Ireland’s public healthcare system said it shut down major technology systems Friday after a ransomware attack, causing disruption at hospitals and Covid-19 testing centers.
Paul Reid, director-general of the Health Service Executive, told Irish radio Friday the attack was sophisticated and used ransomware known as Conti. He said Ireland’s Covid-19 vaccination services will continue normally because they use different technology than the country’s other healthcare operations.
Mr. Reid said the HSE hadn’t received a ransom note.
The attack appears to be the first major strike to disable a country’s centralized public health system during the Covid-19 pandemic. However, hackers have attacked individual hospitals and research centers around the world, including a Czech hospital treating coronavirus patients. Cyberattacks cost hospitals in the U.S. millions of dollars in 2020.
Other critical infrastructure industries are also battling destructive ransomware attacks. Colonial Pipeline Co. shut down operations last week after a ransomware attack, leading to gasoline shortages in the U.S. The company resumed services on Thursday.
A vaccination center in Dublin. Vaccination services can continue as normal because they use different technology than the rest of Ireland’s health service.
Photo: Brian Lawless/Zuma Press
Staff at Dublin’s National Maternity Hospital resorted to using pen and paper to record patient details on Friday after the HSE disabled all access to its IT services, said Shane Higgins, the hospital master. “It is very disruptive,” he said. The hospital, which has 1,200 employees, didn’t cancel medical appointments but advised patients there could be delays, he said. The hospital relies entirely on electronic patient records. It will likely take several days to recover, he added.
The Rotunda Hospital, a maternity hospital in Dublin, said in a statement that all medical appointments on Friday were canceled, except for patients who are 36 weeks pregnant or over. Cork University Hospital said some appointments would not take place Friday but certain technology systems are running, although in a limited capacity.
The HSE said individuals won’t be able to make new appointments for Covid-19 tests, including if they were in contact with a person who tested positive or are showing symptoms. Walk-in test centers are open and people who already had appointments can still go to them.
The Conti ransomware is designed to immediately connect to computers on the same network to spread the malware, and attackers have published stolen data from victims on websites after using the ransomware, according to a report published in February by cybersecurity firm Sophos.
In the best case scenario, the HSE could recover in a few days if it has access to backup data from the systems it shut down, said Simon Woodworth, a lecturer in business information systems at University College Cork who conducts research with the HSE. If the healthcare authority doesn’t have that data, it could take longer, he added. Dr. Woodworth said the HSE has many disparate technology systems that interconnect with each other. “There’s a huge risk of disclosure of private data here,” he said.
It is often easier to shut down a large technology infrastructure than it is to restart, because experts need to make sure that different systems are restored in the right sequence, said Brian Honan, executive director of BH Consulting, a Dublin-based firm that advises companies, including after ransomware attacks.
“The key thing is not just to bring data back, but making sure the integrity of the data or any other system or environment that depends on that data doesn’t disrupt the other systems as well,” he said.
Recovering from a ransomware attack involves several slow, careful steps, Mr. Honan added. “Along every stage you want to make sure you’re not enabling the criminals to get back in,” he said.
Write to Catherine Stupp at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
