HSE, which is responsible for healthcare and social services across Ireland, fell victim to what was described as a “significant” ransomware attack on 14 May.
The attack has been attributed to the Conti ransomware gang. The cyber criminals provided HSE with a decryption tool for free but have threatened to publish information stolen in the attack – potentially a violation of patient privacy – if they don’t receive a ransom of a reported $20 million in bitcoin, something that HSE vowed not to pay.
But even with the correct decryption key, restoring the network has been a slow and arduous task for HSE. Health services across Ireland remain disrupted as hospitals attempt to treat patients, despite limited IT services and no internet access – meaning appointments are still being delayed or cancelled.
SEE: Have we reached peak ransomware? How the internet’s biggest security problem has grown and what happens next
“The restoration process, and the accompanying due diligence exercise, is necessarily taking some time. Although we can effectively decrypt data, that is only one element. The malware must also be eradicated,” HSE CEO Paul Reid told the National Parliament (Oireachtas) Joint Committee on Health.
“Decryption takes much longer than the original encryption, and eradication involves additional tasks to ensure that the perpetrators have no access route back into our systems,” he added.
Reid described how HSE has decrypted 75% of its servers, and 70% of end-user devices are now available to staff. However, disruptions to patient services are expected to continue for some time – despite IT staff, cybersecurity experts and Ireland’s defence forces working seven days a week to restore the network to fully operational status.
“There is no underestimating the damage this cyberattack has caused. There are financial costs certainly, but there will unfortunately be human costs as well,” said Reid. “I assure members, and the public, that we are doing everything possible to restore the systems. I must also caution that it will likely take months before systems are fully restored.”
Due to the ongoing disruptions, HSE warns that emergency departments are very busy due to IT outages and significant delays are to be expected, while many X-ray appointments are being cancelled.
Essential and urgent services, including COVID-19 vaccinations, are operating, but patients are warned they could face delays because “systems are not functioning as usual” due to “critical IT systems” still being out of action in the aftermath of the ransomware attack.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Reid told the Committee that, following the ransomware, “significant learnings about further protections that can be put in place” will be made and the fact that the ransomware attack happened meant their were “obvious vulnerabilities” in the network.
He also warned that ransomware and the “highly skilled criminal organisations” behind ransomware attacks represent a significant risk to organisations across the globe.
“The whole world needs to raise its game,” said Reid.
MORE ON CYBERSECURITY
Ransomware: How the NHS learned the lessons of WannaCry to protect hospitals from attack9 tips to protect your organization against ransomwareRansomware is now a national security risk. This group thinks it knows how to defeat itFBI and European law enforcement shut down VPN used by ransomware groupsCyber criminals targeting hospitals are ‘playing with lives’ and must be stopped, report warns