Ireland has shut down most of the major IT systems running its national health care service, leaving doctors unable to access patient records and people unsure of whether they should show up for appointments, following a “very sophisticated” ransomware attack.
Paul Reid, chief executive of Ireland’s Health Service Executive (HSE), told a morning radio show that the decision to shut down the systems was a “precautionary” measure after a cyberattack that impacted national and local systems “involved in all of our core services.”
Some elements of the Irish health service remain operational, such as clinical systems and its COVID-19 vaccination program, which is powered by separate infrastructure. COVID tests already booked are also going ahead.
However, the system for processing referrals from GPs and of close contacts is down, the HSE tweeted, adding that those in need of testing should go to walk-in centers, which would prioritize symptomatic cases.
“This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the @AmbulanceNAS [National Ambulance Service],” health minister Stephen Donnelly wrote on Twitter.
No group has yet claimed responsibility for the attack, though Reid said on Friday morning that it involved “Conti, human-operated ransomware,” referring to the type of software used. He added that the HSE had not yet been served with a ransom demand.
“We are at the very early stages of fully understanding the threat, the impact, and trying to contain it,” he said, adding that the HSA was receiving assistance from the Irish police force, defense forces, and third-party cyber support teams.
The master of Dublin’s Rotunda Maternity Hospital said it was advising patients who were less than 36 weeks pregnant not to present for appointments on Friday. In a statement, Cork University Hospital said patients should present for outpatient appointments, chemotherapy, and surgery “unless you are contacted to cancel” but that X-ray and radiotherapy appointments for Friday were cancelled.
Professor Donal O’Shea, consultant endocrinologist at St. Vincent’s Hospital in Dublin, told RTE radio that there could be implications for patient care. “Clinical systems haven’t been targeted, but if you can’t access your computer, then getting results is impossible… so before long, there are going to be clinical implications,” he said. In its statement, Cork University Hospital said “only emergency blood [tests]” would be processed at this time.
Reid said that patients nationally “should still come forward until they hear something different” and that an update should be available later on Friday. A spokeswoman for the HSE was unable to provide a further update on patient care by mid-morning. “We apologize for the inconvenience to the public and will give further information as it becomes available,” she added.
Health care workers told the FT they were told to turn off their laptops, leaving staff at home offline and those working in hospitals reverting to pen and paper to manage patients’ information.
In a statement on its website, Ireland’s child and family agency Tusla said that its emails, internal systems, and portal for child protection referrals was also offline because they are hosted by the HSE’s network.
The attack comes as actions by cyber criminals to disrupt public services have increased during the pandemic. Earlier this month, hackers believed to be from eastern Europe breached the IT systems of the Colonial Pipeline, a major fuel conduit that supplies much of the eastern US.
“Opportunistic cyber attackers targeting flooded health care organizations has been a common theme throughout the course of the pandemic,” said Charlie Smith, consulting solutions engineer at Barracuda Networks. “These scammers are aware of the huge significance of health services’ IT systems at this time and so will stop at nothing to disrupt said systems or steal valuable data in exchange for ransom.”
© 2021 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.
https://arstechnica.com/?p=1765173