Expert Opinion – Irish Health Service Ransomware Attack

Expert Opinion - Irish Health Service Ransomware AttackImage | Pexels.com

It has been reported that the Irish health service has been hit by a significant ransomware attack and has temporarily shut down its IT system to protect infrastructure and assess the scale of the attack.

The Republic’s Health Service Executive (HSE) said it had shut down its entire IT network as a “precaution”. It said COVID-19 vaccination appointments were not affected by the cyber attack and were going ahead as planned.

There is a significant ransomware attack on the Irish Health Service IT systems,” the HSE said on Twitter. “We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.” It added: “We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available. “Vaccinations not affected are going ahead as planned.”

Here we feature comments from a range of leading healthcare cybersecurity experts:

“Whenever we see an attack on healthcare services, it is always a serious concern because it can have a direct impact on the safety and lives of people. Given the increased ransomware attacks against health organizations, it is simply no longer sufficient to merely be compliant with security frameworks. Remember, ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means. While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the infection in the first place. And the best way to prevent ransomware infections is to address the infection vectors by hardening systems, patching vulnerabilities, ensuring systems are configured securely, and preventing phishing. Also, security training for all personnel is a critical element of any cyber defense strategy.” comments Dean Ferrando, Systems Engineering Manager (EMEA) at Tripwire.

Health Industry Remains Vulnerable to Ransomware Attacks

“It’s a distressing fact that Health and Social Care providers have become the targets of choice for cybercriminals and ransomware attacks over the past year or two.” Said Brian Higgins, Security Specialist at Comparitech.

“It’s because the sector is highly vulnerable and these types of attack offer the perpetrators a number of ways to exploit their victims. Firstly, they will hold the organisation’s data hostage and demand money for its ‘decrypted’ return. This is the standard methodology and is best mitigated by regular, air-gapped data back ups and comprehensive staff awareness training. Lately, criminal organisations have upped their game by releasing selected data sets online to further pressurise victims into ignoring advice or protocols and paying up before any incident response has time to take hold. Finally, and this is why the Healthcare sector is so vulnerable, they will make their attack public as soon as they can so that the customers or patients of the victim organisation will start to panic that their personal information has been stolen.

“Because of the pandemic and because the data is so personal, anyone who even thinks they might be affected will be far more likely to fall victim to follow-up scams that play on their fears and convince them to share more information. These follow-up scams will come via text, email, social media, telephone or sometimes even in person. In this case, Criminals will pretend to be from the Republic’s HSE or a related organisation and ask for login credentials and/or bank details so that they can re-set account security following the attack. It is very difficult to resist this type of approach but at the same time, it is absolutely vital that people hold their nerve and any requests like this are reported and ignored. It is all too easy to fall victim and make a bad situation even worse. Give the HSE a chance to deal with the problem and be careful with your personal information.” Continues Higgins.

Lucrative Opportunity for Cyber Criminals

“Recognizing the dark web operates its own economy with the same basic economic principles of supply and demand. The growth and diversity of specialised attack services such as this ransomware attack and other types of denial of service type attacks continues. Out of all the various types of cyber crime activities, ransomware is the one activity that has a high direct return of investment associated with it, by holding the victims’ ransom for financial payment. Taking the global economic environment and current market conditions into consideration, cyber criminals will of course continue to focus their efforts on this revenue generating stream.” Cautions Niamh Muldoon, Global Data Protection Officer at OneLogin.

“Cybercrime has no geographical boundaries and the more we can collaborate together, the more we will be successful in our fight against it.

“I like to ‘Keep it Real – Cybersecurity is now part of everybody’s life”. We, therefore, need to be “Thinking Global ” on it but most importantly, `Acting Local’. That starts in our homes and community environment, including public health care systems.  

“As digitalization continues to transform our lives I believe we will continue to see more cybercrime happening. We, therefore, need to educate everybody on the associated threats and best practices to adapt to reduce their risk of becoming victims to cybercrime. 

“I think now is the time for the local Irish Government to stand-up and be counted here, from IDA statistics we know 6 out 10 cybersecurity security software companies are located here in Ireland that are accompanied with our top talent pool for cyber security here in Ireland above the  EU average by 10% the technologies and expertise exists what’s needed is the government investment and initiative to strengthen the relationship between public and private section to protect our nation.” Concludes Muldoon.