The HSE Ransomware Attack

Published on 15 May 2021 at 16:59

Last Friday the Health Service Executive (HSE) shut down all of its' IT services after a ransomware attack disrupted COVID-19 testing and other patient services.


According to The Journal, Ransomware is a type of malicious software that encrypts files on a computer system. Attackers then demand a ransom from the victim to restore their access to the data after payment is issued. HSE Chief Operations Officer Anne O’Connor stated that the systems were hit by a Conti attack, a specific type of ransomware attack that steals and encrypts data. 


According to the Financial Times, the government received a ransom demand to be paid in bitcoin. The attack appeared to affect data stored on the health system’s central servers, reports RTE, but it did not appear any patient data was compromised. The HSE tweeted that it had taken down its IT systems as a precaution to protect them from the attack. 


Cybersecurity experts have since warned that it could be weeks before HSE systems return to normal after the ransomware attack. Ronan Murphy, of Cork based cybersecurity experts Smart tech 247, said it could be into next month before remedial work fixes problems caused by what has been described as “the most significant attack the Irish State has ever had”. He also stated that while there are hundreds of ways through which a virus can infiltrate a database, it generally begins with something as simple as an employee clicking on a link or opening an email attachment.


This could be made even worse if that person was using software that wasn’t up to date with the latest security updates, making their system even more vulnerable to the attack. He also suggested that this particular attack could have been launched weeks or months ago, but only initiated early on Friday morning.


The hackers have demanded payment in Bitcoin, a crypto currency that can be almost impost impossible to trace, in return to unlock the data they have currently encrypted.


Taoiseach Micheál Martin has made a clear statement against paying the attackers, saying that “We’re very clear we will not be paying any ransom or engaging in any of that sort of stuff,” adding that the issue is being dealt with in a way that is in accordance with the advice of cyber security experts. The HSE’s Chief Executive Paul Reid has said the response from the Irish State and the HSE is that they do not engage in paying ransoms to international criminal organisations. 


Despite this several cyber security experts have said that normally the only solution to situations like this is paying the ransom. Speaking on RTE Drivetime Barry O’Sullivan, School of Computer Science at University College Cork said it is “virtually impossible to recover the data without paying the ransom”.


The Government believes the hackers tried unsuccessfully to target and lock them out of their ‘back-up’ drives. This means, they believe, that they can have full services up and running in 72 hours’ time.


Attacks of this kind are fairly common on global institutions, which is why they are usually equipped with a team of cybersecurity experts regularly monitoring and avoiding these attacks to go through. It’s uncommon for one to slip through as it did this week, but with the HSE working actively on retrieving encrypted data and the government assisting them, it’s only a matter of time before this problem is resolved.

Add comment


3 years ago

Very good article.