What Happened on Friday?
Ireland’s Health Service Executive (HSE) fell victim to a ransomware attack on the night from Thursday to Friday last week. The HSE is responsible for the provision of health and personal services to the whole of Ireland. From general care for Ireland’s 6.6 million inhabitants to maternity care, nursing home support, addiction support and vaccinations. Following the attack, the HSE decided to shut down all their IT systems. Most patients could still attend scheduled appointments, but experienced severe disruptions. The Covid-19 vaccination program was not hindered by the attack. The close contact referral system, however, was down. Hospitals were also forced to switch to pen and paper. And some non-urgent operations had to be postponed. Initially, it appeared that the attackers would not be demanding a ransom. Later, however, it became clear that a hacker group called Conti was allegedly responsible for the attack. The group claims to have stolen 700 GB of data, including financial reports, contracts and employees’ personal data. They threaten to make these documents public unless the health service paid them $20 million.
Ireland Will Not Pay Ransoms
The HSE explained that the attack was of a significant and serious nature. The HSE is now working together with the national cybersecurity team and external security experts to investigate and stop the cybersecurity attack, and help with a response. “We are very clear: we will not be paying any ransom”, Irish Prime Minister Micheál Martin told journalists this weekend. He did not confirm whether hackers had actually demanded $20 million. But he did describe the ransomware attack as “very sophisticated”. Cybersecurity experts say that the Conti gang managed to exploit a zero-day security flaw in the patient registry system. A zero-day vulnerability is a computer software vulnerability that has not been fixed by the software’s creators. Rebuilding IT systems is expected to cost the HSE tens of millions. Paul Reid, the director-general of the Health Service Executive, explained that “each of 2,000 systems need to be examined to fully understand the impact”. Experts expect that it will take at least a week to address priority areas.
Call for Ban on Ransomware Payments
Worldwide, numerous hospitals and other healthcare institutions have been targeted by hackers in recent months. They were affected by ransomware from Egregor, Ryuk and RansomExx, among others. Ransomware attacks in general are also on the rise. Just last week the largest refined products pipeline in the US, the Colonial Pipeline, had to be shut down following a cyberattack. The company allegedly paid hackers a $5 million ransom so they could resume operations. Historically, cybersecurity agencies and governments from around the world have strongly discouraged ransomware victims from paying hackers. But so far, it has not been prohibited. In light of the dramatic increase in both the frequency and severity of ransomware attacks, however, a growing number of cybersecurity experts argue that a total ban would be the only means to stop the surge in attacks. Following Friday’s attack, the former CEO of Britain’s National Cyber Security Centre (NCSC), Ciaran Martin, called for a ban on all ransomware payments. “At the moment you can pay to make it quietly go away. There’s no obligation to report to anybody, there’s no traceability of payment of cryptocurrency. We have allowed this to spiral in an invisible way”, he told The Times. “Making these payments illegal would help stop the funding of organized criminals who forced businesses into helping pay for further attacks.”