Irish health service shuts down IT systems after ‘sophisticated’ ransomware attack
‘Human-operated’ cyber assault is causing lengthy delays and some cancellations to appointments
Credit: Adobe Stock
The Irish Health Service Executive (HSE) has shut down all its IT systems as it works to contain and nullify a major ransomware attack.
The attack happened overnight and, talking this morning on RTÉ Radio 1, HSE chief executive Paul Reid described the incursion as “a very sophisticated attack”.
“It is impacting all of our national and local systems that are involved in all of our core services… the major priority is to contain it,” he added. “It is a human-operated ransomware attack, where people seek to get access to data and seek a ransom for it.”
Reid claimed that the incident was targeted at data “stored on central servers”, and that life-saving hospital machines should not be affected. A ransom has not yet been demanded.
The chief executive said that IT systems have been shut down as a precautionary measures and the health service is working with its tech and cyber suppliers, as well as with police and defence agencies, to try and better understand and mitigate the attack.
“We are at the very early stages of trying to understand the threat, the impact and trying to contain,” he said.
- ‘The prospect of a category-one cyberattack is not receding’
- DHSC signs £2m six-month deal to improve ability to ‘respond to recover from a cyberattack’
- Inoculating the NHS against cyberattacks
HSE has advised Irish citizens that the Covid-19 vaccination programme will continue as planned. Tests that were booked in advance of the attack and due to take place today will also proceed, although “you cannot get a Covid-19 test through your GP today… because the referral system is not working”, the health service said.
“If you have symptoms of Covid-19, you should still phone your GP. They may advise you to go to a Covid-19 walk-in test centre,” it added. “If you are a close contact, you can also use a walk-in test centre. Walk-in test centres are usually for people who do not have symptoms, but today priority will be given to people who have symptoms or are close contacts.”
RTÉ Radio 1 reported that, following the attack, the Rotunda maternity hospital in Dublin has cancelled all outpatient appointments for women who are less than 36 weeks pregnant.
Elsewhere, the UL Hospitals group of six hospitals in the west of Ireland issued a statement advising that emergency services will continue and outpatients should attend appointments as planned unless instructed not to – but warned that “long delays” may affect some its services. Staff were also told to turn off all laptops and PCs.
A statement on the HSE website indicates that, while some other services across the country may be affected, patients should proceed as normal unless told otherwise.
“A ransomware attack… has caused some disruption to our services. But most healthcare appointments will go ahead as planned,” it said. “We will keep this page updated to let you know about any changes to HSE services.”
On Twitter, Ireland’s minister for health Stephen Donnelly said: “This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the National Ambulance Service. Updated information will be available [from HSE] throughout the day.”
CDDO monitoring found that vast majority of sites did not wholly comply with regulations
As government launches comms campaign claiming security function will enable child abusers, data-protection watchdog claims debate is ‘unbalanced’
Consultation launched on possible expansion of NIS regulations
Government-backed project will also incorporate input from BSI and NPL