HSE hack may have happened due to something as simple as an employee clicking on a link

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Cybersecurity experts last night warned that it could be weeks before HSE systems return to normal after yesterday’s ransomware attack.

Ronan Murphy, of Cork-based cybersecurity experts Smarttech247, said it could be into next month before remedial work fixes problems caused by what has been described as “the most significant attack the Irish State has ever had”.

“This will cause unbelievable disruption to the HSE,” he said.

That is the nature of these ransomware attacks — it is the fact that they are incredibly disruptive despite how easy they are to launch. 

‘Simple precautions and software updates’

He said that while there are hundreds of ways ransomware can be spread throughout a network, it usually starts with something as simple as an employee clicking on a link or opening an email attachment.

However, that action alone could be made all the worse if the person clicking on the link or downloading the file was working on a system that did not have all its software updated to the latest versions.

If their system did not have the most up-to-date security patches, there would have been an added vulnerability in their system.

“Ransomware exploits known vulnerabilities in a network,” Mr Murphy said. “It is not overly sophisticated.

“Once it gets into a network, it spreads very fast and encrypts data, and a ransom note pops up on the screen, warning the user they have 72 hours to pay up.” 

‘Attack could have been planned for months’

IP-Performance’s chief information security officer Phil Cracknell, a former cybersecurity adviser to the UK government, said the attack could also have been initiated by someone figuring out the user name and password of somebody with access to the HSE network.

He also suggested that this particular attack could have been launched weeks or months ago, but only initiated early on Friday morning.

“There is not enough information out about this attack so far, “ he said.

“Various buzzwords are being used, like ‘zero-day threat’ and ‘distributed denial of service’ [DDOS] attack.

‘There could be more to this incident…’

“However, you wouldn’t normally associate such attacks with a ransomware attack,” he said: