A cyberattack on Ireland’s health system has paralysed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.
The people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the HSE (Health Service Executive) forcing its entire information technology system to shut down.
HSE Chief Paul Reid said this “stomach churning” incident was a “high risk and high likelihood” of the data that has been taken by hackers being leaked online, but also said that reports of the HSE patient data leaked online haven’t been validated yet.
He told a HSE media briefing on Thursday that the response has been “comprehensive” since last Friday and will “continue to be relentless.” He added, “We are now in the assessment phase where we’re assessing all across the network… to understand the impacts across the network.”
Reid said there are 2,000 systems used by the health service and more than 4,500 servers and HSE’s national clinical advisor, Dr Vida Hamilton confirmed that the hack has “affected every aspect of patient care”.
Dr Hamilton described the incident as a “major disaster” and said there were difficulties around accessing patient records. She said with lab tests, a handwritten form was required, with a runner taking it to the lab, and it then being manually put in to be analysed, something she said increased the chance of “delay and risk for error.”
Hackers offer bail out tool?
The criminal gang threatened to release the stolen data online if the ransom demanded is not paid $20 million in bitcoin by Monday, 24th May to which the Irish Government and the HSE both stated it will not be paid, in line with State policy.
However, recent reports suggest the gang (now known to be The Conti ransomware group) have now handed over a software tool for free. The Government says it is testing the tool and insists it did not, and would not, be paying the hackers.
Conti is still threatening to publish or sell data it has stolen unless a ransom is paid. On its darknet website, it told HSE: “We are providing the decryption tool for your network for free. But you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation.”
It was unclear why the hackers gave the tool (known as a decryption key) for free, said Health Minister Stephen Donnelly. “No ransom has been paid by this government directly, indirectly, through any third party or any other way. Nor will any such ransom be paid,” he told Irish broadcaster RTÉ.
“It came as a surprise to us. Our technical team are currently testing the tool. The initial responses are positive.”
Slowly but surely
In a statement made yesterday afternoon, giving an update about health services affected by the hack, the HSE said: “While we believe we will have lost some details of recent clinical activity, we anticipate that we will be able to recover older patient records.”
HSE payroll systems have been prioritised for assessment and contingency arrangements have been worked on to ensure that HSE staff are paid this week. “Progress continues to be made on getting servers cleaned, restored and back online,” he added.
“This is in line with the pace we had anticipated, and is a stepped, methodical process, to mitigate the risk of re-infection. We are also looking at interim solutions to get some services back online in a proven safe way.”