Attacks on hospital computer systems not linked to ‘WannaCry’

Patient appointments disrupted as HSE email servers shut down indefinitely

“WannaCry” is a “ransomware worm” that locked up more than 200,000 computers across the globe.


Viruses that affected computer systems at three Irish hospitals on Monday afternoon are not linked to the ‘WannaCry’ ransomware wave of cyber attacks, the HSE has said.

The issues, initially thought to be linked to the international ransomware virus that has hit computer systems across the world, were deemed to be related to a separate computer virus.

After the problems were detetced the HSE blocked external communication to servers until Wednesday and said up to 20 computers had been affected. Email servers across the organisation have been shut down indefinitely, disrupting patient appointments.

Internationally more than 200,000 institutions and organisations were infected by the virus which struck in the UK and Spain first on Friday before spreading around the world. The NHS was one of many major global organisations affected, with 47 trusts hit.

Richard Corbridge, chief information office at the HSE said its IT team took the three hospitals offline temporarily, isolating the spread of the virus to 20 machines and containing it.


One Dublin hospital recorded 5,000 attempts from the virus to infiltrate its computer system on Saturday alone, HSE officials said.

Mr Cobridge said the virus was “still active” and is attempting to infiltrate the HSE computer system across the country.

The HSE said its IT security systems had so far managed to prevent the virus from getting through antivirus protection in most hospitals.

Mr Corbridge said the virus “landed at the weekend, and still continues to be trying to infiltrate the system. It isn’t stopped and it’s still active”.

This means while the virus is present in the HSE’s computer system, it has not yet been downloaded by computer users, outside of the three cases identified so far.

The virus infiltrates computers when users inadvertently download it by clicking on links or attachments in emails and it then blocks access to files on the computer until a ransom is paid or the virus is removed.

Mr Cobridge said the HSE was planning to lift the embargo on staff using email by Tuesday lunchtime. He said the HSE was monitoring the total amount of attempted infection attempts but would not be able to release the figure until later this week.

Security upgrades

Healthcare staff were told to turn on their computers on Monday morning but not to log on for two hours while antivirus security updates were installed. Staff were advised to not open or use their email accounts while IT antivirus patches and security upgrades are still under way.

This means HSE staff will only be able to send and receive emails from within the internal HSE network, and others emails will be filtered to avoid potential infiltrations of the virus. The HSE email system is the main security fear, as the virus spreads from user downloading links and attachments.

The spokeswoman said “on-going patch work” to update the IT systems across the HSE with the most recent antivirus protection was still under way.

The cybersecurity fears mainly relate to older “legacy” computers particularly those still using the Windows XP operating system, which the HSE estimated about 1,500 of its computers were still using.

Microsoft removed support for the XP system in 2014 and computers still using it are more vulnerable to the ransomware attack.

Richard Browne, head of Ireland’s National Cyber Security Centre, warned the cyberattack was not over and could “run and run”.

He told RTÉ new legislation in the coming weeks would ensure that Ireland was “moving as fast as we can” in “this rapidly evolving space”.

The National Cyber Security Centre is the State’s cybersecurity force but it does not have the power to prosecute those who carry out cyberattacks.

It confirmed a small centre in Co Wexford, funded by the HSE, had fallen victim to the virus but it was not linked to the wider health service IT network, preventing a wider spread of the malware.

Minister for Communications Denis Naughten said that while the country’s IT systems had been able to withstand the effect of this virus, that there was no way of knowing how another could present itself in the future.