Ireland’s health service operator shut down all its IT systems on Friday to protect them from a “significant” ransomware attack, crippling diagnostic services, disrupting COVID-19 testing, and forcing hospitals to cancel many appointments.
An international cybercrime gang was behind the attack, Ireland’s minister responsible for e-government said, describing it as possibly the most significant cybercrime attempt against the Irish state.
Ireland’s COVID-19 vaccination program was not directly affected, but the attack was affecting IT systems serving all other local and national health provision, the head of the Health Service Executive (HSE) said.
“This is not espionage. It was an international attack, but this is just a cybercriminal gang looking for money,” minister Ossian Smyth told the national broadcaster RTE, saying he was unable to share all the information he had.
The HSE had not yet received a ransom demand, officials said. The gang exploited a previously unknown vulnerability, a so-called “zero-day” attack because the software maker has had zero days’ notice to fix the hole.
It shut down the system as a precaution after discovering the attack in the early hours of Friday morning and will seek to gradually reopen the network over the course of the weekend or possibly longer, Smyth said.
The attack was largely affecting information stored on central servers and officials said they were not aware that any patient data had been compromised. Hospital equipment was not impacted, with the exception of radiography services.
“More services are working than not today,” the HSE’s Chief Operations Officer Anne O’Connor told RTE.
“However, if this continues to Monday, we will be in a very serious situation and will be canceling many services. At this moment, we can’t access lists of people scheduled for appointments on Monday so we don’t even know who to cancel.”
“Distressing for patients”
While scheduled COVID-19 tests will go ahead as planned on Friday, the HSE said its referrals system was down, meaning anyone else requiring a test must attend walk-in sites which are currently operating in just over half of Ireland’s 26 counties.
It was also unable to take new vaccine appointments but did not expect that to delay the rollout given the lag between registration and the administering of the jab.
A major Dublin maternity hospital canceled all outpatient appointments on Friday other than those for women 36 or more weeks pregnant or in need of urgent care. Routine appointments were also canceled in some but not all other hospitals.
The state’s child and family agency, Tusla, said its IT systems, including the portal through which child protection referrals are made, are not currently operating.
At Cork University Hospital, the largest in Ireland’s second city, staff arrived to find IT systems paralysed, with all computers switched off.
“Our main concern is patient safety and results that might be outstanding, laboratory data that needs to be available to manage patient care today. It’s very distressing for patients,” Medical Oncologist Seamus O’Reilly told RTE.
Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups. Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.
They differ from a data breach or other types of hacking, which may steal large batches of customer data or other information from companies or individuals.