Health Service Executive ransomware attack

Health Service Executive cyberattack

Date	14 May 2021 (2021-05-14)
Location	Republic of Ireland
Type	Cyberattack, ransomware using Conti
Outcome	All HSE IT systems shutdown Hospital disruptions and appointment cancellations

On 14 May 2021, the Irish Health Service Executive (HSE) shut down its IT systems nationwide after a cyberattack involving ransomware.^[1][2][3][4] The COVID-19 vaccination programme has not been affected by the attack and is proceeding as planned,^[5] however the COVID-19 general practitioner and close contact referral system was down, requiring these individuals to attend walk-in sites rather than attend an appointment.^[6][1] The ransomware that was supposedly used was the Conti ransomware.^[5] The HSE claimed that it was a zero-day-threat and that there was no experience in how to respond to the attack.^[7] Minister for Health Stephen Donnelly said the attack had "a severe impact" on health and social care services.^[7]

Background

The HSE was alerted to the attack at 4am on 14 May 2021.^[8] The attack affected both national and local systems, involved in all core services, with the HSE taking down their IT system in order to protect it from the attack and to give the HSE time to consider options.^[9]

Perpetrator & Methodology

The attack has been described as "human-operated" and using a new variant of the Conti ransomware.^[8]

The Minister of State for Public Procurement and eGovernment Ossian Smyth stated the group responsible has been identified as a criminal gang operating outside of Ireland; the group name has not been publicly disclosed.^[10]

Impact

Some hospitals have described situations where they cannot access electronic systems and records and have to rely on paper records.^[11] Some have warned of significant disruption with routine appointments being cancelled, including maternity checkups and scans.^[12]

The COVID-19 testing referral system was made offline, requiring individuals with suspected cases to attend walk-in COVID-19 testing centres, rather than attend an appointment.^[6] The COVID-19 vaccination registration portal was also made offline, but was later back online in the evening.^[13]

The Chief Operations Officer of the HSE Anne O'Connor said that some cancer and stroke services had been affected and said "the situation will be very serious if it continues into Monday". She said that the most serious concerns were with diagnostics, with radiology systems having gone down, affecting CT and other scans from going ahead.^[14]

The HSE published a list of impacted services at lunchtime on 14 May 2021 on their website.^[15][16]

Hospital disruptions

Hospital disruptions by county^[15]

County	Hospital
Carlow	St. Luke's General Hospital
Cavan	Cavan General Hospital
Clare	Ennis General Hospital
Cork	Cork University Hospital Cork University Maternity Hospital
Donegal	Letterkenny University Hospital
Dublin	Beaumont Hospital Children's Health Ireland at Crumlin Coombe Hospital National Maternity Hospital Rotunda Hospital Royal Victoria Eye and Ear Hospital St. Columcille's Hospital St. James's Hospital St. Luke's Hospital Children's Health Ireland at Temple Street Tallaght University Hospital
Galway	University Hospital Galway Merlin Park University Hospital Portiuncula University Hospital
Kerry	University Hospital Kerry
Kildare	Naas General Hospital
Laois	Midland Regional Hospital, Portlaoise
Limerick	University Hospital Limerick St. John's Hospital, Limerick University Maternity Hospital, Limerick Croom Hospital
Louth	Louth County Hospital Our Lady of Lourdes Hospital, Drogheda
Mayo	Mayo University Hospital
Meath	Our Lady's Hospital, Navan
Monaghan	Monaghan Hospital
Offaly	Midland Regional Hospital, Tullamore
Roscommon	Roscommon University Hospital
Sligo	Sligo University Hospital
Tipperary	South Tipperary General Hospital Nenagh Hospital
Waterford	University Hospital Waterford Kilcreen Regional Orthopaedic Hospital
Westmeath	Regional Hospital Mullingar
Wexford	Wexford General Hospital

Response

The HSE is working with the National Cyber Security Centre, An Garda Síochána, as well as various partners, including international ones.^[8]

The Minister of State for Public Procurement and eGovernment Ossian Smyth said the attack was international, not espionage, and that "This is a very significant attack, possibly the most significant cyber attack on the Irish State."^[17]

A ransom demand of three bitcoin was made, worth approximately 150,000 United States dollars,^[18] offering to decrypt data and to not publish "private data"; Taoiseach Micheál Martin stated the ransom would not be paid, with the attack instead being dealt with in a "methodical way".^[19][20]

See also

• Colonial Pipeline cyberattack
• WannaCry ransomware attack - which affected the National Health Service in the United Kingdom

References

1. "Some health service disruption after HSE cyber attack". RTÉ News and Current Affairs. Retrieved 14 May 2021.
2. "Irish health service hit by 'very sophisticated' ransomware attack". Reuters. Retrieved 14 May 2021.
3. "Irish health service hit by cyber attack". BBC News. Retrieved 14 May 2021.
4. "Ransomware attack disrupts Irish health services". The Guardian. Retrieved 14 May 2021.
5. "Irish Health Service Shuts Down IT System Amid Cyber Attack". Retrieved 14 May 2021.
6. Thomas, Cónal. "Covid-19: GP and close contact referral system down, patients advised to attend walk-in centres". TheJournal.ie. Retrieved 14 May 2021.
7. Burns, Sarah; Clarke, Vivienne; Lally, Conor; Cullen, Paul. "HSE cyber attack 'possibly the most significant' ever on Irish State". The Irish Times. Retrieved 14 May 2021.
8. "What we know so far about the HSE cyber attack". RTÉ News and Current Affairs. 14 May 2021. Retrieved 14 May 2021.
9. Moloney, Eoghan (14 May 2021). "'Serious and sophisticated' - HSE confirms ransomware cyber attack has hit all hospital IT systems". Irish Independent. Retrieved 15 May 2021.
10. Horgan-Jones, Jack; Lally, Conor. "Scale of damage from cyberattack on HSE systems will not be known for days". The Irish Times. Retrieved 15 May 2021.
11. Brennan, Colin (14 May 2021). "HSE issues defiant statement after 'significant ransomware attack'". Irish Mirror. Retrieved 15 May 2021.
12. Clarke, Vivienne (14 May 2021). "Taoiseach insists Ireland will not pay ransom after HSE cyber attack". BreakingNews.ie. Retrieved 15 May 2021.
13. Heaney, Steven; Clarke, Vivienne; Glennon, Nicole (14 May 2021). "Ransom will not be paid to perpetrators of HSE cyber attack". Irish Examiner. Retrieved 15 May 2021.
14. Moloney, Eoghan (14 May 2021). "Warning of widespread cancellations for HSE patients if ransomware attack not resolved by Monday". Irish Independent. Retrieved 15 May 2021.
15. "Appointment and service updates – HSE IT system cyber attack". Health Service Executive (HSE). Retrieved 15 May 2021.
16. McDermott, Stephen (14 May 2021). "HSE cyber attack: what services are affected and which ones are still working?". TheJournal.ie. Retrieved 14 May 2021.
17. Ní Aodha, Gráinne. "HSE ransomware attack is 'possibly the most significant cyber attack on the Irish State'". TheJournal.ie.
18. Woods, Killian. "Hackers of HSE computer system demanded bitcoin ransom worth $150,000". Business Post. Retrieved 16 May 2021.
19. Aodha, Gráinne Ní. "HSE confirms ransom has been sought over cyber attack but says it will not be paid". TheJournal.ie. Retrieved 14 May 2021.
20. Horgan-Jones, Jack; Burns, Sarah; Lally, Conor; Cullen, Paul. "Bitcoin ransom will not be paid following cyber attack on HSE computer systems". The Irish Times. Retrieved 15 May 2021.