The Health Service Executive (HSE) announced on Friday that it has been forced to immediately shut down all of its IT systems after a major cyber attack described as “possibly the most significant cyber crime attack on the Irish State”.
The HSE became aware of the attack overnight and its CEO Paul Reid has described the attack as a “significant” and “sophisticated” ransomware attack.
What is a Ransomware Attack?
A Ransomware attack involves the theft or encryption of the victims data, and a demand for money for its safe return or decryption.
HSE Chief Operations Officer Anne O’Connor has described this particular attack as a “zero-day threat with a brand new variant of the Conti ransomware” and the Minister of State for Public Procurement and eGovernment Ossian Smyth has described it as an international attack.
What data has been affected?
The HSE has come out to say it is not aware of any personal information that has been compromised.
The ransomware attack has seemingly focused on accessing data stored on the HSE’s central servers and has reportedly impacted all national and local systems, which are involved in all core services.
Patients to expect disruption and delays
Hospitals across the country are still reeling from the attack, reporting loss of access to their electronic systems and records and having to revert to paper-based systems.
Some hospitals have warned patients to expect significant disruption and delays with Tánaiste Leo Varadkar suggesting that the problems could run into next week.
Dublin’s Rotunda Hospital has been forced to cancel most outpatients visits today, the National Maternity Hospital has reported “significant disruption” to its services and St. Luke’s hospital has cancelled all radiation oncology.
The impact on Covid testing
Leo Varadkar has also announced that the Covid testing programme has been affected by the shut down as the GP and close contact testing referrals system is down and the HSE says that results of tests may take longer to be provided.
Who is responsible?
It has emerged that the group known as ‘Wizard Spider’ is responsible for the attack. The Russian-based group is an organised cyber crime group that is known to international law enforcement agencies as one of the most sophisticated and technically proficient cyber crime gangs in the world.
It is estimated that the group consists of approximately 80 employees that includes skilled computer programmers and hackers and it has been a target of international law enforcement agencies for years.
How to protect against Ransomware attacks
While this is a serious attack and has seemingly devastated HSE operations it will not come as a surprise to many who are only too aware of the constant and rising threat of ransomware. As Minister Smyth put it, this is “the one that got through” and there is a “constant bombardment” of attacks on State data.
A recent survey showed a 600% rise in cyber attacks, with over 46% of global businesses having reported at least one cyber-attack since the shift to remote working.
Cyber Security Awareness Training
The fact that this attack has been reported as a “human-led” attack means it underpins the absolute necessity for Cyber Security Awareness Training training across all organisations and businesses.
In 2020, 95% of all security breaches were caused by human error making it clear that firewalls and antivirus are no longer enough to protect against these types of attacks.
In light of this attack it has never been more apparent that ongoing training for employees at every level of an organisation is now required to combat the level of sophistication these attacks have reached.
Backup and Disaster Recovery
With the governments official position stating that it will not pay a ransom to the criminal gang, the HSE will be relying on their data backups and their disaster recovery strategy to get all of their systems back online and operational.
While it was initially thought that it would take days to get their systems back online, the HSE has now warned it will take weeks to fully repair the damage caused.
For many companies without an adequate backup and disaster recovery strategy in place, not paying is simply not an option. And even for those that do have strategies in place, weeks worth of downtime can be enough for them to go under for good.
If it wasn’t crystal clear to every business owner before now just how important it is to have a good backup and recovery strategy in place, it certainly is now.
If you would like to enquire about Cyber Security Awareness Training or Backup and Disaster Recovery Services for your organisation please contact our team at firstname.lastname@example.org or call us on +353 (0)1 818 3272.