Early this morning, the HSE reported it had been hit by a major ransomware attack, forcing it to shut down a lot of its major systems while it assesses the scale of the attack.
When did the attack start?
The HSE became aware of the attack overnight, according to chief executive Paul Reid, with the crisis management team taking action. IT systems were shut down as a precautionary measure. No ransom demand has been made yet, but the situation is still evolving.
What is a ransomware attack?
A ransomware attack is a type of malware that encrypts data or blocks access to services until a ransom - typically untraceable - is paid. However, paying a ransome doesn’t guarantee that you will get access to your data.
It has emerged that this particular attack it the work of a variant of Conti, a type of ransomware that operates “double extortion” - it not only encrypts information, but it can also steal and threaten to expose it.
What has the attack affected?
The HSE said this is a sophisticated “human operated” attack, with access to information as the target. However, it has moved to reassure patients that their information is safe. Critical equipment and systems are unaffected by the incident, but core services across local and national services, which depend on the data system affected, have been impacted.
That means the electronic patient charts, for example, are inaccessible, with hospital switching to paper back ups. The vaccination programme has not be impacted, and the National Amubulance Service is also operating as normal.
What does it mean for services?
That is another evolving situation. The HSE said scheduled Covid-19 testing is ongoing, and tests will continue to be processed by laboratories, but the system used by GPs to refer patients for testing is down, as is the close contacts referral system. Those patients are being prioritised for tests at walk-in clinics. There may also be some delays in receiving test results, sith the HSE concentrating on alerting those with positive tests.
Some hospitals have cancelled out-patient appointments, with the Rotunda Hospital in Dublin among those that has cancelled clinics for the day as its electronic patient records are inaccesssible. However, the hospital is still open for emergencies and appointments for those who are over 36 weeks pregnant.
Other hospitals are asking patients to attend as normal, but there will be significant disruption to services throughout the day. Patients will be contacted if there are changes to their scheduled appointments.
How serious is this?
The HSE is treating this is as a major incident, calling in security experts and national resources such as the gardaí and the Defence Forces. However, it is not yet clear the scale of the attack, or what - if any - information has been compromised. The HSE is working with to respond to the cyber attack.
Has this happened before?
In 2017, hackers hit a range of targets from the UK's National Health Service to European telecoms company Telefónica in a ransomware attack using tools stolen from the US National Security Agency. The WannaCry attack exposed a specific Microsoft Windows vulnerability, and swept through dozens of NHS hospitals, costing the health service millions of pounds.
A section 39 agency in Co Wexford was affected by the cyber attack, but the HSE’s preventative action was thought to have limited the impact.
What about more recently?
Ransomware attacks happen regularly. In the US, one of its largest fuel pipelines, the Colonial pipeline which transports millions of gallons of fuel daily from Houston to New York Harbour, was largely paralysed by an attack earlier in May by an Eastern European-based criminal gang.
A California hospital group was also hit by ransomware attacks in early May, severely impacting its services, and last year, a wave of ransomware attacks hit hospitals across the US, as the Covid-19 pandemic continued to sweep the nation.