{"id":39922,"date":"2021-05-14T09:13:25","date_gmt":"2021-05-14T13:13:25","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=39922"},"modified":"2022-05-05T04:37:49","modified_gmt":"2022-05-05T08:37:49","slug":"irish-health-service-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/irish-health-service-ransomware\/39922\/","title":{"rendered":"Irish health service hit by ransomware"},"content":{"rendered":"

Updated on May 17, 2021.<\/strong><\/p>\n

Media outlets are reporting<\/a> an attack by ransomware on the Health Service Executive (HSE), Ireland\u2019s healthcare system. The HSE decided to shut down key information systems for thorough investigation and protection against further threat spread. A number of clinics have reported temporary shutdowns or at least disruptions in their operations, although they continue to provide emergency care services. The COVID-19 vaccination program was not interrupted, although some institutions have had to revert to outdated workflow systems.<\/p>\n

The Irish healthcare system attack in brief<\/h2>\n

According to HSE representatives, a \u201cvery sophisticated,\u201d human-operated ransomware attack caused \u201csignificant disruption\u201d to their services. Such incidents are particularly difficult to counter because the cybercriminals adjust their tactics and specific targets during the attack.<\/p>\n

External experts and law enforcement cyberspecialists are contributing to the investigation, which is still in early stages. However, HSE representatives presume the main target was data stored on the organization\u2019s servers.<\/p>\n

Representatives of Rotunda Hospital, a medical institution affected by the attack, say<\/a> the unified HSE patient registering system may have been a spreading vector. Fortunately, the attack did not affect life-saving equipment; only healthcare records are unavailable.<\/p>\n

Who is behind the attack, and what do they want?<\/h2>\n

According to Bleeping Computer<\/em><\/a>, the operators of Conti ransomware<\/a> contacted HSE representatives and demanded almost $20 million in ransom. The crooks claimed that they had been present in HSE\u2019s network for more than two weeks before encrypting any data, that they\u2019d downloaded approximately 700GB of unencrypted files \u2014 including personal data, contracts, and financial documents \u2014 and that they\u2019d publish the information if their terms weren\u2019t met.<\/p>\n

\"Conti<\/a>

Conti ransom demand. Source: Bleeping Computer. <\/a><\/p><\/div>\n

Ireland\u2019s prime minister<\/a> refused to pay that ransom, a decision we fully support<\/a>.<\/p>\n

How to protect healthcare from ransomware<\/h2>\n

Ransomware threats to healthcare institutions around the world are on the rise<\/a>. To minimize infection risk, we recommend prioritizing the protection of remote access tools and e-mail systems, the two most common entry points for ransomware<\/a>. In addition, security awareness is more than just important.<\/p>\n

In particular, we recommend:<\/p>\n