Tag Archive for: HSE
Cyberthreat healthcare alert came months before HSE hit by hackers
/in Computer Security
The National Cyber Security Centre warned of potential ransomware attacks on the health service in October 2020, more than four months before the Health Service Executive was targeted by hackers, it has been revealed.
The health service was hit by a massive cyberattack earlier this year which caused chaos in hospitals, delayed patient care and and led to expected costs of almost €100 million.
A malicious file attached to a phishing email opened on March 18th led to a shutdown of the HSE’s computer systems once the Conti ransomware was “denotated” on May 14th.
The criminal gang behind the attack – believed by several observers to be most likely based in Russia – demanded $20 million (€17.7 billion) in Bitcoin.
The Government said no ransom would be paid and on May 20th the hackers posted a link to a key that decrypted files which had been encrypted by the ransomware.
Minister of State for eGovernment Ossian Smyth said he still does not know why the gang provided the decryption key, but suggested “there was a lot of pressure which they would not be used to”. Mr Smyth said he was told that gardaí believed the attackers were based in seven different jurisdictions.
The Green Party Minister also said that unlike the risk for private hospitals that had been hit by ransomware attacks, “the HSE was not going to go out of business. So those threats were not going to work. I think at some point they figured out that that combination of the world’s law enforcement and military intelligence pointing at them, while not getting any money, it was time to move on to another target.”
He said it was not like targeting an insurance company, adding that in those cases “you’re not going to find the…
EU cites HSE hack as it unveils plans for rapid-response cyber unit
/in Computer Security
Plans to set up an EU rapid-response cyber unit that could quickly respond to attacks like the recent ransomware hack of the Health Service Executive (HSE) were unveiled on Wednesday.
Across Europe cyberattacks rose 75 per cent last year, with 756 such incidents logged, including an increasing number of attacks on healthcare systems, representing a growing risk to society with critical infrastructure at stake, according to the European Commission.
“We have a lot of cyber enemies around us,” European commissioner Thierry Breton told journalists.
“On May 14th, Ireland’s public healthcare system suffered a pretty strong ransomware attack. I believe it affected a system with more than 80,000 computers, so that was something which was pretty, pretty strong.”
The State co-ordinated with an existing EU information-sharing network of national Computer Security Incident Response Teams to respond to the ransomware attack as soon as it came to light.
But developing a Joint Cyber Unit as announced on Wednesday would allow the EU to send IT experts to swoop in to respond as soon as an attack was detected, the European Commission said.
“What is important is to react even faster . . . and also to deploy very quickly some dedicated team. That, we didn’t do because we have not the capacity today,” Mr Breton said.
“It could have been a very important plus, if we could have sent dedicated experts very quickly to react even faster, because we know that, of course, the longer you wait the worse it is.”
The HSE expects it will take as long as six months to recover from the attack, with many hospital and patient data systems still affected. The…
Government did not pay ransom for decryption key after HSE hack, says Martin
/in Internet Security
The Government did not pay a ransom or use diplomatic channels to obtain a decryption key that could unlock HSE data hit by a ransomware attack, the Taoiseach has said.
The key was made available on Thursday evening almost a week after the IT system was attacked.
The key was given to the Government by the organised crime group behind the cyber attack, but their reasons for doing so remain unclear.
Taoiseach Micheal Martin said: “No payment was made in relation to it at all. The security personnel don’t know the exact reason why the key was offered back.
“In terms of the operation of getting our services back and getting data systems back, it can help. But in itself, the process will still be slow.
“Certainly the decryption key, getting that is good, but in itself it doesn’t really take away from the enormous work that still lies ahead in terms of rebuilding the systems overall.”
He indicated the rebuilding process will be weeks rather than months.
Responding to reports that the criminals responsible intend to start selling and publishing HSE data online from Monday, Mr Martin said: “We’ve always said that the danger is there for data to be dumped.
“But the High Court action, an injunction that the HSE secured, is a very powerful and strong one, which makes it a criminal act to reveal any data that has been illegally obtained or has been stolen from the HSE system.”
The main purpose of the injunction is to put internet companies such as Google and Twitter on notice of a legal prohibition on the sharing and publication of the information.
Mr Martin said: “We are very encouraged and appreciate the collaboration and co-operation from the major social media companies in respect of this entire attack.
“But also in terms of working with us to make sure that any data that is inadvertently put up will be taken down immediately.”
He said paying the ransom demanded by the criminals…