Last Friday, the Irish health service was hit with a ‘significant’ ransomware attack resulting in its IT systems being temporarily shut down to ‘assess [the] impact’.
Ireland’s minister for public procurement and eGovernment Ossian Smyth said that the attack on the Health Service Executive (HSE) was international, adding that "these are cyber criminal gangs, looking for money”.
He said that that attack was “widespread” and “possibly the most significant cybercrime attack on the Irish State".
According to the National Cyber Security Centre (NCSC), HSE became aware of the ransomware attack early on Friday morning, informing the NCSC of the issue while it implemented a crisis response plan.
As a result, health services in Ireland have been affected with a number of outpatients visits having been cancelled as well as some virtual appointments.
In response to the ransomware attack, Peter Carthew, director, public sector UK & Ireland at Proofpoint commented: “From an attacker’s perspective, healthcare organisations are high value targets for ransomware attacks as they would have the highest motivation to pay up to restore systems quickly.”
“Given the nature of the industry, healthcare personnel are often severely time constrained, leading them to click, download, and rapidly handle email, while possibly falling victim to carefully-crafted social engineering based email attacks. Potentially vulnerable life-saving equipment and highly publicised ransom payments further increase the attractiveness of this sector for attackers distributing ransomware,” he added.
Although Ireland’s COVID-19 vaccination programme is expected to continue as planned this week, officials have said that ‘substantial cancellations across outpatient services’ are to be expected.
However, the impact across the country “will vary”, according to Ireland’s health minister Stephen Donnelly, who added that there would be “cancellations in the coming days”.