Irish health service hit by ‘very sophisticated’ ransomware attack

Ireland’s health service operator shut down all its IT systems on Friday to protect it from a “significant” ransomware attack, crippling diagnostic services and forcing hospitals to cancel many appointments.

The country’s COVID-19 vaccination programme was not disrupted, but the attack was affecting IT systems serving all other local and national health provision, the head of the Health Service Executive (HSE) said.

The HSE shut down the IT systems as a precaution to protect as much information as possible and was assessing how the attack would affect other services, Chief Executive Paul Reid said.

Reid said the cyber attack, discovered in the early hours of Friday morning, was a “human operated ransomware attack where they would seek to get access to data and seek a ransom for it”.

The HSE had not received a ransom demand “at this stage” and was at a very early point in understanding the threat, he added.

“It’s a very sophisticated attack, not just the standard attack. It is impacting all of our national and local systems that would be involved in all of our core services,” Reid told national broadcaster RTE.

“The vaccination programme continues thankfully, it’s a separate system.”

Reid said the attack was largely affecting information stored on central servers and not hospital equipment.

Dublin’s National Maternity Hospital said there would be significant disruption to all services on Friday. Another maternity hospital in the capital cancelled all outpatient appointments for the day other than those for women 36 weeks pregnant or in need of urgent care.

At Cork University Hospital, Medical Oncologist Seamus O’Reilly his staff arrived at the city’s largest hospital arrived to paralysis of its IT systems with all computers switched off.

“Our main concern is patient safety and results that might be outstanding, laboratory data that needs to be available to manage patient care today. It’s very distressing for patients,” he told RTE.

Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups. Users are left locked out of their systems, with the demand of a ransom to be paid to restore computer functions.

They differ from a data breach or other types of hacking, which may steal large batches of customer data or other information from companies or individuals.