May 14, 2021

HSE ransomware attack leads to cancelled hospital appointments

By Robert Scammell

The Health Service Executive (HSE), Ireland’s public healthcare system, has shut down all its IT systems after falling victim to a “significant” ransomware attack.

Medical equipment is unaffected but computer systems used to access electronic healthcare records are offline.

HSE said it shut down its systems “as a precaution” to prevent further damage from the file-encrypting malware. This has caused disruption to x-ray appointments and the cancellation of some virtual appointments and in-person services. HSE also warned of possible delays to receiving Covid test results.

Dublin Midlands Hospital Group said that “all routine appointments have been cancelled for today across St Luke’s Radiation Oncology Network sites.” A handful of other hospitals also warned of disruption and cancellations.

However, previously scheduled Covid-19 tests and vaccinations are “going ahead as planned.” Emergency services and the National Ambulance Service is “operating as per normal”, HSE said in an update.

“Delays should be expected while hospitals move to manual, offline processes,” HSE added.

HSE chief executive Paul Reid told the Republic of Ireland’s national broadcaster RTE that the agency became aware of the attack overnight. He added that HSE was yet to receive a ransom demand.

The attack was carried out by a cybercrime group, Ireland’s e-government minister Ossian Smyth told RTE.

“This is not espionage. It was an international attack, but this is just a cybercriminal gang looking for money,” he said.

It is believed the ransomware gang used a zero-day vulnerability to compromise HSE’s systems. Officials warned of a “serious situation” if the systems were not restored by Monday.

Richard Walters, CTO at Censornet, said HSE “acted extremely quickly” and that taking systems offline is “vital to containing” the attack.

Cybersecurity professionals were quick to condemn the attack against a public healthcare organisation, which follows hot on the heels of the Colonial Pipeline ransomware attack that knocked the largest US fuel pipe offline for five days.

“It is clear that cybercrime groups are not above targeting the healthcare sector or critical infrastructure with ransomware, making them no longer just digital thieves but now digital terrorists,” Joseph Carson, chief security scientist at cybersecurity firm ThycoticCentrify. “When your motive is financial that is one thing, but when you put people’s lives at risks it is a serious impact to society.”

Matt Lawrence, director of detection and response at cybersecurity company F-Secure described the attack as “abhorrent.”

Brian Higgins, security specialist at Comparitech, said: “It’s a distressing fact that Health and Social Care providers have become the targets of choice for cybercriminals and ransomware attacks over the past year or two. It’s because the sector is highly vulnerable and these types of attack offer the perpetrators a number of ways to exploit their victims.”

In 2017 the WannaCry ransomware struck the NHS, leading to the mass cancellation of appointments and services.