Ransomware attack on the pillar of Ireland’s medical services is another sign of rapidly-increasing cyber risk for healthcare organizations
This blog is part of a two-part series. In this post we’ll give an overview of what happened, and in the next we’ll take a deeper look at how a cyber attack like this one works and is prevented.
90% of Ireland’s hospitals were shut out of patient records, scheduling systems, and email on Friday, May 14th due to an attack on their national Health Service Executive (HSE) with the Conti ransomware. This led to many cancellations of non-urgent appointments, as well as serious interruptions to coronavirus testing. “We know nothing about the individual. We have no charts, no record number”, said Dr. Vida Hamilton, the HSE’s national clinical advisor. This successful attack on the HSE came immediately after an attempted attack the previous day on the Irish Department of Health, which had fortunately been halted before it could cause serious damage.
Image courtesy of Bleeping Computer
According to Bleeping Computer, attackers offered to provide a decryptor for the 700GB of stolen patient data and delete it from their own systems in exchange for a $20 million ransom. Such patient data usually includes a wealth of private information including phone numbers, contact information, and financial records. The HSE refused to negotiate with or respond to the attackers, instead choosing to turn over available information to Ireland’s National Cyber Security Center. “We don’t pay ransoms,” said Irish Prime Minister Micheál Martin.
This choice aligns well with the advice of TXOne’s own security intelligence researchers, who recommend refusing all ransom payments – every payment successfully acquired by attackers increases the likelihood of further attacks, and furthermore carries no guarantees that attackers will follow through and delete records of stolen data. Ossian Smith, a state minister of procurement and eCommerce, said it was possibly the most significant cybercrime yet conducted against Ireland, and made the important distinction that this attack was the work of profit-driven independent cybercriminals and not state actors. The rising level of skill and coordination in the attacks of independent cybercriminals is a key factor in rapidly increasing global cyber risk.
TXOne Networks’ security intelligence specialists believe that all critical infrastructure organizations should confirm up-to-date protections and integration of SAE (Security Awareness Education) into employee training. Up-to-date protections could include use of streamlined, modernized cyber defenses such as trust lists and network segmentation.