Coombe hospital services ‘continuing as normal’ after cyberattack

Attack believed to be contained to single hospital, as Reid describes risk as ‘moderate’

The Coombe Women and Infants University Hospital in Dublin was disconnected from the HSE's national health network on Thursday following a cyberattack on its IT systems.

HSE chief executive Paul Reid said the overnight attack appeared to have been contained to the Coombe and that there did not appear to be “further contamination across the wider health network”.

The attack impacted several systems at the Coombe but hospital management said it wished “to reassure all of those accessing our services that these services are continuing as normal”.

“We have locked down all our IT systems on a precautionary basis and are working closely with the HSE to resolve this matter,” it said in a statement.


However, Mr Reid told a HSE media briefing that most of the Coombe’s services were continuing unimpeded on Thursday, but that radiology and some patients management systems were affected as they were connected to the national network.

The latest attack comes only days after a report on the ransomware attack that crippled the HSE earlier this year, compiled by PwC, was published.

It found the opening of a malicious Microsoft Excel file attached to a phishing email led to the cyberattack. The file was opened at a HSE workstation on March 18th, with the email having been sent to the “patient zero workstation” two days earlier.

The ransomware was deployed on May 14th and those responsible demanded money from the HSE in order to stop them from releasing patient information online, which the organisation said was not paid.

‘Moderate risk’

Mr Reid said the attack – on a single voluntary hospital rather than the HSE itself – was deemed to be a “moderate risk” when identified on Wednesday.

The HSE, he said, had a “frail” network that was vulnerable to attack but that it had put measures in place to try to prevent attacks including multi-authentification checks and training to spot phishing emails and attachments through which attacks could be mounted.

“We try to mitigate but we do know that networks are vulnerable and we do have a frail and non-integrated network that has exposures,” he said.

Mr Reid said a high proportion of the organisations that are subjected to a cyberattack are “re-hit”.

Crumlin Children’s Hospital in Dublin said it had restricted access to external emails and the internet as a precautionary measure, but that hospital systems were running. There was no indication that the hospital had been hit by the same attack as the Coombe.

Security consultant Brian Honan said the PwC report had highlighted significant shortcomings in the IT and cybersecurity infrastructure within the HSE.

“Until those issues have been properly addressed within the HSE and the various hospitals, there is a continuous risk that attacks like that against the Coombe maternity hospital can happen,” he said.

“Unfortunately, the criminals behind these attacks do not care who they hurt or what damage they cause. So it is ever more important that all victims of these crimes report and work with An Garda Síochána, and other law enforcement agencies, so those criminals can be brought to justice.”

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist

Simon Carswell

Simon Carswell

Simon Carswell is The Irish Times’s Public Affairs Editor and former Washington correspondent