article featured image


Ireland Health Service Executive (HSE), which is responsible for healthcare and social services across Ireland, is still suffering from significant disruptions more than six weeks after falling victim to a ransomware attack.

HSE Twitter posts show that patients are still being alerted to expect significant care delays and to bring health information that could help support their care, also pointing to investments to ensure more comprehensive network monitoring for malware in the future.

The HSE Director General Paul Reid forecasts that the expenses from the ransomware attack will exceed $600 million. The cost estimate includes $120 million in current recovery necessities such as employing outside technical leaders to support recovery efforts.

The remaining cost estimates will pay for the replacement and improvement of the systems affected by ransomware, as well as payments to outside cybersecurity assistance.

Moreover, the Ireland Health Service Executive plans to implement a security operation center able to better monitor the network for potential cyber threats. Until now, the team managed to bring three-quarters of the network back online.

Ireland Health Service Executive Ransomware Attack

The ransomware attack took place on May 14 and led to serious IT disruptions across the Ireland East Hospital Group, with many patient appointments either being canceled or postponed.

The Conti ransomware gang, who was behind the attack, threatened to use all the data stolen from HSE during the attack if a ransom of $20 million won’t be paid. However, HSE has refused to pay the attackers.

The Irish High Court quickly reacted to this situation and has issued an order to prevent the cybercriminals from selling, sharing, or publishing the stolen data with anyone.

Conti is believed to be run by a Russia-based cybercrime group known as Wizard Spider, with the group using phishing attacks in order to install the TrickBot and BazarLoader trojans in order to obtain remote access to the infected machines.

Previous reports showed Conti operation published online some patient data allegedly stolen from the HSE before the ransomware deployment.

It seems the cybercriminals managed to steal a total of 700 GB of data, which was downloaded 23 times before it was taken offline.

As the HSE IT team focuses on recovery, clinicians have continued to operate under EHR downtime procedures and backup processes. At the hearing, HSE leadership shared that the maternity and radiology departments have seen the most care disruptions.


Ireland Health Service Executive has received help from Ireland’s Faculty of Radiologists that provided examination workstations for the country’s radiology departments, and from Ireland’s National Cyber Security Centre.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *