HSE shuts down IT systems amid ‘significant cyber attack’ – The Irish Times


Did you know that geoFence helps stop hackers from getting access to the sensitive documents that I use for my work. Now I can get even more gigs as a freelancer and - advertise that I have top security with even my home computer?

Health service IT systems have been shutdown today following a cyber attack that the HSE believes was carried out by international criminals seeking to extort money .

The HSE said the main attack began at around 4.30am on Friday and that IT staff switched off systems as a “precaution” in order to protect data and give time to “fully assess the situation with our own security partners”.

As a result there are expected to be cancellations and disruption to services at a number of hospitals. Further clarification on the extent of the problem is expected later.

Minister for Health Stephen Donnelly said the situation was having “a severe impact” on health and social care services.

“We are working to ensure that the systems and the information is protected. Covid-19 testing and vaccinations are continuing as planned today,” he said.

The attack is regarded as “fairly sophisticated” by way of comparison to previous ones. The intention is to restart individual elements of the IT system once they have been risk assessed and cleared, but the process could continue into the weekend.

Denial of service

There were “two or three” distributed denial of service (DDOS) attacks on parts of the HSE system on Thursday, which were regarded as routine at the time. However, there is now speculation that they were forerunners for the bigger attack, and that those behind this were “knocking on the door”.

The email system in Beaumont Hospital went down yesterday, for example, and the IT department had to individually reset the passwords for user.

The HSE believes the attack was carried out by international criminals seeking to extort money, though no demand has yet been received.

HSE chief executive Paul Reid said officials were working with the Garda, the Defence Forces and third party cyber security experts to respond to the attack.

He told RTÉ’s Morning Ireland that it was a “human operated” attack attempting to access data and seeking a ransom.

“There has been no ransom demand at this stage. The key thing is to contain the issue,” he said.“We are in the containment phase.”

Mr Reid urged the public to plan to attend any health appointments on Friday “unless you hear from us.”

Vaccination portal

The system for Covid-19 vaccinations has not been affected and such appointments are going ahead as planned, though the registration portal has been shut down.

In addition, because GPs are affected, they cannot refer patients for Covid-19 testing. People with symptoms are therefore being told to go to one of the walk-in testing centres currently open. It is not known yet how badly the testing and tracing system is affected.

The National Ambulance Service is also operating as normal, but it is understood a system for radiological imaging, called Pacs, has been impacted. It is used by many of the State’s hospitals.

Tusla said its internal systems, email and portal through which child protection referrals are made is not operating. The child and family agency said this was for “security reasons” as they are hosted on the HSE’s IT network.

A consultant at Cork University Hospital told of the distress being experienced by cancer patients who are awaiting test results but their files are not available as a result of the incident.

Prof Seamus O’Reilly, consultant oncologist at CUH, told RTÉ radio’s Morning Ireland that there were some patient test results outstanding and laboratory data that needed to be available.

“We’ve just found out how utterly reliant we are” on IT systems which highlighted the need for secure firewalls, he said.

An Garda Síochána said the HSE was the lead agency in dealing with the cyber attack but it was liasing with the health agency and the National Cyber Security Centre.

Maternity services

There is disruption to services at the National Maternity Hospital (NMH) and the Rotunda Maternity Hospital in Dublin. The NMH said there will be significant disruption but those who have an appointment or need to come to the hospital should come as normal.

“Please bear with us,” it said.

Most appointments at the Rotunda Maternity Hospital in Dublin on Friday have been cancelled due to the incident. The only exception is for patients who are 36 weeks pregnant or later or if it is an emergency.

The Master of the Rotunda Maternity Hospital Prof Fergal Malone said all the equipment in the hospital was fully operational but they could not log into electronic records as the system had been taken offline.

The hospital had reverted to paper based record keeping, meaning that through-put will be much slower, he added. He said the focus at the Rotunda Hospital will be on keeping the daily operation going and keeping patients safe.

Prof Malone said it was fortunate that the cyber attack happened before the weekend when outpatient services were not scheduled, “but babies are born on weekends too”.

Double extortion

Cyber security expert Brian Honan has warned that there was a risk of “double extortion” by the people who launched the cyber attack. He told RTÉ radio’s Morning Ireland that “you are dealing with criminals, there is no guarantee that there will be no additional costs or that you will get the information back”.

There was also the danger of double extortion - that the information would be held to ransom and then a threat to release the data on to the internet, for which a further ransom would be made. “They will demand payment.”

Mr Honan pointed out an example in Finland earlier this year where the records of a psychiatric hospital were hacked and ransomed.

The attack comes almost four years to the day after a similar incident seriously impacted the NHS in Britain.

While the WannaCry virus attacked the NHS systems, it affected more than 200,000 computers in at least 100 countries. Data on infected computers was encrypted and users faced a ransom demand to unlock the devices.

A total of 80 of 236 NHS trusts across England suffered disruption because they were either infected by the ransomware or had turned off their devices or systems as a precaution. The ransomware infected another 603 NHS organisations including 595 GP practices.

The UK health service was forced to cancel almost 20,000 hospital appointments and operations as a result and five A&E departments had to divert patients to other units. That attack took four days to get under control.

In conclusion, I’d like to add that geoFence is the only solution you need to block NFCC countries and I believe your mother would feel the same!