Irish health service latest victim of cyber crime

'Most significant attack' to date shuts down health and social care IT systems

A ransomware attack on the health service in Ireland has been dubbed ‘possibly the most-significant cyber crime’ affecting the Irish state to date.

The National Cyber Security Centre (NCSC) confirmed that the Health Service Executive (HSE) became aware of a significant ransomware attack on some of its systems in the early hours of Friday morning and immediately activated its crisis response plan.

The HSE believes the attack was initiated by international criminals attempting to extort money, although it said no demand has yet been received.

In light of this latest attack, it’s crucial that public-sector organisations are taking steps to not only raise awareness of such cyber threats, but also provide security training and support that takes this human aspect into consideration in order to help prevent these attacks in future

The attack forced the health service to shut down its IT systems as a precautionary measure while security experts assessed the risk.

And Irish Health Minister, Stephen Donnelly, said the move had a ‘severe impact; on health and social care services, although emergency services and the ambulance service were still operating.

Hospitals affected included the National Maternity Hospital in Dublin and the National Maternity Hospital in Dublin, which were temporarily unable to access digital records.

And, while vital COVID-19 vaccinations continued to be given, the registration portal for testing and vaccination referrals was shut down.

The attack comes four years after the NHS was hit by the WannaCry virus, which affected more than 200,000 computers in 150 countries, including many across the UK.

The Irish Prime Minister – or Taoiseach – Micheál Martin said he had consulted with cyber security experts, adding that the state would not be paying a ransom.

And he confirmed it would ‘take some days’ to assess the full impact.

Speaking to BBH following the attack, Peter Carthew, director of public sector for UK & Ireland at Proofpoint, said: “From an attacker’s perspective, healthcare organisations are high-value targets for ransomware attacks as they would have the highest motivation to pay up to restore systems quickly. “Given the nature of the industry, healthcare personnel are often severely time constrained, leading them to click, download, and rapidly handle email, while possibly falling victim to carefully-crafted social engineering-based email attacks.

After a year of proving its resilience under immense pressure, this sudden cancellation of outpatient visits and clinics demonstrates the scale of the threat of ransomware attacks on health services

“Potentially vulnerable life-saving equipment and highly-publicised ransom payments further increase the attractiveness of this sector for attackers distributing ransomware.

“The disruptive and destructive nature of ransomware is impossible to ignore, but unfortunately the reality is that those in charge of cyber security aren’t simply able to pivot and focus all their efforts on stopping this one form of attack.

“Recent survey data of global Chief Information Security Officers (CISOs) shows they are feeling overwhelmed by a vast array of different threats coming from all angles. However, only 25% of public sector CISOs listed ransomware in their top three cyber threats.

“Nearly all targeted attacks rely on human interaction to work so educating and training workers on what to watch out for, maintaining offline backups, implementing strong password policies, and developing ransomware response playbooks are vital defences against the numerous threats facing the sector today.”

Oz Alashe, chief executive and founder at behavioural security platform, CybSafe, adds: “Days after the Foreign Secretary’s warning about the potential harm of ransomware attacks, this serves as a stark reminder of just how devastating they can be.

The disruptive and destructive nature of ransomware is impossible to ignore, but unfortunately the reality is that those in charge of cyber security aren’t simply able to pivot and focus all their efforts on stopping this one form of attack

“After a year of proving its resilience under immense pressure, this sudden cancellation of outpatient visits and clinics demonstrates the scale of the threat of ransomware attacks on health services.

“The public sector is a potential gold mine for cyber criminals, with medical records and personal information being a target for identity fraud and broader financial crime.

“Such attacks play on our emotions, exploiting our curiosity or self doubt to break through our defences.

“In light of this latest attack, it’s crucial that public-sector organisations are taking steps to not only raise awareness of such cyber threats, but also provide security training and support that takes this human aspect into consideration in order to help prevent these attacks in future.”

And Brooks Wallace, vice president at Deep Instinct, advocates a multi-layered approach to safeguarding critical services.

He said: “Sadly, the higher the criticality and business or human impact an attack has, the more likely the victim is to pay.

“Healthcare organisations are at the top of the human impact chain, but they are also very vulnerable to cyber attacks as they often don’t have significant IT security budgets to invest in the most-comprehensive protection capabilities.

Organisations need to invest in solutions that use technology such as deep learning, which can deliver a sub-20-millisecond response time to stop a ransomware attack, pre-execution, before it can take hold

“SecOps teams are doing their best to prevent breaches, but they are under constant attack from highly-sophisticated threats.

“The SecOps teams will have to identify the ransomware. And, not only will they have to triage the infected machines, but they will also need to stop the lateral spread, likely using multiple tools, and consoles, but with limited resources.

“The best protection against attacks such as this one is a multi-layered approach using a variety of solutions.

“A ‘prevention-first’ mindset is also key - attacks need to execute and run before they are picked up and checked to see if they are malicious, sometimes taking as long as 60 seconds or more.

“And, when dealing with an unknown threat, 60 seconds is too long to wait for an analysis.

“Organisations need to invest in solutions that use technology such as deep learning, which can deliver a sub-20-millisecond response time to stop a ransomware attack, pre-execution, before it can take hold.”

Companies