Irish health service shuts down IT systems after ‘sophisticated’ ransomware attack
‘Human-operated’ cyber assault is causing lengthy delays and some cancellations to appointments
Credit: Adobe Stock
The Irish Health Service Executive (HSE) has shut down all its IT systems as it works to contain and nullify a major ransomware attack.
The attack happened overnight and, talking this morning on RTÉ Radio 1, HSE chief executive Paul Reid described the incursion as “a very sophisticated attack”.
“It is impacting all of our national and local systems that are involved in all of our core services… the major priority is to contain it,” he added. “It is a human-operated ransomware attack, where people seek to get access to data and seek a ransom for it.”
Reid claimed that the incident was targeted at data “stored on central servers”, and that life-saving hospital machines should not be affected. A ransom has not yet been demanded.
The chief executive said that IT systems have been shut down as a precautionary measures and the health service is working with its tech and cyber suppliers, as well as with police and defence agencies, to try and better understand and mitigate the attack.
“We are at the very early stages of trying to understand the threat, the impact and trying to contain,” he said.
- ‘The prospect of a category-one cyberattack is not receding’
- DHSC signs £2m six-month deal to improve ability to ‘respond to recover from a cyberattack’
- Inoculating the NHS against cyberattacks
HSE has advised Irish citizens that the Covid-19 vaccination programme will continue as planned. Tests that were booked in advance of the attack and due to take place today will also proceed, although “you cannot get a Covid-19 test through your GP today… because the referral system is not working”, the health service said.
“If you have symptoms of Covid-19, you should still phone your GP. They may advise you to go to a Covid-19 walk-in test centre,” it added. “If you are a close contact, you can also use a walk-in test centre. Walk-in test centres are usually for people who do not have symptoms, but today priority will be given to people who have symptoms or are close contacts.”
RTÉ Radio 1 reported that, following the attack, the Rotunda maternity hospital in Dublin has cancelled all outpatient appointments for women who are less than 36 weeks pregnant.
Elsewhere, the UL Hospitals group of six hospitals in the west of Ireland issued a statement advising that emergency services will continue and outpatients should attend appointments as planned unless instructed not to – but warned that “long delays” may affect some its services. Staff were also told to turn off all laptops and PCs.
A statement on the HSE website indicates that, while some other services across the country may be affected, patients should proceed as normal unless told otherwise.
“A ransomware attack… has caused some disruption to our services. But most healthcare appointments will go ahead as planned,” it said. “We will keep this page updated to let you know about any changes to HSE services.”
On Twitter, Ireland’s minister for health Stephen Donnelly said: “This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the National Ambulance Service. Updated information will be available [from HSE] throughout the day.”
Johnson and Dyson’s text exchange shows need for new rules, believe ex-cabinet secretaries
Platform covers the collection of both clinical and non-clinical information
Supplier will provide support for technology that could be scaled to 50 million users
Contract – which is not signed under the terms of the public sector-wide OGVA – covers provision of cloud services
It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.