2 min

The Irish government has taken the Health, Safety & Environment (HSE) IT systems offline following a cyber attack. With this, the authority is trying to prevent further damage.

With HSE systems down, it is expected that several hospitals will encounter problems, although the full extent of these problems is not yet clear. Some hospitals have already had to cancel appointments. Stephen Donnelly, the Minister of Health, speaks of a serious impact. “We are working to ensure that the systems and the information are protected. Covid-19 testing and vaccinations are continuing as planned today.”

Several attacks preceded

The attack began Friday morning at around 4.30 am, the Irish Times reports. On Thursday, the authority already suffered “two or three” DDoS attacks, although these happen more often. Later, a hospital’s email systems went offline, forcing IT staff to reset all users’ passwords individually. After the most recent attack, which the HSE describes as the “main attack”, IT staff shut down systems as a precautionary measure. This was to protect data and gain time to assess the situation with security partners fully.

Few details available

Many details about the main attack are not available. There is talk of ransomware, but exactly what software is used for this and which party is behind it is still unclear. No ransom has been demanded yet. It is possible that not only was information encrypted, but that the attackers also stole information. This would allow them to demand a double ransom. Firstly, they could ask for money to make the encrypted data available again, and secondly, the attackers could threaten to share the stolen data on the Internet.

Ransomware on the rise

Ransomware has become more frequent and widespread recently. Last week, an oil pipeline in the United States was down for days after attackers encrypted relevant computer systems. The victims have since transferred 5 million dollars to the attackers, and the oil pipelines are up and running again. A European branch of Toshiba Tec, a Toshiba subsidiary that specialises in printers and POS systems, was also found to have fallen victim to a ransomware attack this week. Both of these attacks appear to have been carried out by the Russian hacker group DarkSide.