Contents:
Ireland Health Service Executive (HSE), which is responsible for healthcare and social services across Ireland, is still suffering from significant disruptions more than six weeks after falling victim to a ransomware attack.
HSE Twitter posts show that patients are still being alerted to expect significant care delays and to bring health information that could help support their care, also pointing to investments to ensure more comprehensive network monitoring for malware in the future.
If you’re attending an emergency department, please bring any patient information you have that could help us. This could be any document that includes:
Medical Record Number/Patient Chart Number
A list of your medications
Any discharge summaries from time spent in hospital pic.twitter.com/NgoJVKO8tN— HSE Ireland (@HSELive) June 28, 2021
The HSE Director General Paul Reid forecasts that the expenses from the ransomware attack will exceed $600 million. The cost estimate includes $120 million in current recovery necessities such as employing outside technical leaders to support recovery efforts.
The remaining cost estimates will pay for the replacement and improvement of the systems affected by ransomware, as well as payments to outside cybersecurity assistance.
Moreover, the Ireland Health Service Executive plans to implement a security operation center able to better monitor the network for potential cyber threats. Until now, the team managed to bring three-quarters of the network back online.
Ireland Health Service Executive Ransomware Attack
The ransomware attack took place on May 14 and led to serious IT disruptions across the Ireland East Hospital Group, with many patient appointments either being canceled or postponed.
The Conti ransomware gang, who was behind the attack, threatened to use all the data stolen from HSE during the attack if a ransom of $20 million won’t be paid. However, HSE has refused to pay the attackers.
The Irish High Court quickly reacted to this situation and has issued an order to prevent the cybercriminals from selling, sharing, or publishing the stolen data with anyone.
Conti is believed to be run by a Russia-based cybercrime group known as Wizard Spider, with the group using phishing attacks in order to install the TrickBot and BazarLoader trojans in order to obtain remote access to the infected machines.
Previous reports showed Conti operation published online some patient data allegedly stolen from the HSE before the ransomware deployment.
It seems the cybercriminals managed to steal a total of 700 GB of data, which was downloaded 23 times before it was taken offline.
As the HSE IT team focuses on recovery, clinicians have continued to operate under EHR downtime procedures and backup processes. At the hearing, HSE leadership shared that the maternity and radiology departments have seen the most care disruptions.
Ireland Health Service Executive has received help from Ireland’s Faculty of Radiologists that provided examination workstations for the country’s radiology departments, and from Ireland’s National Cyber Security Centre.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;