A cyber attack on the Irish health system has crippled the country’s healthcare system for a week, banning access to patient records, delaying Covid-19 tests and forcing medical appointments to be canceled.
Using ransomware, malware that encrypts a victim’s data until they pay a ransom, the people behind the attack have held the data hostage in Ireland’s publicly funded health system, the Health Service Executive. The attack forced the HSE to shut down its entire information technology system.
In a press conference on Thursday, Paul Reid, managing director of HSE, said the attack was “an upset stomach”.
Caroline Kohn, a spokeswoman for a group of hospitals in the east of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.
Security researchers believe the attack on Ireland’s hospitals was the work of a Russian-speaking cyber criminal group called Wizard Spider. In a ransom note posted online, the criminals threatened to reveal the stolen health network data unless officials pay a ransom of $ 19,999,000.
Ireland’s Prime Minister, Micheál Martin said the government would not pay. “We are very sure that we will not pay a ransom,” he said at a press conference last week.
Mr. Reid said the effects would be felt for many weeks. “This is not a short sprint,” said Mr. Reid. “This will have a lasting effect.”
The attack is the latest in a spate of ransomware attacks targeting hospitals around the world in recent weeks.
In California, Scripps Health, which operates five hospitals and a number of San Diego clinics, is still trying to bring its systems back online two weeks after a ransomware attack crippled its data. In New Zealand, a ransomware attack crippled several hospitals across the country, forced clinicians to use pen and paper, and postponed non-selective surgeries.
Late last year, a ransomware attack on the University of Vermont Medical Center changed the lives of cancer patients whose chemotherapy treatments had to be delayed or restored from memory.
The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operator that supplies nearly half of the gas, diesel and jet fuel to the east coast. This attack caused Colonial Pipeline to cease pipeline operations, causing panic buying at the pump as well as gas and jet fuel shortages along the east coast. Colonial Pipeline agreed to pay its extortionists, another gang of cybercriminals called DarkSide, nearly $ 5 million to decrypt their data.
The attack in Ireland has left residue in emergency rooms from Dublin to Galway and patients have been urged to stay away from hospitals unless they need urgent care.
Appointments for radiation treatments, MRIs, gynecological visits, endoscopies and other health services have been canceled in many Irish countries. Health officials said the attack also caused delays in Covid-19 test results, but a vaccine scheduling system is still working.
Irish health officials said Thursday that HSE was working to build a new network separate from the affected network. Hundreds of experts were recruited to rebuild 2,000 different systems. The effort should cost tens of millions of euros, said Reid.
The HSE announced on Thursday that it had been provided with a key that could be used to decrypt the data held as a ransom. However, it is unclear whether this would work.
Ransomware attacks against hospitals increased after two separate attempts – one by the Pentagon’s Cyber Command and a separate litigation by Microsoft – to shut down a large botnet, a network of infected computers called Trickbot, which is the main channel for ransomware served.
In the weeks following these efforts, cyber criminals said they wanted to attack more than 400 hospitals. The threat prompted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn healthcare operators to step up their protection against ransomware.
Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cyber criminals and refuse to extradite them. In response to last week’s Colonial Pipeline episode, President Biden said Russia has some responsibility for ransomware attacks as cyber criminals operate within its borders.
Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for attacking Ireland’s health systems, speak Russian and researchers “have great confidence that they are Eastern European and likely Russian”.
Last month, a Florida school district data was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cyber criminals demanding $ 40 million in cryptocurrency. The criminals encrypted data and posted thousands of school information online after officials refused payment.
Last December, chip maker Advantech was also hit by Wizard Spider. The data was published on the so-called Dark Web after refusing to pay.
Some cyber insurance companies have taken on the cost of ransom payments and calculated that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started pressuring insurance companies to pay ransom demands, arguing that they are only launching more ransom attacks and encouraging cyber criminals to make more lucrative demands.
AXA, the French insurance giant, said last week it would no longer cover ransom payments. Within days of its announcement, AXA was hit by a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.
“This is just business as usual,” said John Dickson, cybersecurity expert at Denim Group’s San Antonio, in an interview Thursday. “These attacks shouldn’t come as a surprise to anyone who’s paying attention.”
