December 4, 2022

Ireland’s Healthcare System Works to Rebuild After Ransomware Hit

Ireland’s public healthcare system is rebuilding 2,000 applications and other systems from scratch after a ransomware attack that disrupted operations at hospitals, doctors’ offices and other services across the country.

Technology experts and external consultants working with the Irish Health Service Executive are taking steps to make sure the ransomware is eradicated from the organization’s computers, said Ossian Smyth, Irish minister of state for communications.

“We’re focused on firefighting, resolution, cleanup and rebuild,” he said.

Attackers used ransomware known as Conti to attack the healthcare system last Friday and had attempted to hack the Irish Department of Health one day earlier, the government said. The Irish government said it received a ransom demand that it won’t pay, but hasn’t confirmed the amount hackers sought. The country’s Department of Social Protection also fended off a similar attempted cyberattack six months ago, Mr. Smyth said.

Some health services are still disrupted and X-ray appointments are canceled, the HSE said Wednesday. The HSE advised employees to keep work devices turned off and said they are working to restore email and

Microsoft Corp.’s

Teams services.

Security consultants are creating a new network on which experts will rebuild the software systems, making sure there are no lingering traces of the ransomware, Mr. Smyth said. Hundreds of people are involved in the restoration of around 2,000 distinct systems from hospitals, doctors and clinics, many of which were previously operated by religious or private organizations and were later absorbed into the public organization, he added.

Paul Reid, director-general of the HSE, said this week it will likely cost tens of millions of euros and take weeks to repair technology systems damaged by the ransomware.

Three systems that the HSE created in the last year to deal with the Covid-19 contact tracing, testing and vaccine management weren’t affected by the attack because they are based on new cloud technology, Mr. Smyth said. “I’d imagine the legacy systems on physical servers in data centers are probably much more vulnerable,” he said.

Richard Corbridge, who was the HSE’s chief information officer until 2017, said the organization’s technology infrastructure includes large-scale hospital systems that have been in use since the 1980s.

Irish officials don’t know was behind the HSE breach, but believe the attackers bought the Conti ransomware from another group of hackers, Mr. Smyth said. He declined to say which country the group selling the ransomware comes from.

Cybersecurity company

CrowdStrike Holdings Inc.

said in an October report that a Russia-based group known as Wizard Spider uses Conti and other ransomware strains. Conti is designed to extort victims and attackers have used it to steal data and then threaten to publish it online unless victims pay.

Mr. Smyth said the hackers are very likely to publish stolen data from the HSE online and investigators are checking dark web forums, Mr. Smyth said. “We do have a responsibility to reassure people and prepare them for when that happens,” he said.

In other cases, hackers who have used the Conti ransomware look for sensitive information to steal and then provide an analysis of their ransom fee based on the type of data they have, damage to the organization, and whether exposing the data could lead to regulatory investigations or fines, said

Ronan Murphy,

chief executive officer of Smarttech247, a cybersecurity company based in Cork, Ireland.

“These guys know what’s valuable and what’s not. They’re going to have their homework done, they’re going to take the data that’s going to inflict the most pain,” he said.

Mr. Murphy said that in prior negotiations he conducted with Conti hackers, he found that after receiving payment, they ultimately restored data they had encrypted. Smarttech247 is helping hospitals investigate and monitor their networks for possible ransomware infections related to the HSE attack.

Last week’s attack on the HSE had much more significant effects in Ireland than the 2017 WannaCry attack that hit the U.K.’s National Health Service, among several organizations, Mr. Smyth said. The Conti attack was crafted specifically to disrupt Irish healthcare, he said.

After the WannaCry incident, U.K., officials sent a warning to the HSE, said Mr. Corbridge, then CIO of the Irish system. Technology staff had several hours to prepare for the attack and quickly disconnected the healthcare system from the internet, he said. The HSE tripled its help desk staff over that weekend four years ago and updated its systems.

The moves prevented disruption, he said. “It was a Friday, Saturday and Sunday in May without a pandemic. It was a time when the healthcare system had a little more capacity than it does today,” he said.

Write to Catherine Stupp at [email protected]

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Tesla Drivers Test Autopilot’s Limits, Attracting Audiences—and Safety Concerns

May 20, 2021

May 20, 2021

Param Sharma, 25, has posted multiple videos to Instagram in which he appears to operate a Tesla while in the...

Chip Shortage Brings Frustration but More Business to Industry’s Middlemen

June 13, 2021

June 13, 2021

TAIPEI—When buyers need chips in a pinch, they turn to Erik Drown, a middleman who is able to source scarce...

Food Giant ADM Bolsters Its Defense Against Hacks, CEO Says

June 24, 2021

June 24, 2021

Agriculture company Archer Daniels Midland Co. ADM 0.70% is shoring up defenses against what it views as inevitable cyberattacks, its...

Computers Speaking Icelandic Could Save the Language From ‘Stafrænn Dauði’ (That’s Icelandic for ‘Digital Death’)

May 21, 2021

May 21, 2021

Telma Brigisdottir, a middle-school teacher in suburban Iceland, arrived at her classroom on a recent morning in March eager to...

FBI Director Compares Ransomware Challenge to 9/11

June 4, 2021

June 4, 2021

FBI Director Christopher Wray said the agency was investigating about 100 different types of ransomware, many of which trace back...

Lordstown Motors Executives Sold Stock Ahead of Reporting Results and Before Troubles Came to Light

June 21, 2021

June 21, 2021

Several top executives at Lordstown Motors Corp. RIDE 3.30% sold off chunks of stock in the electric-truck startup ahead of...

What I’ll Remember Most About My Pandemic Year: A Teen Time Capsule

June 26, 2021

June 26, 2021

By WSJ Staff June 26, 2021 11:00 am ET This past year has had a particularly profound impact on teenagers:...

Roku Shares Fall 8% After Hours on Slower Account Growth

November 3, 2021

November 3, 2021

Roku Inc. reported a slowdown in new active accounts for its streaming services in the latest quarter and guided for...

Gene Therapy, High-Tech Goggles Restore Some Vision to Blind People

May 24, 2021

May 24, 2021

Scientists are making dramatic strides toward a goal that once seemed almost unimaginable: Restoring limited vision to people affected by...

KKR, CD&R Strike $5.3 Billion Deal to Buy Cloudera

June 1, 2021

June 1, 2021

Cloudera’s shares have had a rocky run since their public-market debut in 2017. Photo: Michael Nagle/Bloomberg News Updated June 1,...

Hackers Stole $650,000 From Nonprofit and Got Away, Showing Limits to Law Enforcement’s Reach

June 7, 2021

June 7, 2021

Just before Christmas 2020, hackers began to steal from One Treasure Island, a nonprofit that is redeveloping its namesake island...

Indian Police Visit Twitter’s Office After Politician’s Tweet Is Labeled as Misleading

May 25, 2021

May 25, 2021

Indian police visited Twitter Inc.’s office in New Delhi to investigate the company’s labeling of tweets from a ruling party...

Airbnb Adapts to the Post-Pandemic Traveler—and Host

June 11, 2021

June 11, 2021

Travel is picking up again, and so is Airbnb Inc.’s business. After a big drop in revenue, job cuts and...

How to Make Workplace Technology Accessible to Everyone

June 11, 2021

June 11, 2021

Many companies struggle when it comes to providing inclusive technology in the workplace. People with disabilities routinely face challenges in...

Permanent Cap on Delivery-App Fees Proposed for New York City

June 24, 2021

June 24, 2021

The New York City Council is considering a legislative package aimed at significantly regulating the food-delivery app industry, including permanently limiting...