Major Cyber-Attack on Irish Health System Causes Commercial Concern

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


On May 20, 2021 there was a major ransomware attack on the Irish health system. The centralized HSE (Health Service Executive) which provides and manages healthcare for the Irish population was targeted on May 14, and has seen significant disruption since. It has described the attack as a ‘zero-day threat with a brand new variant of the Conti ransomware.’

The attack has been attributed to a Russian criminal group based in the St. Petersburg area, Wizard Spider. This group of 80 hackers is believed responsible for the attack earlier this year on FatFace, the UK retailer who is reported as having paid a ransom of £1.45m. The Minister with responsibility for eGovernment has described it as “possibly the most significant cybercrime attack on the Irish State” and the Taoiseach (head of government) has repeatedly stated that the State will not pay a ransom.

It appears likely that the attack may have emanated from a phishing campaign exploiting the current stresses on healthcare workers and the Coving remote working structures in place across circa 80,000 HSE devices. Emergency departments and urgent care centers remain operational as do many hospital services, however delays are accumulating.

In addition to patient files, the data stolen also includes HSE internal files, reportedly including on equipment purchase and minutes of meetings. Contractors to the HSE may be impacted and their commercial arrangements potentially at risk of disclosure. So far, the Financial Times has claimed it has seen screenshots of 27 HSE files released on the dark web in recent days. The media attention has, to date, been on the human side (the 27 files disclosed so far include 12 patient files) more so than on the potential for commercial disclosures. The issue is an evolving one as the hackers seek to pressure the Irish governments non-payment of ransom position. They are now believed to have issued a deadline on May 24 for payment of the ransom.

The HSE have included the following information for suppliers in their overall health service disruption notice.

Information for HSE suppliers and contractors

The HSE have included the following information for suppliers in their overall health service…

Source…