analysers, CAT scanners, X-ray machines. When you need to replace the operating system to keep it up-to-date, to keep it safe from a cyber security point of view, at that point you’ve also got to consider the replacement of things like X-ray machines, CAT scanners.

“You can run into millions of euro when you need to keep simple IT systems up-to-date in healthcare systems, and that becomes really, really difficult to stay on top of.”

He said that in 2017, the HSE IT security system is a “smaller resource than perhaps it should be”, and that cyber security measures in place in the NHS are “still in their infancy” in the HSE.

Around 3-7% of a healthcare service’s total budget should be sent on IT systems, a US cyber security report recommended; former HSE chief Tony O’Brien said that a quarter of the recommended amount is spent on the HSE’s IT systems.

“It is very expensive, and it’s hard to show the benefit of it as a patient benefit when there are so many other financial needs.”

The HSE’s IT systems were hit by a Conti ransomware attack, where attackers enter into a computer system, study how it works, and encrypt the private data before announcing their attack to the victim and demanding a ransom for it not to be published online or sold off to a third party to be used for ill-intent. 

There have been reports that the hackers could have gained access to the HSE’s IT system up to two weeks before the attack was made known to authorities on Friday.

With reporting by Hayley Halpin

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
34 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Install the app to use these features.
    Mute dodofrey
    Favourite dodofrey
    Report
    May 18th 2021, 10:30 AM

    My 15 year old daughter had her MRI on a Thursday, thankfully before the system went down. Unfortunately her results are probably in the ether somewhere. She was diagnosed with cancer aged 12 and we have MRI’s to check if she’s relapsed. The waiting is absolute hell. I also work in medical diagnostics and every time software needs to updated our analysers are put out of action which causes delays in result reporting and that’s never ideal either. Very very difficult situation for all.

    270
    Install the app to use these features.
    Mute Liam Byrne
    Favourite Liam Byrne
    Report
    May 18th 2021, 2:49 PM

    @dodofrey: I hope you get a happy news soon.

    59
    Install the app to use these features.
    Mute Nigel
    Favourite Nigel
    Report
    May 18th 2021, 10:35 AM

    Please assume that your PPS and DOB have been stolen and update your passwords to something even stronger on any government sites such as Revenue.ie to be safe.

    This should be advice they’re giving people and not be saying “best case scenario we get new PPS numbers”. They need to be proactive, not reactive.

    89
    Install the app to use these features.
    Mute Joe Griffin
    Favourite Joe Griffin
    Report
    May 18th 2021, 2:32 PM

    @Nigel: Revenue operate with a system using certificates fot the ROS system. These are on the computer I used to access ROS. If I try using any other computer then I cannot log in. So no need to change anything if you use ROS or any other services that use trusted certificates.

    6
    Install the app to use these features.
    Mute Nigel
    Favourite Nigel
    Report
    May 18th 2021, 2:50 PM

    @Joe Griffin: I can login myAccount from any web browser using a PW, my PPS and DOB.
    No other form of authentication required.

    12
    See 2 more replies ▾
    Install the app to use these features.
    Mute Sam Harms
    Favourite Sam Harms
    Report
    May 18th 2021, 4:05 PM

    @Joe Griffin: only ROS uses certificates, MyAccount doesn’t

    6
    Install the app to use these features.
    Mute Johnny Kelly
    Favourite Johnny Kelly
    Report
    May 18th 2021, 5:33 PM

    @Nigel: ROS needs a certificate present on the computer and mygov sends a code to a phone which must be entered to complete login.

    1
    Install the app to use these features.
    Mute John O'Brien
    Favourite John O'Brien
    Report
    May 18th 2021, 10:04 AM

    Maybe it’s time to consider paying the ransom?

    49
    Install the app to use these features.
    Mute Ajax Penumbra
    Favourite Ajax Penumbra
    Report
    May 18th 2021, 10:18 AM

    @John O’Brien: Any what makes you think the unscrupulous characters that did this in the first place are honourable enough to keep their word that they’ll decrypt the info in a timely or straightforward manner?

    146
    Install the app to use these features.
    Mute Frank Jasper
    Favourite Frank Jasper
    Report
    May 18th 2021, 10:19 AM

    @John O’Brien:
    I work in the sector, Not a good idea to pay , will only make the next attack even more likely.
    Best suggestion (UK and Ireland) stop the practice of making useless people into IT managers just to get them out of the way.
    It security needs experienced professionals who are actively practicing in the field, not some pencil pusher who has ticked the right diversity training boxes.

    294
    See 13 more replies ▾
    Install the app to use these features.
    Mute Tomo
    Favourite Tomo
    Report
    May 18th 2021, 10:28 AM

    @Ajax Penumbra: Because it would be a very bad business model to get money and not restore the system. It would mean that their ability to get ransoms would reduce every attack they conduct.

    22
    Install the app to use these features.
    Mute Ajax Penumbra
    Favourite Ajax Penumbra
    Report
    May 18th 2021, 10:30 AM

    @Tomo: Haha! Business model me hoop. You’re talking like these are a legit group of people with industry rules to follow.

    34
    Install the app to use these features.
    Mute ed w
    Favourite ed w
    Report
    May 18th 2021, 10:47 AM

    @John O’Brien: what makes you think they have anyway of fixing it. why bother once you have the money.

    15
    Install the app to use these features.
    Mute Peter Cavey
    Favourite Peter Cavey
    Report
    May 18th 2021, 11:27 AM

    @Ajax Penumbra: these are savvy operators. Pay, and you get your data back. Don’t pay and it gets dumped on the darkweb. Then they move onto the next company. If companies or organizations knew that their data is going to end up on the darkweb after paying, what’s the incentive to pay? At the end of the day, these gangsters just want money.

    19
    Install the app to use these features.
    Mute JG
    Favourite JG
    Report
    May 18th 2021, 12:23 PM

    @John O’Brien: get a grip man. If you pay up you will become a gold plated target to all other criminal hackers. There has obviously not been enough back up of the information. Send the money

    10
    Install the app to use these features.
    Mute JG
    Favourite JG
    Report
    May 18th 2021, 12:29 PM

    @John O’Brien: get a grip man and grow a pair. If you pay up you will become a gold plated target to all other criminal hackers. There has obviously not been enough back up of the information. Send the money on full back up and there will be little reason for these criminals to try again. There is no way we should reward crime in any way. Your “give in to threats “ attitude is what keeps all lawbreakers in business.

    13
    Install the app to use these features.
    Mute JedBartlett
    Favourite JedBartlett
    Report
    May 18th 2021, 12:40 PM

    @Ajax Penumbra: You might sneer but Tomo is exactly right here. In effect, it’s a business model they use. Their future activities would be pretty fruitless if they took ransoms without giving back data.

    5
    Install the app to use these features.
    Mute John O'Brien
    Favourite John O'Brien
    Report
    May 18th 2021, 1:10 PM

    @ed w: wizard spider are operating since at least 2018. If they’re still around there’s a good chance it’s because they release the encryption keys to make it a viable option for the next target. These are not stupid people.

    3
    Install the app to use these features.
    Mute Seán Dillon
    Favourite Seán Dillon
    Report
    May 18th 2021, 1:12 PM

    @John O’Brien: No!!!! The Russian government should be made to pay or else freeze assets held by them outside their country. They are not pro active in stopping these crimes6als, possibly backing them.

    11
    Install the app to use these features.
    Mute John O'Brien
    Favourite John O'Brien
    Report
    May 18th 2021, 1:16 PM

    @JG: and you’re “stiff upper lip” attitude may lead to serious outcomes for many people depending on the health services at the moment. We were caught with our trousers down! We need to get the services back operating and the invest and shore up the current weaknesses by employing experts in the field. (Usually ex hackers)

    6
    Install the app to use these features.
    Mute Irene Mc Hugh
    Favourite Irene Mc Hugh
    Report
    May 18th 2021, 2:30 PM

    @John O’Brien: Of course they should pay ……Should have done so immediately ……Health is more important than money

    1
    Install the app to use these features.
    Mute Joe Griffin
    Favourite Joe Griffin
    Report
    May 18th 2021, 2:38 PM

    @Peter Cavey: I guess if they didn’t give back access to your data you could always pop down to their offices and ask them for your money back and threaten them with some bad publicity. Maybe a poor review on Google or Trustpilot would force their hand. Get real, these criminals don’t have a business model because nobody knows who they are.

    4
    Install the app to use these features.
    Mute Colin McNamara
    Favourite Colin McNamara
    Report
    May 18th 2021, 3:00 PM

    @Joe Griffin: they absolutely do have a business model. Pay the ransom you get the network back. Its that simple.

    4
    Install the app to use these features.
    Mute Clurichaun
    Favourite Clurichaun
    Report
    May 18th 2021, 10:41 AM

    I wonder if these system could be taken off the internet and operated via intranet or other type of closed network?

    36
    Install the app to use these features.
    Mute Jim Buckley Barrett
    Favourite Jim Buckley Barrett
    Report
    May 18th 2021, 2:15 PM

    @Clurichaun: that wouldn’t stop the virus if it’s already within the system. Instead of paying millions for rebuilding laptops, desktops etc. – go buy new ones, it wouldn’t be cheaper but it should be a lot faster and in the long run, save money because they will need to upgrade to Windows 10 sooner not later.

    9
    Install the app to use these features.
    Mute Peter Cavey
    Favourite Peter Cavey
    Report
    May 18th 2021, 3:20 PM

    @Clurichaun: it would seem like the best solution. ATM machines run off an intranet. All running off windows 7 and can’t be hacked externally.

    6
    See 1 more reply ▾
    Install the app to use these features.
    Mute Watchful Axe
    Favourite Watchful Axe
    Report
    May 18th 2021, 9:02 PM

    I don’t know much detail but surely a non windows based database server network is available with some sort of very controlled input and output allowed. With multi core processors and partitions these days, you might even only need an extra monitor. A virus running on a different OS will have a tough time to migrate.

    1
    Install the app to use these features.
    Mute David Dineen
    Favourite David Dineen
    Report
    May 18th 2021, 11:00 AM

    God be the days when the pen ruled, no delays in those days, no queues, no months on a waiting list, the good old days when a solid rubber took care of lists and mistakes…

    36
    Install the app to use these features.
    Mute Arch Angel
    Favourite Arch Angel
    Report
    May 18th 2021, 4:54 PM

    @David Dineen: That’s what it’s back to it seems. I think we should just hire all the IT experts here to fix the problem, there’s enough of them. It boils down to a question of whether to pay the hackers, and potentially put a bigger target on Ireland internationally. That’s assuming there’s a degree of honour and trust within their business model to do everything they promise.
    Then if we tell them where to go we still have to fix the problem ourselves. It’s clear we have don’t have sufficient numbers of highly qualified professionals in the positions we need to make this a reality. So this isn’t going to happen anytime soon. Or cheaply.

    2
    Install the app to use these features.
    Mute Diarmuid O'Braonáin
    Favourite Diarmuid O'Braonáin
    Report
    May 18th 2021, 10:17 AM

    I wouldn’t mind but when you think about it we have the biggest tech giants in the country here and they are getting generous tax breaks. We should not be in this position. The old insecure way of doing things should be have been stopped long ago. They should just pay the ransome and move on and learn from it. Its gonna cost a fortune if the fight them and an already crap health service will be made worse.

    51
    Install the app to use these features.
    Mute Ajax Penumbra
    Favourite Ajax Penumbra
    Report
    May 18th 2021, 10:22 AM

    @Diarmuid O’Braonáin: Paying a ransom risks emboldening other criminals to do this and show that Ireland is a soft touch when it comes to dealing with this, not to mention the question of funding a criminal organisation with money from the public purse.

    Make paying these kind of ransoms illegal and remove the easy cash incentive to carry out these type of attacks.

    57
    Install the app to use these features.
    Mute Diarmuid O'Braonáin
    Favourite Diarmuid O'Braonáin
    Report
    May 18th 2021, 12:58 PM

    @Ajax Penumbra: The cost of paying the ransom is very small compared to the cost of not doing anything. People are going to die. Its pure incompetence that we are in this position. We need to be thinking with our heads and what’s best for people and patients of the HSE. This can all be fixed very easily. We ask Microsoft to host our apps and they will be secure in the Cloud rather than the chaotic infrastructure that has failed to keep these hackers from holding the the HSE to ransom. We have all the tech giants here who could do it all for us. In fairness the owe our govt a lot as we’ve helped them with their tax obligations.

    13
    Install the app to use these features.
    Mute Albert Brennerman
    Favourite Albert Brennerman
    Report
    May 18th 2021, 1:31 PM

    Its not a zero day, sophisticated yes, warning issued below with proper implemntation would of alerted.

    https://us-cert.cisa.gov/ncas/alerts/aa20-302a

    We should all be on Team Ireland. Speculating on catastrophic outcomes is not helping. Adopt pay them nothing until must pay them.

    6
    Install the app to use these features.
    Mute Max Power
    Favourite Max Power
    Report
    May 18th 2021, 11:39 AM

    No foal no fee … that’s the only way to agree to pay for this .

    2
    Install the app to use these features.
    Mute Dave Hammond
    Favourite Dave Hammond
    Report
    May 18th 2021, 12:32 PM

    @Max Power: the hackers can calculate how significant the impact an attack can be on the fundemental operation of the business or organisation and know that if you adopt a ‘we never pay’ stance that you eventually make the calculation that it many cases it can be a better option to make a payment and un encrypt – they never admit to making payments but in truth many times payments are made and just denied – this is going to take a lot longer and cost a lot more if they think they can just be stubborn or principled

    11
    Install the app to use these features.
    Mute Johnny Kelly
    Favourite Johnny Kelly
    Report
    May 18th 2021, 5:28 PM

    This could take months to tackle and it’s very likely that a lot of data won’t have recent backups

    1
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.

Leave a commentcancel

 
JournalTv
News in 60 seconds