CRIME HSE shuts down IT system after 'significant' cyber attack [Irish Health Service]

[Melodi]

And now it is Ireland's turn, now that this story is on CBS news I figured it was time to post it here-not only is the Irish Health Service shut down but it is now affecting things like foster care. I do wonder how far this attack is going to go and just how long companies and governments will keep paying to get their information back?

HSE shuts down IT system after 'significant' cyber attack
Updated / Friday, 14 May 2021 10:44

Paul Reid said the cyber attack is impacting all national and local systems involved in all core services (Pic: RollingNews.ie)

The Health Service Executive has temporarily shut down its IT system following what it described as a "significant ransomware attack".

The health body said it had taken the precaution of shutting down its systems to further protect them, and to allow it to assess the situation.

The issue has led to Dublin's Rotunda Hospital cancelling most outpatients visits today.

The maternity hospital said all outpatient visits are cancelled - unless expectant mothers are 36 weeks pregnant or later.

All gynaecology clinics are also cancelled today.

However, the hospital said those with any urgent concerns should attend as normal.

The National Maternity Hospital at Holles Street in Dublin has also said there will be 'significant disruption" to its services today.


St Vincent's University Hospital in Dublin said that, while the situation was an evolving one, no patient appointments have been cancelled at this time.

The HSE has apologised to patients and the public and said it would give further information as it becomes available.

It has confirmed that Covid-19 vaccinations are going ahead as normal.




HSE Chief Executive Paul Reid said it is working to contain a very sophisticated human-operated ransomware attack on its IT systems.

Speaking on RTÉ's Morning Ireland, he said that the cyber attack is impacting all national and local systems involved in all core services.

Mr Reid said it is a very significant and serious cyber attack and the HSE has taken all precautionary measures to shut down systems to protect them.


More will be known later this morning in relation to impact on services, but unless patients are informed otherwise they should continue to attend appointments, other than at the Rotunda Hospital in Dublin.

The HSE is working with the national security cyber team, gardaí and third-party cyber support teams.

The attack is focused on accessing data stored on central servers, Mr Reid explained.

He said it is a major incident but added that no ransom demand has been made at this stage.

The Rotunda has cancelled a number of outpatient appointments
Also speaking on Morning Ireland, Master of the Rotunda Hospital Professor Fergal Malone said they discovered during the night they were victims of the ransomware attack, which is affecting all of the hospital's electronic systems and records.

He said he believed it has also affected other hospitals.

"We use a common system throughout the HSE in terms of registering patients and it seems that must have been the entry point or source. It means we have had to shut down all our computer systems."

He said all patients are safe and the hospital had contingency plans in place so it can function normally using a paper-based system.

However, this would slow down the processing of patients, which is why they are looking to limit the numbers attending appointments today.

Prof Malone said lifesaving equipment is all operating fine and it is just the computers with healthcare records that have been impacted.


"We have systems in place to revert back to old fashioned based record keeping," he said.

"Patients will come in in labour over the weekend and we will be well able to look after them."

Prof Malone could not predict how long it will take to rectify the issue but said they will take it day-by-day.

He said a team is looking to resolve the issue.

Professor Seamus O'Reilly, oncologist at Cork University Hospital, said all of the hospital's computers have been switched off because of the cyber attack.

He said the HSE acted quickly and its main concern is patient safety. He said it is distressing for patients who are awaiting results and "living in that zone of uncertainty".

"There is a lot of distress in our clinics and wards today because of this."

He said cancer care is very time dependent on technology and the hospital is anxious to go ahead with treatment. Prof O'Reilly said this cyber attack raises issues of firewalls and back-up systems, which are so important.

The systems are already pressured dealing with Covid-19 and this has added to that, he commented.

Chair of the Association for the Improvement in Maternity Services in Ireland Krysia Lynch said the ransomware attack is an acute and unprecedented event.

Also speaking on Morning Ireland, she said now is the time to ask the HSE if it has patient records stored in a robust way and if it has proper cyber defences for this type of ransomware.

"If they are moving to electronic records for all maternity hospitals they need to have their assurances in place as its very difficult o have maternity services disrupted in this way".

She said the big issue is not so much that pregnant women might miss an appointment, but the big issue currently for them is to enable them to have their partner to be with them during labour, which is still in question due to Covid-19 restrictions.

"This is obviously compounding that as they haven't been able to have their partners with them, attend scans and of course appointments will have to be rescheduled."

She said people within maternity care services have felt a "general sense of dissatisfaction" with what has been available to them in the last few weeks.

However, she said the important thing is that this is being done for people's safety and individual patient records are safe.

Professor Donal O'Shea, consultant endocrinologist at St Columcilles Hospital in Dublin said they were alerted to the cyber attack this morning, when those working remotely could log on to a meeting while anyone working in the hospital could not access their computers.

Speaking on Today with Claire Byrne he said it is an "unfolding situation" and he anticipates there will be clinical implications because of not being able to access computers to get results.

He described the ransomware attack as similar to traditional hijacking in some ways.

"The same decisions have to be made, do you give in to the demand and all the repercussions are the same. It is incredibly stark," he said.

He said anytime outpatient appointments are cancelled at short notice, you have to look at the people who were due to be there and if there are any individuals who might need to be contacted.

"If we had their results or in the case of maternity settings if they were particularly high risk."

He said cancelled appointments lead to problems if they are not managed but said that Covid-19 has led to improvements in dealing with unforeseen events.

He said there will be a "differential impact" of this cyber attack across hospital settings.

He said face to face appointments will still happen at the hospital today but some virtual clinic appointments for obesity services have been postponed.

He said anything due to happen virtually or anything related to electronic records won't be happening.

 

[WalknTrot]

They didn't wait long.

Caving in to terrorists leads to more terrorism.

 

[Melodi]

And as expected it gets worse, I will try to keep covering this because it may be a preview of "things to come" (I hope not)...

'We will not be paying any ransom' over cyber attack

Taoiseach Micheál Martin has said it will "take some days" to assess the impact of the cyber attack on the Health Service Executive's IT system.

www.rte.ie

Possibly 'the most significant cybercrime attack on the Irish State', says minister
Updated / Friday, 14 May 2021 13:54

The NCSC said it is also working with the HSE to identify the technical details of the malware

The cyber attack on Health Service Executive computer systems is "possibly the most significant cybercrime attack on the Irish State", the Minister of State for Public Procurement and eGovernment Ossian Smyth has said.

Speaking on RTÉ's News at One Minister Smyth said this attack "goes right to the core of the HSE's system" but it is "not espionage".

Mr Smyth said, "It was an international attack, but these are cyber criminal gangs, looking for money.

"What they're attempting to do is to encrypt and lock away our data, and then to try to ransom it back to us for money."

Minister Smyth said the Government is "deploying everything" in response to this.

"It's widespread. It is very significant, and possibly the most significant cybercrime attack on the Irish State.

"We are deploying everything to respond to this, and the way that's working is, for starters, it's a criminal investigation.

"So the Garda National Cyber Crime Bureau is involved, and also we brought in a world class cyber security company for assistance.", he said.

The National Cyber Security Centre (NCSC) has said the HSE became aware of a significant ransomware attack on some of its systems overnight and the NCSC was informed of the issue and immediately activated its crisis response plan.

In a statement, the NCSC said it is intensively engaging with the HSE and deploying its resources to fully support the HSE in identifying the affected systems and to bring all systems back online.

The NCSC said it is also working with the HSE to identify the technical details of the malware used in this incident and will issue an advisory later to share these details.

The NCSC is also engaging with EU and other international partners to share information on this incident and to ensure that the HSE has immediate access to international cyber supports.





Some health service disruption after HSE cyber attack
What we know so far about the HSE cyber attack

The Office of the Government Chief Information Officer (OGCIO) has said it is providing support to the HSE and as a precaution has closed any entry points between the HSE IT infrastructure and the Government Network.

While not directly responsible for the HSE it does provide IT services/support and security to a range of Government bodies.

In a statement, it said infrastructure teams in OGCIO have been investigating and monitoring our networks for any evidence of cyber-attacks.

They have not found any unusual or suspicious activity or any warnings from our monitoring tools. They are continuing to investigate the potential threat but there is no evidence of any breach.

The NCSC is also engaging intensively with the HSE and the OGCIO in a co-ordinated response to identifying the systems that have been affected with the aim of bringing all systems back online as soon as it is safe and prudent to do so.

Speaking on RTÉ's News at One, Mr Smyth has said that the cyber attack on the HSE is "the one that got through".

He explained that there is a "constant bombardment" on State data.

"These types of attacks happen all the time, so that people are aware. State agencies are under constant attack, and what the National Cyber Security Center does is that they provide advice and defenses to 150 different parts of the State.

"It is just a constant bombardment. This is the one that got through."

Minister Smyth said there will be a "gradual reopening" of services as the NCSC deems that it is safe.

"What they (NCSC) are doing now is going through the network, and step-by-step, they are clearing through each section, each subunit of the network, and when it's safe, they're reopening.

"And what we will see is a gradual reopening of services, as the network is brought back online, but that will continue throughout the weekend, and possibly longer."

The minister said that "absolutely every resource" will be put into finding those responsible for the cyber attack and there will be a detailed criminal investigation.

"We will certainly find what the vulnerability was and clear that. But it is difficult to pursue people internationally but we will certainly try to make sure that its not worth their while."

 

[subnet]

Who needs backups when you can just pay a ransom

 

[Melodi]

From the other Irish online news source The Journal (same headline, different article) - oh and thankfully they only started switching to electronic systems here about five years ago, so most people still know how to use the paper system which they are talking about using as a temporary measure. My concern is this will spread to other departments or to private businesses here.

HSE confirms ransom has been sought over cyber attack but says it will not be paid

HSE chief Paul Reid said it was “quite a sophisticated” attack, and a “major incident”.

www.thejournal.ie

HSE ransomware attack is 'possibly the most significant cyber attack on the Irish State'
HSE chief Paul Reid said it was “quite a sophisticated” attack, and a “major incident”.
7 hours ago 113,655 Views 133 Comments
Share82 Tweet Email1

Image: Shutterstock/solarseven
Updated 18 minutes ago
THE HSE IS grappling to continue healthcare services today after a “sophisticated” ransomware attack that the HSE chief executive called a “major incident” and the Irish Government called “possibly the most significant cyber attack on the Irish State”.

The HSE was made aware of the attack during the night, and has shut down all national and local IT systems in order to protect them from encryption by attackers.

Because computers are shut down as a precautionary measure, some health services today are affected: the extent of the disruption varies from each hospital and service.

HSE CEO Paul Reid said it was “quite a sophisticated” attack, a “major incident” for the health service, and is a “human-operated” cyber attack. He said that information technology systems and data stored on central servers are being targeted.
Minister of State for Public Procurement and eGovernment Ossian Smyth told RTÉ’s News At One that the attack was not espionage, and that it was an international attack.

This is a very significant attack, possibly the most significant cyber attack on the Irish State.

He said that the motive is to encrypt private data, and threaten to publish the data if a ransom is not paid.
Indications from HSE and government representatives are that a ransom demand has not yet been made.
Security sources have said that the most likely suspects for the attack are criminals who are ‘state actors’.

“This is an almost daily occurrence, and the HSE were targeted this time. In terms of cyber security the most difficult thing is that these hackers are state backed and are most likely from North Korea, Russia or China,” a cyber security source said.
HSE: Health services may not be back by Monday




Equipment in intensive care units, and other ‘standalone’ infrastructure in hospitals, has not been affected by the attack. But computers used to monitor scans cannot be turned on, based on a cautionary approach; and lab test results could possibly be delayed.

“We are at the very early stages of fully understanding the threat, the impacts,” Reid said on RTÉ’s Morning Ireland before 8am. A list of health services that are and are not operating have been published this lunchtime.

“[For now] everyone should continue to come forward [for hospital appointments] until they hear something different from us, in terms of services impacted,” Reid said.

Source: Leon Farrell
HSE Chief Operations Officer Anne O’Connor said that this was a ‘day zero’ attack, meaning that it is a new cyber virus that escaped past its virus defence system.

“We had no warning, we don’t know what it is… There is no previous known experience of this. The risk for us is that if we turn on a system, it would get in.”

Minister of State Smyth said that what was happening now, was cyber security teams aiding the HSE were going through the HSE network step-by-step, clearing it and reopening it. This would continue throughout the weekend and possibly beyond that.

Indications are that it’s “high impact but possibly low-transmissibility”, he said, and is targeting the core of the HSE system: backups and anything that controls user data.

“This could go on for a number of days, we don’t know yet,” Anne O’Connor said, adding that it was unlikely to be solved by today or tomorrow.

One positive is that we’re heading into the weekend… if this has not been resolved by Monday, we will be in a very serious situation and we will be cancelling services.

O’Connor added that if that were to happen, it would be particularly tricky as “we don’t even know who to cancel on”, as they don’t have access at the moment to their IT system.

What health services are affected
Scheduled Covid-19 tests will go ahead as planned, the HSE said – but the GP and close contact test referral system is down, so walk-in centres may have to be used.

The Covid-19 vaccination programme has not been affected by the attack, and people should attend those appointments as normal.

The child and family agency Tusla released a statement to say that its emails, internal systems, and the portal through which child protection referrals are made, are not operating.

RELATED READS
14.05.21Covid-19: GP and close contact referral system down, patients advised to attend walk-in centres
14.05.21Explainer: What is a ransomware attack and why has the HSE been targeted?

Anyone who wants to make a referral about a child can do so by contacting the local Tusla office in their area; details of local offices are available here.

Health Minister Stephen Donnelly said that he and Reid are working to ensure that HSE systems and the information is protected.

“This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the National Ambulance Service.”
The list of services that are and are not affected by the cyber attack can be found here.

NPHET response
At this afternoon’s briefing of the National Public Health Emergency Team (NPHET), chief medical officer Dr Tony Holohan said that the issue is “impeding” the ability of the HSE to carry out its Covid-19 testing as normal.

He said that the “ability to efficiently arrange testing” is impeded by the cyber attack.

Dr Holohan urged people to still follow the “basic public health messaging” if a person has symptoms, such as self-isolating, even if they have to wait longer to receive a test and a result.
“I’m appealing to people not to be distracted by this,” he said.

“I don’t know when this is going to be resolved… People are working to rectify this as quickly as possible.”
Dr Holohan added that the HSE is putting in place arrangements for people to have access to testing, which includes walk-in centres.

He added that the issue had affected the Department of Health, also, as they’ve been unable to send or receive emails today.


Maternity hospitals
The Rotunda Maternity Hospital in Dublin has cancelled all non-urgent appointments and other hospitals are likely to be impacted.

Master of the Rotunda Hospital Professor Fergal Malone told Morning Ireland that logging into electronic healthcare records, and the ability to access patient demographics, is the issue.

A contingency plan has been put in place to revert back to the “old-fashioned” paper-based system, he said, but added that “throughput would be much slower” this way.

As you can imagine, when a new patient patient arrives at the front door of the hospital, traditionally you type in her name into a computer and get hold of her details – that can’t happen now, so we have to do that by hand and paper.

In a separate statement issued this morning, a Rotunda spokesperson said: “All appointment have been cancelled for today Friday 14th May. The only exception are for patients who are 36 weeks or over pregnant.

“Otherwise you are asked NOT to attend at the Rotunda unless it is an emergency. The Rotunda will issue updated information as soon as possible.”

The National Maternity Hospital at Holles Street said that there will be “significant disruption” to its services today as a result.

“If you have an appointment/need to come to the hospital, please come as normal. We ask that you please bear with us,” it said.

The National Cyber Security Centre (NCSC) and Gardaí are working with the HSE on the issue. The NCSC is also liaising with the EU and other international agencies.
With reporting from Órla Ryan, Niall O’Connor and Sean Murray.

 

[Melodi]

'Substantial cancellations' following HSE cyber attack

The Health Service Executive has said there is "substantial cancellations across all outpatient services with widespread cancellation of radiology services" following a ransomware attack on its IT systems.

www.rte.ie

Rebuilding HSE systems will be 'slow and methodical'
Updated / Saturday, 15 May 2021 12:30

The issue forced the cancellation of many outpatient clinics, as well as disruption to diagnostic tests and certain treatments
By Will Goodbody
Business Editor

The Health Service Executive has said rebuilding its IT system following a ransomware attack will be "a slow and methodical process".

Efforts are continuing to assess the impact of yesterday's attack on the HSE, healthcare facilities and services.

The HSE has said it will take a number of days before its systems, which were shut down early yesterday morning, are restored.

HSE and National Cyber Security Centre officials, along with external IT contractors and gardaí, continued their efforts throughout the night to figure out the extent of the ransomware infection and whether sensitive patient data has been compromised.

In the HSE's latest update, it said: "Some progress was made overnight on laying the foundation step on which we can then begin the attempt to rebuild the core of the system.

"However, this will be a slow and methodical process from here, putting pieces back up and testing them one by one.

"This an important first step but there is a lot more work ahead."

The breach is thought to have been carried out by an international group of hackers and has been described as possibly the most significant cybercrime attack on the Irish State.

Yesterday, it resulted in a near complete shutdown of the HSE's national and local network, forcing the cancellation of many outpatient clinics, as well as disruption to diagnostic tests, certain treatments and administrative procedures.

HSE sources have indicated that the process of restoring the systems cannot begin until they have all been assessed and cleared of any virus.

That means that it could be several days before services come back online again, with the result of further disruption over the weekend at very least.

The HSE and the Government have stated that no matter what the hackers ransom demands are, nothing will be paid.

The HSE's Chief Operations Officer has said that since the IT systems were shut down as a precautionary measure, they are "some way off" to having systems back.



'We will not be paying any ransom' over cyber attack - Taoiseach
Latest coronavirus stories

"The reality is our system will be impacted, we believe, for this week," Anne O'Connor said on RTÉ's Brendan O'Connor programme.

She said as they deal with the consequences, their priority is that they can provide services to people across health services including emergency services and Covid-19 testing and vaccinating.

Ms O'Connor said they have been working to assess the impact and to see what they can do in terms of the provision of services.

She warned that for those who are presenting for routine appointments they have no access to patients' previous scans, tests or blood results because of the computer systems remaining shut down.

It is a "complicated way" of providing services because of this, she acknowledged.

She said many of the hospitals sites had pulled files for Monday, but in some settings there is still a challenge knowing who is due to attend an appointment and equally knowing who to prioritise.

She also said their entire imaging system has been affected so anyone who would be coming in for a CT scan or a different types of diagnostics, that system is down with no access to previous tests either.

"That is where our real risks lies," Ms O'Connor said.

The HSE are working with hospitals and health service providers around the country where different scenarios are playing out, she said.

Some hospitals are cancelling routine appointments and Ms O'Connor's advice is for those who were due to have an appointment to keep an eye on the HSE website for updates.

"Unfortunately it is a different picture in different parts of the country, which makes it more complicated from an indications exercise, but important for us not to cancel things where they we don't need to.

"We will say to people to keep an eye on the website and local hospital website as well if they are to attend appointments. In the main what we are saying is we are prioritising urgent and time dependent work."

Ms O'Connor also encouraged people to turn up for Covid-19 test and vaccination appointments, as they are going ahead as planned.

 

[Melodi]

HSE confirms ransom has been sought over cyber attack but says it will not be paid

HSE chief Paul Reid said it was “quite a sophisticated” attack, and a “major incident”.

www.thejournal.ie

HSE confirms ransom has been sought over cyber attack but says it will not be paid
HSE chief Paul Reid said it was “quite a sophisticated” attack, and a “major incident”.
Fri 7:22 AM 203,699 Views 202 Comments Share113 Tweet Email3

Updated 17 hours ago

THE HSE IS grappling to continue healthcare services today after a “sophisticated” ransomware attack that the HSE chief executive called a “major incident” and the Irish Government called “possibly the most significant cyber attack on the Irish State”.

The HSE was made aware of the attack during the night, and has shut down all national and local IT systems in order to protect them from encryption by attackers.

Because computers are shut down as a precautionary measure, some health services today are affected: the extent of the disruption varies from each hospital and service.

The HSE has confirmed that a ransom has been sought but it will not be paid in line with State policy.

HSE CEO Paul Reid said it was “quite a sophisticated” attack, a “major incident” for the health service, and is a “human-operated” cyber attack. He said that information technology systems and data stored on central servers are being targeted.

Minister of State for Public Procurement and eGovernment Ossian Smyth told RTÉ’s News At One that the attack was not espionage, and that it was an international attack.

This is a very significant attack, possibly the most significant cyber attack on the Irish State.
He said that the motive is to encrypt private data, and threaten to publish the data if a ransom is not paid.

Speaking this evening, Taoiseach Micheál Martin said it would take “some days” to assess the impact of the cyber attack.

He was also clear that no ransom would be paid, and said that it would be dealt with in a “methodical way”.

Security sources have said that the most likely suspects for the attack are criminals who are ‘state actors’.

“This is an almost daily occurrence, and the HSE were targeted this time. In terms of cyber security the most difficult thing is that these hackers are state backed and are most likely from North Korea, Russia or China,” a cyber security source said.

HSE: Health services may not be back by Monday


Equipment in intensive care units, and other ‘standalone’ infrastructure in hospitals, has not been affected by the attack. But computers used to monitor scans cannot be turned on, based on a cautionary approach; and lab test results could possibly be delayed.

“We are at the very early stages of fully understanding the threat, the impacts,” Reid said on RTÉ’s Morning Ireland before 8am. A list of health services that are and are not operating have been published this lunchtime.

“[For now] everyone should continue to come forward [for hospital appointments] until they hear something different from us, in terms of services impacted,” Reid said.

NO FEE HSE weekly update 001 (1)
Source: Leon Farrell

Speaking later to RTÉ’s Six One News, Reid said updates would be provided throughout the weekend for patients and service users as to what the situation would be on Monday.



“We’re assessing the impact across each our of national and local systems,” he said. “Before we can go to the recovery stage, we have to be sure that in bringing them up we’re not compromising them again.”

HSE Chief Operations Officer Anne O’Connor said that this was a ‘day zero’ attack, meaning that it is a new cyber virus that escaped past its virus defence system.

“We had no warning, we don’t know what it is… There is no previous known experience of this. The risk for us is that if we turn on a system, it would get in.”

Minister of State Smyth said that what was happening now, was cyber security teams aiding the HSE were going through the HSE network step-by-step, clearing it and reopening it. This would continue throughout the weekend and possibly beyond that.

Indications are that it’s “high impact but possibly low-transmissibility”, he said, and is targeting the core of the HSE system: backups and anything that controls user data.

“This could go on for a number of days, we don’t know yet,” Anne O’Connor said, adding that it was unlikely to be solved by today or tomorrow.
One positive is that we’re heading into the weekend… if this has not been resolved by Monday, we will be in a very serious situation and we will be cancelling services.

O’Connor added that if that were to happen, it would be particularly tricky as “we don’t even know who to cancel on”, as they don’t have access at the moment to their IT system.

What health services are affected

Scheduled Covid-19 tests will go ahead as planned, the HSE said – but the GP and close contact test referral system is down, so walk-in centres may have to be used.

The Covid-19 vaccination programme has not been affected by the attack, and people should attend those appointments as normal.


Covid-19: GP and close contact referral system down, patients advised to attend walk-in centres

Reid said this evening that the portal to register for the vaccine was taken down for a short period but access has been restored this evening for those aged 50-69 to register for their vaccine.

The child and family agency Tusla released a statement to say that its emails, internal systems, and the portal through which child protection referrals are made, are not operating.

Anyone who wants to make a referral about a child can do so by contacting the local Tusla office in their area; details of local offices are available here.

Health Minister Stephen Donnelly said that he and Reid are working to ensure that HSE systems and the information is protected.

“This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the National Ambulance Service.”

The list of services that are and are not affected by the cyber attack can be found here.

NPHET response

At this afternoon’s briefing of the National Public Health Emergency Team (NPHET), chief medical officer Dr Tony Holohan said that the issue is “impeding” the ability of the HSE to carry out its Covid-19 testing as normal.

He said that the “ability to efficiently arrange testing” is impeded by the cyber attack.

Dr Holohan urged people to still follow the “basic public health messaging” if a person has symptoms, such as self-isolating, even if they have to wait longer to receive a test and a result.

“I’m appealing to people not to be distracted by this,” he said.

“I don’t know when this is going to be resolved… People are working to rectify this as quickly as possible.”

Dr Holohan added that the HSE is putting in place arrangements for people to have access to testing, which includes walk-in centres.

He added that the issue had affected the Department of Health, also, as they’ve been unable to send or receive emails today.


Maternity hospitals

The Rotunda Maternity Hospital in Dublin has cancelled all non-urgent appointments and other hospitals are likely to be impacted.

Master of the Rotunda Hospital Professor Fergal Malone told Morning Ireland that logging into electronic healthcare records, and the ability to access patient demographics, is the issue.

A contingency plan has been put in place to revert back to the “old-fashioned” paper-based system, he said, but added that “throughput would be much slower” this way.

As you can imagine, when a new patient patient arrives at the front door of the hospital, traditionally you type in her name into a computer and get hold of her details – that can’t happen now, so we have to do that by hand and paper.
In a separate statement issued this morning, a Rotunda spokesperson said: “All appointment have been cancelled for today Friday 14th May. The only exception are for patients who are 36 weeks or over pregnant.

“Otherwise you are asked NOT to attend at the Rotunda unless it is an emergency. The Rotunda will issue updated information as soon as possible.”

In a statement this evening, the Rotunda said that if you are less than 36 weeks gestation, your appointment for Monday 17 and Tuesday 18 May is cancelled.

All outpatient appointments and inpatient elective surgeries are cancelled.

In terms of paediatric appointments, for babies older than two-weeks-old, their appointment for Monday or Tuesday is cancelled. “If you’re unsure if this affects you, please ring our helpline on 01 211 9351 to speak to a midwife or doctor,” the hospital said.

The National Maternity Hospital at Holles Street said that there will be “significant disruption” to its services today as a result.

“If you have an appointment/need to come to the hospital, please come as normal. We ask that you please bear with us,” it said.

The National Cyber Security Centre (NCSC) and Gardaí are working with the HSE on the issue. The NCSC is also liaising with the EU and other international agencies.

With reporting from Órla Ryan, Niall O’Connor, Hayley Halpin and Sean Murray.

Short URL

HSE confirms ransom has been sought over cyber attack but says it will not be paid

HSE chief Paul Reid said it was “quite a sophisticated” attack, and a “major incident”.

jrnl.ie

 

[rob0126]

Seems like a worldwide trend.

Problem, reaction, I wonder what the solution will be?

 

[Melodi]

Seems like a worldwide trend.

Problem, reaction, I wonder what the solution will be?

I think in Ireland it is looking more and more like the solution may be just to rebuild the system the same way one of the Councils (Counties) in the UK did under a similar attack. They were interviewing someone from that Council on the news last night though and they said the ransom would have been a million pounds and the cost to redo the system was something like 35 times that.

Ireland is a small country and as I mentioned in my first post only seriously started to computerized everything a few years ago - and the last time I went to an appointment one county the computer couldn't get my records from my GP in another country (the computers couldn't talk to each other).

So there may actually be some advantages to essentially just starting over and rebooting each computer one at a time, though I suspect the results are likely to be just a piecemeal as the old system.

What I'm really wondering if this is a "trial run" towards attacking the NHS - UK National Health Service which would be a much bigger deal and a much harder situation to solve independently.

One way forward in the EU might be something like a mandated fund paid into by all countries that fund the recreations of at least government and infrastructure systems after an attack provided a ransom is NEVER paid.

The fund might also be able to provide loans to governments to secure vital computer systems that run things like hospitals, water treatment, power plants, and the like.

I hope it doesn't come to that, but it might; either that or people will just have to go back to paper and manual systems while this is sorted out - just constantly paying ransoms only encourages the pirates.

 

[WalknTrot]

Outfits are going to have to run independent dual systems, or completely isolate their systems from the net.

Or my solution...NEVER give secretaries access to email or the interweb.

 

[Melodi]

Outfits are going to have to run independent dual systems, or completely isolate their systems from the net.

Or my solution...NEVER give secretaries access to email or the interweb.

I don't think that would work here as a huge part of the computerization of the health service here involves checking people in for appointments, making sure their records are there for the GP/Consultant/Nurse to look at, and direct the patient to their next step.

The other problem is that so many people (like contract tracers) work from home (if my health had been better this year I might have applied) and unless there is the money to buy every single person working at home a secure laptop and then bind them with horrific legal consequences for using it for ANYTHING other than the NHS and no one ever-ever (including the eight-year-old) puts a USB stick in it, I don't even see that as a really viable solution.

Though it is becoming obvious, especially after my interview with Social Security in the USA where the poor women obviously had a three-year-old at her feet and wanting Mommy to find his crayons, that if people are going to be working at home with sensitive data, some way is going to have to be found to keep people from just using personal computers and/or find a way to make those personal computers hack-proof.

I am not holding my breath on either one of those - for a time the hospitals in Ireland tried to forbid wifi, which worked until the new medical equipment required it to be able to work. Also, patients just started bringing in their own wifi devices faster than they could be taken away.

 

[et2]

File cabinets ... back up hard drives not connected to the internet and kept off-line from the computer when not in use.

I laugh when they talk about ”the cloud” we’re next. Wait until they steal your money in the banks. Pensions, SSI, etc.

 

[Melodi]

Note at the bottom where it is explained that INSURANCE COMPANIES are part of the problem as it is suggested that they tell their clients just to pay the ransom. I guess maybe they will have to make paying the criminals off actually illegal for that to stop - I'm sure it is cheaper in the short run but it is Danegeld in the long run.

Ex GCHQ boss calls for ban on ransom payments after Ireland targeted

Ciaran Martin, the founding chief executive of GCHQ's Cyber Security Centre (NCSC), spoke after the Irish health service was targeted by international criminals yesterday.

www.dailymail.co.uk

Ex GCHQ boss calls for ban on ransom payments to hackers after criminals targeted hospitals in Ireland and largest pipeline in US closed due to cyber attack

Ciaran Martin is the founding chief executive of GCHQ's Cyber Security Centre

He said the British Government should ban ransomware payments to hackers
Comes after Ireland's health service was crippled by an attack yesterday
Taoiseach refused to pay a ransom demand after patient's care was threatened
By EMER SCULLY FOR MAILONLINE

PUBLISHED: 09:51, 15 May 2021 | UPDATED: 09:58, 15 May 2021

e-mail
13
shares
392

View comments
Britain's ex-GCHQ chief has urged the government to ban ransomware payments to stop criminals profiteering from attacks.

Ciaran Martin, the founding chief executive of GCHQ's Cyber Security Centre (NCSC), spoke after the Irish health service was targeted by international criminals yesterday.

The Taoiseach refused to pay a ransom demand after the Health Service Executive (HSE) was plunged into chaos by the 'most significant cybercrime in the history of the State' which threatened the care of thousands of patients.

And Mr Martin today said making these payments illegal would help stop the funding of organised criminals who forced businesses into helping pay for further attacks.

He told The Times: 'At the moment you can pay to make it quietly go away. There's no legal obligations involved.

Ciaran Martin (pictured), the founding chief executive of GCHQ's Cyber Security Centre (NCSC), spoke after the Irish health service was targeted by international criminals yesterday +5
Ciaran Martin (pictured), the founding chief executive of GCHQ's Cyber Security Centre (NCSC), spoke after the Irish health service was targeted by international criminals yesterday

'There's no obligation to report to anybody, there's no traceability of payment of cryptocurrency. We have allowed this to spiral in an invisible way.'

Mr Martin pointed out there is legislation against paying ransom to terrorist organisations, but where a criminal gang is protected by a hostile state it is allowed - which he described as 'absurd'.

RELATED ARTICLES
Previous
1
Next

Ireland REFUSES to pay ransom demand as hackers paralyse its...

Cyber sleuths find Joe Biden's secret Venmo account in less...
SHARE THIS ARTICLE
Share
He said in cases where the hackers threaten human life an exception should be made.

It comes after hospitals were reduced to pen and paper operations Thursday when the ransomware attack – believed to be by a Russian gang – forced the HSE to shut down major IT systems to protect them.

Online appointments were all cancelled as were some cancer and other specialist consultations, and HSE chiefs warned the health service could be in 'a very serious situation' if the temporary shutdown continues into next week.

Such an event could see thousands of appointments and clinics cancelled.

With the Taoiseach and the HSE both insisting that no ransom will be paid to the hackers, Chief Medical Officer Dr Tony Holohan yesterday said the attack will slow down their ability to organise effective testing and to measure the total number of Covid cases in the country.

Last week, the shutdown of the Colonial Pipeline, which carries 45 per cent of the fuel to the east coast of the US, threatened energy supplies. Pictured, Colonial Pipeline Houston Station facility in Pasadena, Texas

Online appointments were all cancelled as were some cancer and other specialist consultations, and HSE chiefs warned the health service could be in 'a very serious situation' if the temporary shutdown continues into next week (file image) +5
Online appointments were all cancelled as were some cancer and other specialist consultations, and HSE chiefs warned the health service could be in 'a very serious situation' if the temporary shutdown continues into next week (file image)

The HSE's IT services were cripped after a 'well-known' gang of Russian criminals manged to infiltrate the HSE's computer network and used a ransomware virus to encrypt some of the Health Service Executive's data.

The European Union Agency for Law Enforcement Cooperation, EUROPOL, has multiple previous dealings with the digital crime gang.

What is a ransomware attack?
Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups.

Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.

They differ from a data breach or other types of hacking, which may steal large batches of customer data or other information from companies or individuals.

The hackers have demanded payment in Bitcoin, a crypto currency that can be almost impost impossible to trace, in return to unlocked the data they have locked.

The Taoiseach Micheal Martin last night vowed: 'we will not be paying any ransom'.

He acknowledged that there would be a significant impact on healthcare services.

'This is something that has to be dealt with in a methodical way. The system has been shut down. There's an assessment underway, identification of the issues and other processes.

'It will take some days to assess the impact and that is the proper way to do this and we will make those assessments over time. What's important is people co-operate with the HSE, emergency services are open, the vaccination programme continues uninterrupted,' he said.

Several cyber security experts said normally the only solution to situations like this is paying the ransom.

Speaking on RTE Drivetime Barry O'Sullivan, School of Computer Science at University College Cork said it is 'virtually impossible to recover the data without paying the ransom'.

'As much as it pains me to say, a ransom will probably be paid… unless the HSE is able to secure this data from very, very recent data… most likely disruption will be severe, with cancelled appointments,' he said.

The Government believes the hackers tried unsuccessfully to target and lock them out of their 'back-up' drives. This means they believe they can have full services up and running in 72 hours' time.

Dealing with cybersecurity threats is routine for large public and private organisations. Most are unsuccessful, with existing protections keeping an organisation safe.

In the U.S., the nation's largest fuel pipeline was hit with a ransomware attack a week ago. Pictured: Fuel holding tanks at Colonial Pipeline's station in Washington DC +5
In the U.S., the nation's largest fuel pipeline was hit with a ransomware attack a week ago. Pictured: Fuel holding tanks at Colonial Pipeline's station in Washington DC

Vehicles wait in lines at the Costco in Raleigh, North Carolina on Thursday. As the crisis entered its seventh day, fuel headaches continued for motorists in the South even after the Colonial Pipeline restarted operations +5
Vehicles wait in lines at the Costco in Raleigh, North Carolina on Thursday. As the crisis entered its seventh day, fuel headaches continued for motorists in the South even after the Colonial Pipeline restarted operations

Minister of State at the Department of Communications Ossian Smyth said the HSE had suffered 'possibly the most significant cybercrime in the history of the State'.

And last week, the shutdown of the Colonial Pipeline, which carries 45 per cent of the fuel to the east coast of the US, threatened energy supplies.

In the UK the NCSC have been dealing with a rising number of ransomware attacks, with three times more in 2020 than the year before, and the global cost is thought to be as high as £120billion-a-year.

Mimecast, a cybersecurity firm, found almost half of British businesses targeted in the last year paid a ransom.

And Brett Callow, an expert in ransomware trends at cybersecurity specialist Emsisoft, agreed payments should be banned.

He said it would be short term pain, but ultimately would put a stop to future attacks.

Mr Martin also said insurers were part of the problem because they made it easy for companies to pay criminals to make the issue go away.

Britain's education sector was crippled by dozens of ransomware attacks earlier this year, as schools battled to keep children in lessons despite coronavirus lockdown.

The Harris Federation, which runs 50 academies in London and Essex, was faced with a loss of 37,000 pupils' email access, lesson plans and lunch payment systems.

 

[Melodi]

Dare to defy the pirates and have them attack yet another ship...er...a department (the Department of Health is not the HSE)...Melodi

'No sense' other agencies affected by attack - Ryan

Minister for Communications Eamon Ryan has said a cyber attack on the Department of Health "wasn't as extensive" as the similar ransomware attack on the Health Service Executive.

www.rte.ie

Dept of Health responding to cyber attack since Thursday
Updated / Sunday, 16 May 2021 13:19

The Department of Health has shut down its systems and it is working to safely restore its data
By Paul Reynolds
Crime Correspondent

The Department of Health has been the victim of a cyber attack similar to the ransomware attack on the Health Service Executive.

The Department has also shut down its systems and it is working to safely restore its data.

In a statement the Department confirmed that late last week it was subject to a ransomware attack and have been working to respond to the incident since Thursday.

"We continue to assess the impact across all our systems and our focus is on protecting our data," the statement said.

RTÉ News has learned that a digital note from the cyber crime group believed to be responsible has been left on the Department's IT systems, similar to the one discovered at the HSE

The National Cyber Security Centre, along with the gardaí and the Defence Forces, are investigating the attacks.

They are also working with Europol and believe the attack is criminal, not espionage.

Digital footprints of the malware inserted by the criminal group into the Department and the HSE systems are being sent to the Europol Malware Analysis System in the Hague.

These will be analysed to determine the nature of the computer virus and if it has been used anywhere else before.

The attack on the Department of Health is believed to be similar to the attack on the HSE's systems.

Investigators suspect both ransomware attacks have been committed by the same organised cyber crime group, which they believe is eastern European.



The HSE said this morning it is unaware of any of the detail of any ransom request for the restoration of its systems.

It confirmed a message was left on its systems confirming the ransomware attack with a link to click for more information which would lead into a chat on the darknet.

The HSE said it did not engage but passed the information on the National Cyber Security Centre which is the lead response agency in cyber attacks on critical national infrastructure.

 

[Melodi]

Note the cost of fixing this has gone from "we don't know" to "tens of millions of Euros" no wonder insurance companies are just telling companies and States all over the world to just "pay the ransom" ...Melodi

HSE warns it will take weeks to fix IT systems

The Health Service Executive has warned it will take weeks to fully repair the damage caused by the recent cyber attack on its IT systems.

www.rte.ie

HSE warns of reduced sample checking capacity due to attack
Updated / Monday, 17 May 2021 10:01

GPs have been told not to send any samples of any kind to HSE laboratories unless it is 'essential to decisions that must be made right away'
By Fergal Bowers
Health Correspondent

The HSE has warned GPs that its clinical laboratory capacity for checking samples from patients may be reduced to as little as 10%, due to last week's cyber attack.

In a letter from Chief Clinical Officer Dr Colm Henry, seen by RTÉ News, the country's GPs have been told not to send any samples of any kind to HSE laboratories unless it is "essential to decisions that must be made right away".

GPs have also been notified that samples they submitted before last Friday may no longer be suitable for processing when the system recovers, and it may be necessary to submit fresh samples from patients.

Dr Henry said that as the HSE recovers, it will need to process urgent samples.

As a result, it needs to avoid having many "aged and often deteriorated samples" when the IT systems come back.

The HSE electronic system to communicate the results of these tests to GPs is not functioning. The HSE is also unable to look up the results of previous samples.

Meanwhile, HSE CEO Paul Reid has said repairing the damage to its IT systems following last week's ransomware attack is likely to cost "tens of millions of euro".

He described the attack as a serious criminal act on sick people that will continue to have serious consequences for the rest of this week.

The HSE was last week forced to shut down all of its IT systems following the "significant" cyber attack, which focused on accessing data stored on central servers.

Speaking on RTÉ's Morning Ireland, Mr Reid said private hospitals will be used this week to access oncology services and some diagnostics.

He said the HSE is working to contain the impact and teams have worked around the clock over the weekend to get patient and administration systems back up and running.



'Number of days' before systems back working - HSE
'No sense' other agencies affected by attack - Ryan
Vaccine appointments continue despite HSE cyber attack

Elective gynecology and routine appointments for women who are under 36 weeks pregnant
have been cancelled at the Rotunda
Mr Reid said there are three priority areas of mitigation happening at present, including efforts to bring 19 voluntary hospitals with a lot of standalone systems and some connectivity to HSE systems.

These include the bigger Dublin hospitals including the Mater, St James's, St Vincent's, Tallaght and Beaumont and the Mercy and South Infirmary in Cork

He said in parallel to this, the HSE is working to get diagnostics, oncology and patient laboratory systems back up and running and there will be an effort to get mail services, MS tools and support systems operating.

Mr Reid described the attack as "a very serious and complex hit to each of the systems", adding that the HSE has "established a basic foundation over the weekend to rebuild" those systems.

He said the hackers set out "to access information and hold the organisation to ransom", but, "we can't say at this stage what has been extracted or taken from our system but we do know certain levels of information has been compromised".

He said each of 2,000 systems need to be examined to fully understand the impact and that it is not yet possible to say how stable the system will be after this week.

Mr Reid also said he did not know how much money is being sought by the hackers and this was "put straight into the hands of the national security teams."

Earlier, the Master of the Rotunda Hospital in Dublin said he hopes that elective and scheduled work can begin again next week but it "makes sense" that appointments are cancelled until then.

Professor Fergal Malone said the Rotunda is only one of two hospitals in Ireland that is fully digital and there is no way of retrieving old information or saving new information.

Elective gynecology and routine appointments for women who are under 36 weeks pregnant have been cancelled.

Prof Malone said any women in late pregnancy who have ongoing pregnancy challenges or with any concerns, should still come in and said there are contingency plans in place to ensure any abnormal lab results are delivered promptly.

In addition, he said, women experiencing crisis pregnancies will still be seen.

He said that patients will receive all their care in "the very, very near future" and there is no need for patients to seek private care for services.

Meanwhile, the Clinical Director of Children's Health Ireland said urgent day cases or elective admissions will go ahead over the next two days, however outpatients and some elective admissions have been cancelled.

Dr Ciara Martin said routine operations, such as non-urgent scopes, have been deferred for a "week or two", and the ransomware attack means there is no access to previous tests and bloodwork.

She said emergency departments will function as normal, but asked people to only come if there is a real emergency.

Children's Health Ireland (CHI) comprises the three children’s hospitals at Tallaght, Crumlin, Temple Street as well as the Paediatric Outpatients and Urgent Care Centre at Connolly Hospital, Blanchardstown.

In a statement yesterday, the HSE said it has been focusing on identifying clean back-up data and establishing a foundation on which it can begin to restore servers.

It said the priority is on patient management systems, which will enable access to patient records and diagnostics.

The integrated system has been disconnected, allowing certain databases to operate in isolation.

The HSE said "thankfully not all hospitals are on the central system and have not been impacted to the same extent".

 

[Melodi]

And the pressure builds to pay the Pirates off...

Government urged to consider paying ransom or 'doing a deal' with HSE hackers to get systems back to normal

Several Oireachtas members said there has been a “considerable shift in opinion” around the attack.
1 hour ago 10,866 Views 33 Comments Share1 Tweet Email

Image: Shutterstock
SOME TDs AND Senators, including a number of members of government parties, are urging the Government to consider paying the ransom to the HSE hackers to ensure that the health service can return to some semblance of normality.

The HSE’s IT systems have been hit by a Conti ransomware attack, where attackers enter into a computer system, study how it works, and encrypt the private data before announcing the attack to the victim and demanding a ransom in order for the data not to be published online or sold off to a third party.

Several Oireachtas members told The Journal that there is now a “considerable shift in opinion” surrounding the attack among TDs and senators, including within Fianna Fáil and Fine Gael.

The Government has repeatedly said it will not pay the ransom. When asked about it this morning, Green Party leader Eamon Ryan told Morning Ireland: “Yeah, and we’re not talking to anyone.”

“The response can’t be just talking to hackers and paying the ransom, it has to be protecting the networks, restoring the networks, and putting up all necessary defences to avoid that happening.”

However the impact of the attack has led to certain cohorts within Government parties to call for the ransom to be paid, or for “a deal [to be] done”.

TDs belonging to the Communications Committee were left “underwhelmed” and “frustrated” after they received a private briefing from the National Cyber Security Centre (NCSC) yesterday concerning the cyber attack.

It was described as amounting to a “history lesson about the NCSC” and not much more by one member of the committee.

Ransom payment issues

However, paying the ransom brings with it its own problems.

Cybersecurity expert Ronan Murphy explained the tricky area between a rock and a hard place that the country now finds itself in.

“There’s the argument that you don’t pay the ransom ever, as doing so is just giving these organised criminals the resources to continue what they’re doing. I understand that.

“But for this one, it’s quite different. You are literally dealing with life and death and the decision on whether to pay is now an emotional one as well as a rational one,” he explained.

However, even paying the ransom does not guarantee that the hacking threat is over. It’s understood the threat is still ongoing and hackers are accessing more parts of the encrypted servers which were compromised by the initial breach last week.


While the Defence Forces and gardaí continue to try to stop the hack, the Financial Times reported it had seen screenshots and files proving that medical and personal information belonging to HSE patients had been shared online – in what it called the first confirmation of a data leak since the HSE ransomware attack.

The paper reported that as well as patient data, health service files and equipment purchase details had also been taken, and a ransom of $20 million (around €16.3 million) had been sought.

When asked about the report on Morning Ireland, Eamon Ryan said that he has seen the Financial Times article, and that it “seems credible”.

Speaking last night, Health Minister Stephen Donnelly said “no effort is being spared” in the fight against the hackers and that he hopes to have certain diagnostic departments open.

“What we’re focusing on right now are radiology and diagnostics, radiation oncology, patient administration and voluntary hospitals.

“There is some good news there, progress is being made. There are teams working on this, there are hundreds of people across the system working on this.

“Radiology and diagnostics, there is good progress being made – similarly for radiation oncology in the patient administration system. That’s really important, so the hospital knows who’s meant to be coming in, they can prepare,” he said.

Short URL

Government urged to consider paying ransom or 'doing a deal' with HSE hackers to get systems back to normal

Several Oireachtas members said there has been a “considerable shift in opinion” around the attack.

jrnl.ie

 

[Melodi]

And this morning, I got 2 or 3 robocalls (almost never happens here) telling me there had been a "misuse" of my personal number (used for medical stuff) and that I was now the subject of a lawsuit...and other terrifying things I didn't bother to listen to. It was obvious someone had my information, I blocked all three numbers - the voice was obviously recorded. If it keeps happening I will report it tomorrow but I figured this was a "fishing" expedition. Yesterday I got a call from a live human being with a "shifty" accent who was calling about "COVID PROTECTION" something or other, I said, "the What" and they said it again, I laughed and hung up. There isn't any such thing, but again I suspected this was part of the medical breach.

In Ireland such calls are rare, for a variety of reasons, most of the ones I get are actually from the USA on my SKYPE number trying to tell me something "important" about my non-existent car's supposed warranty....

Patient receiving offer of medical procedure from abroad 'seems to align' with HSE hack, Dáil told

The Financial Times reported today that personal information belonging to HSE patients had been shared online.

www.thejournal.ie

Patient receiving offer of medical procedure from abroad 'seems to align' with HSE hack, Dáil told
The Financial Times reported today that personal information belonging to HSE patients had been shared online.
10 hours ago 38,147 Views 53 Comments Share11 Tweet Email

Image: Shutterstock
Updated 3 hours ago

THE DÁIL HAS heard that a “medical organisation from outside the State” contacted a patient offering them services they required and knew details of their medical history.

Labour leader Alan Kelly TD cautioned that if the incident was connected to the ongoing HSE hacking attack “we have a big problem”.

The revelation comes as the Financial Times reported today that it had seen screenshots and files proving that medical and personal information belonging to HSE patients had been shared online – in what it called the first confirmation of a data leak since the HSE ransomware attack.

Transport and Communications Eamon Ryan earlier described this reported data leak as “credible”.

The paper reported that as well as patient data, health service files and equipment purchase details had also been taken, and a ransom of $20 million had been sought.

Speaking in the Dáil today, Kelly said that people needed to be provided with a plan of action if their medical data has been compromised online.

“One of my local GPs was in touch one of his patients who had been contacted by a medical organisation from outside the state with all his details as regards a procedure he needed, his medical history,” Kelly said.

Effectively, knowing exactly what he required medically and offering in a short period of time to be able to provide the operation he needed, because obviously they could see that he wasn’t going to get them for some period of time as a public patient.
He added that the incident “seems to align very much” with the reports in the Financial Times.

The Tipperary TD said both the family in question and the GP had contacted gardaí over the issue and he asked the Taoiseach whether garda resources are sufficient if this example was to be replicated elsewhere.

“If this is happening across the country, happening in any scale, we have a big problem,” he said.

When will we be able to give guidance to the general public as regards what to do when the public have their own medical information very much available online.

Taoiseach Micheál Martin said that people should indeed contact gardaí if an incident as outlined by Kelly were to take place.In response to the reported incident,

“They should contact the gardaí and there’s a National Guard Cybercrime Bureau that is dealing with this issue on the criminal side and dealing with it from an investigation perspective,” he said.

The Taoiseach called the ransom attack on the HSE “despicable” and reiterated that Ireland could not pay a ransom.

“We are not engaged, and as a state we cannot become engaged in rewarding and funding this kind of criminality,” he said, adding:

“In terms of the plan, those who are endeavouring to hold the state to ransom would be very interested in finding out he government’s response. So there are limitations to the degree of public comment I’m going to make in terms of the state’s response,” he said.

The Taoiseach also said there is a “strongly coordinated effort” being made to get systems back online to ensure that the impact on health services is reduced.

 

[Melodi]

And today's update...(again I'm keeping up with this because not only does it affect me, but more to the point this is likely to happen anywhere and because Ireland is a small country it gives some insight into how this might be handled by City/County/State governments in the USA).

Govt to set up helpline over cyber attack leaks

Minister for Communications Eamon Ryan has said the Government will set up a helpline for anyone who has been approached and told that their health information is going to be published online.

www.rte.ie

Cyber attack has caused 'enormous risk' - HSE official
Updated / Thursday, 20 May 2021 11:30

The HSE has been assisting voluntary hospitals in getting services back up and running

The Health Service Executive's National Clinical Adviser for Acute Operations has said there is an "enormous risk" across health services following the cyber attack last week which forced a shutdown of the HSE's IT systems.

Speaking on RTÉ's Morning Ireland, Dr Vida Hamilton said it is a "major disaster" and described it as a stressful time in hospitals.

"There is enormous risk in the system and everything has to be done so slowly and carefully to mitigate that risk," Dr Hamilton said.

She said 90% of acute hospitals are substantially impacted by this cyber attack and it is affecting every aspect of patient care.

Dr Hamilton said they are asking patients to be really patient and that emergency, urgent and time sensitive cases are being prioritised at this time.

She said without electronic records for patients it is proving difficult as patients arrive at emergency departments.

"We know nothing about the individual. We have no charts, no record number," Dr Hamilton said.

She said this lack of information impacts elective care without being able to look at possible history and trends in a patients' clinical condition.

To cope with the IT system shutdown, Dr Hamilton said a process is now in place across hospitals where standalone laptops are attached to printers to generate stickers.

She explained that to facilitate lab tests, it requires a handwritten blood form, a runner to run to the lab, and then manually put in in order to be analysed.

Dr Hamilton warned with such a process now being relied upon, that "you can see why there is a delay and risk for error".



She also outlined the complexities with scans describing the process as "incredibly slow and incredibly laborious".

"If there is a critical blood result, one where there is a substantial risk of harm to patient, if it is not dealt with within 12 to 24 hours the lab phones that result. But if a patient has been transferred up to a ward, where are they?"

Dr Hamilton said without the electronic record system they are using white boards and markers to find out where patients are placed within the hospitals.

She said blood tests that usually take one hour turnaround are taking 6 to 8 hours in some cases.

She said they are used to delays in the health system, "queueing is normal, this is not normal".

The HSE is asking people to free up space in acute hospitals for those with emergency healthcare needs.

Dr Hamilton said emergency, urgent and time sensitive care needs to be prioritised.

"We don't want people who are having heart attacks or strokes not to have emergency access to care to save their lives," she said.



HSE Chief Executive Paul Reid has said possible weaknesses within its IT systems were identified by the organisation three years ago and reports were initiated to identify them.

He was responding to a report in today's The Irish Times that the HSE was warned three years ago of weaknesses in its computer systems.

"If we didn't identify those risks, or there were not identified on our risk register, [it] would be a significant failing", he said.

Speaking on RTÉ's Today with Claire Byrne, he said those specific risks have been identified and a number of actions were taken to address them.

He also said it is far too early to assume if those risks specifically identified are the cause of what happened with the current attack. "I am not saying they won't be or aren't" but added there is no direct link at this stage.

He said the cyber attack is a "vicious and callous act" that the HSE has been subjected to.

He described a very serious criminal act that was " organised by real humans and affecting real and vulnerable people and staff".

Referring to the HSE's "old legacy systems" and function, he outlined the risks of those coming together and one becoming contaminated and affecting the others.

Mr Reid said the HSE knows that "a significant proportion" of data was encrypted and back-ups have been secured for this information.

He described how cyber criminals seek to get the information and encrypt it.

"What they do then is obviously seek to engage in a ransom process but equally they can act as wholesalers of selling that information off to other criminal organisations".

He said the HSE cannot determine if that has happened and cannot validate it at this stage.

"This is a strong likelihood of what these organisations will or may be doing. I certainly can't validate the information that was previously on the web reported by the Financial Times. That is in the hands of the agencies of the State. That is a high risk of what these organisations do."

He reiterated it is going to take weeks to restore the HSE's IT systems.

When addressing those who ask if the ransom should be paid, he said it can be a "significant and rapid race to the bottom."

"What you are doing is investing in strengthening the competencies of these organisations to cause further threat to the State and other organisations. It is a very difficult process."

'Effectively there is no normal business taking place'

Dr Peter Sloane, a Connemara-based GP in An Cheathrú Rua, said the ransomware attack has made things very difficult for GPs.

Speaking on RTÉ's Today with Claire Byrne programme, Dr Sloane said that all blood tests have had to be cancelled this week for patients that were booked in for them, which would have included testing for diabetes and cardiovascular conditions.

In addition, the practice cannot send referrals, even paper referrals, to hospitals, Dr Sloane said.

"Effectively there is no normal business taking place between general practice and the hospital sector," he said.

Dr Sloane said consultants that he has been in touch with have been suberb, but it is incredibly frustrating not to be able to undertake the type of routine investigations that would normally be done.

Dr Sloane said his practice will have to check all referrals that were sent out last week and check if they were received and processed, while blood tests that were sent out were not run, and patients will have to be rebooked.

The backlog gets bigger and larger and longer, he said, and more chronic disease gets pushed out longer.

Concerns raised in Dáil about patient details being shared online'
A lot of medical files not compromised' - Donnelly
'Wizard Spider': Who are they and how do they operate?

Restoring IT systems is 'a painstaking process'

Meanwhile, Minister for Public Expenditure and Reform Michael McGrath has said the cyber attack on the Irish State is "a despicable act of cruelty" and that the Government is doing all it can to re-build systems and return services to normal.

Minister McGrath said that it is "a painstaking process' and the Government deeply regrets the enormous personal impact it is having on many thousands of people around the country.

He sought to reassure those patients that all is being done to restore IT systems.

Minister McGrath said he is not aware of any legal action arising from the potential publication of people's personal medical information.

Speaking on Morning Ireland, said that the Government has no intention of paying a ransom to the cyber criminals and there is no guarantee if it did the criminals would reciprocate or have the capacity to end the damage done to the systems.

"That is not a space we are moving into," he added.


The HSE has been assisting voluntary hospitals in getting services back up and running, but there are significant further risks involved when their IT systems are connected and eventually linked to the national system.

The situation is different across the country, but the HSE has warned that those attending hospital emergency departments for non-essential care will experience long delays as patients requiring urgent care will be prioritised.

It is asking people to consider all care options in advance of attending emergency departments including injury units, GP out-of-hours services, and local pharmacies.

Hospitals are working to get priority systems back online including radiology and diagnostic, maternity and infant care, patient information, chemotherapy and radiation oncology.

Essential services such as blood tests and diagnostic services are taking much longer to operate than usual because they must now use manual processes.

National screening services have advised that BreastCheck, Diabetic RetinaScreen and Bowel Screen will continue unimpeded.

However, they have asked GPs not to proceed with cervical screening appointments this week while they assess any impact on processes along the CervicalCheck pathway.

GPs will advise patients of any change to their appointments.

Health services have been asked to plan for operating essential services within contingency arrangements for the next two weeks.

Larger voluntary hospitals, many based in Dublin, are being prioritised for restoration as soon as possible within that planning process.

Additional reporting George Lee

 

[Plain Jane]

Thanks for keeping us updated. We have way too much on line. There probably should be some sort of firewall between the administrative functions of the health care systems and the patient care.

 

[Melodi]

Patient data from HSE hack has appeared on the dark net, Minister confirms
Stephen Donnelly said that it was “distasteful” that law firms were “licking their lips” at prospect of suing the State over the HSE cyber hack.

2 hours ago 27,657 Views 45 Comments Share31 Tweet Emai


MINISTER FOR HEALTH Stephen Donnelly has confirmed that HSE data has leaked on the darknet, adding that the ransomware attack was “extensive”, “despicable” and has “real-world” consequences for patients.

The Minister also said that it was “distasteful” that some legal firms had advertised suing the State over potential data privacy breaches as a result of the day-zero cyber attack, accusing some legal firms of “licking their lips” at the prospect.

“When we are in the middle of trying to get urgent healthcare services backup and running for sick patients, I certainly find it very distasteful that any law firm would be putting stuff up on their websites to that end,” he told Newstalk Breakfast.

The Financial Times reported yesterday that it had seen screenshots and files proving that medical and personal information belonging to HSE patients had been shared online – in what it called the first confirmation of a data leak since the HSE ransomware attack.

Transport and Communications Eamon Ryan earlier described this reported data leak as “credible”; Minister Donnelly has previously said that such a leak was possible.

In an interview with Newstalk this morning, the Health Minister gave the strongest public confirmation that HSE patient data had been leaked to the dark web:

On the face of it, as has been reported, data from the HSE does appear to have been displayed on the dark net. The details of that are not something that would be confirmed because it’s an ongoing Garda investigation.
HSE chief Paul Reid said it was a “high risk and high likelihood” of the data that has been taken by hackers being leaked online, but also said that reports of the HSE patient data leaked online haven’t been validated yet.

He said that anyone who is contacted about their HSE data appearing online should contact Gardaí.

RELATED READS
19.05.21
Patient receiving offer of medical procedure from abroad 'seems to align' with HSE hack, Dáil told
18.05.21
HSE ransomware attack: 'Is it possible that sensitive information has been downloaded? Unfortunately, yes'
18.05.21
'In an ideal world we'd all get new PPS numbers': Concerns personal data will be sold off on darkweb
Donnelly said that there has been an increase in ICT investment has risen from €130 million in 2019, €145 last year, and €203 million this year. The IT staff at the HSE is to be “doubled from a base of 400″, he added.

The Dáil heard yesterday that a medical organisation from outside Ireland contacted a patient offering them services they required and knew details of their medical history. Labour leader Alan Kelly said this incident with his constituent “seems to align very much” with the HSE cyber attack.

The HSE is continuing to grapple with the fallout of the ransomware attack on its IT systems, with patients facing delays due to paper-based systems, or cancelled appointments.

The Health Minister said today that some of the branches of the health service most severely affected are radiology and diagnostics, radiation oncology, chemotherapy, the patient administration system, and maternity and infant care.

The delays in the healthcare system is expected to stretch over the coming weeks: some 2,000 HSE systems are being cleared by IT and cyber security teams, and 85,000-150,000 access points in 300 locations are being wiped and software reinstalled one-by-one.

#OPEN JOURNALISM No news is bad news Support The Journal Your contributions will help us continue to deliver the stories that are important to you
SUPPORT US NOW
HSE chief Paul Reid said the risk of one system infecting another is a “very serious risk”.

Even if these services are cleared and brought back online, there is still a risk that the hackers could publish sensitive and private data if the ransom they demand is not paid.

Government ministers have not deviated from public statements that the State’s policy is to not pay a ransom demand, and that this ransom will not be paid.

Short URL

Patient data from HSE hack has appeared on the dark net, Minister confirms

Stephen Donnelly said that it was “distasteful” that law firms were “licking their lips” at prospect of suing the State over the HSE cyber hack.

jrnl.ie

 

[Melodi]

Ireland's response to the HSE cyber attack has been undermined by Government cuts to Defence Forces, say senior officers
The Defence Forces unit tasked with solving the problem is struggling due to recent cuts.
12 hours ago 28,328 Views 32 Comments Share28 Tweet Email

A HIGH RANKING senior military source and a former high ranking army officer have launched a stinging criticism of the State’s capability to respond to the massive HSE cyber attack due to government cuts.

The senior source and Dr Cathal Berry, a former officer in the elite Army Ranger Wing and an independent TD, said that the fight back against the hackers has been undermined because of a failure by Government to properly resource the Defence Forces unit tasked with solving the problem.

The military’s cyber defence capability is contained within the Communications and Information Services Corps (CIS).

They are tasked with many jobs in the Defence Forces, including the operation of radio systems and IT networks, and have a number of cyber defence specialists.

They are seen as a key part of the State’s response to dealing with the HSE hacking.

However, the CIS has suffered massively during the cuts to the Defence Forces which have taken place since 2013, including the loss of a whole company, numbering more than 50 soldiers, The Journal has learned

In the midst of the HSE ransomware attack, the health service requested help from the military to combat the assault on its network and the CIS provided a specialist team to work with the HSE and co-ordinate activities, a senior Defence Forces source said.

This team is a key part of the operation to fight the hacking, and has set up “an IT specialist situation centre to track cyber activity, provide IT and cyber security support [and] help re-establish the HSE IT network,” the source said. “This involves ‘re-imagining’ 90,000 computers [by] wiping, cleaning and reinstalling software.”

The senior Defence Forces source, who cannot be identified as they fear retribution for speaking up, said the response to the cyber hack has been greatly undermined by Government’s slash-and-burn approach to funding the military.

They described how despite having a designed strength of around 200 enlisted personnel, roughly one-third of these positions are currently vacant, while almost another third are on overseas deployments – leaving a depleted number of roughly one third of what it should be.

“Our capabilities, while niche and very proficient, are very limited in terms of the size we can assist the HSE with [due to the cutbacks and vacancies],” the source explained.

Dr Cathal Berry said that the nation’s response to the HSE hack has been “completely undermined” by the Government’s lack of commitment to retain highly qualified members of the Defence Forces in roles such as cyber security.

Like the senior source, he described how the Defence Force is struggling to retain highly-trained soldiers due to funding cuts, which has impacted its ability to deal with the HSE hacking.

He said that the CIS Corps “has been completely reduced in effectiveness – it doesn’t exist, it’s just a collection of individuals, because the unit that was there has lost so many talented people”.

“The Government is not behaving ethically or morally or honorably. They are continuing to act in bad faith,” Berry said.

The Government had, in July 2019, agreed to raise technical pay for experts like IT specialists.

It formed part of a €10 million euro package for the Defence Forces but it has not been delivered, according to Dr Berry.

“The soldiers have completely lost faith in their employer, the Government, and it leaves them wondering have [they] really made the right choice in staying there.

“They just have had enough because the way they are treated by the Department. The issue is not their treatment by the Defence Forces, it is the Department and Government.”

Cathal Berry
Source: Cathal Berry

“They are leaving because they can get better employment elsewhere. These are patriotic people who want to serve their country but it has come to the point where that has become impossible.”

He called on the Government to honour the pay agreements made and to waive a pension abatement.

“We do a lot of giving out about Boris Johnson backsliding, but our Government is doing the same.

He said that some former members may consider re-enlisting, but only if the “core issues” of how they have been treated by the Government is addressed.

In response to a query the Department of Defence refused to comment.

“As we do not give out operational strengths of the CIS for operational security reasons, the Department has no comment to make,” a spokesperson said.

Short URL

Ireland's response to the HSE cyber attack has been undermined by Government cuts to Defence Forces, say senior officers

The Defence Forces unit tasked with solving the problem is struggling due to recent cuts.

jrnl.ie

 

[WalknTrot]

Appreciating the effort here, Melodi. The rest of the medical world should take notice.

The systems in place are incredibly convenient. Yesterday I called my medical provider to set up several appointments for routine stuff like tetanus booster, annual checks, etc, and as soon as the gal had me on the line, she had all my records in front of her. Was able to coordinate everything done in one visit to one facility, within a very short window of time, seeing several different people...cool.

But we and they are going to pay a price for the convenience if the brainiacs of the cyberworld can't figure out a way to firewall private or corporate info/processes from the wide-open wild west web.

 

[northern watch]

Well, maybe it will take lawsuits to stop governments and companies from putting everything on the internet.

 

[Melodi]

Well, maybe it will take lawsuits to stop governments and companies from putting everything on the internet.

There isn't really any way not to have it on the internet for it to work. There is an increasing move for both the UK and the EU nations to make paying the ransoms illegal, the same way it is already illegal to pay "terrorists."

It isn't too hard to make a case that at least when it comes to attacking health systems and utilities (or infrastructure) that "terrorist" is a word that could be used, though I dislike making "everything" a "terrorist threat" as seems to be popular with the US Administration these days.

But no matter what you call it unless piracy payoffs are to become the "new price of doing business" I think some sort of stand will have to be taken.

That hardening off systems like the health care services, although with people working from home that becomes difficult unless you can buy every one of them a special hard computer that they never use for anything else and the bright eight-year-old never turns on and decides to start downloading video games while Mom and Dad are sleeping.

 

[Melodi]

If this story isn't really just about "hot air" then my guess is going to be the Russian Government put pressure on its pet hackers (whom they probably tolerate) to hand over the encryption key because they targeted a health regulatory system and the public health service (The Health Service and the HSE). Right now they are trying to make sure the key they have works on both systems but I suspect strongly that it will work or they wouldn't be talking about this in public yet. After the pipeline "we did not pay oh yes we did" I'm not sure I trust governments or private corporations to be fully honest about this sort of thing.

State did not pay ransom for decryption key - Donnelly
Updated / Thursday, 20 May 2021 20:18

Minister for Health Stephen Donnelly said no ransom has been paid by the State in order to secure the key
By Paul Reynolds
Crime Correspondent

No ransom has been paid by the Irish State in order to secure a decryption key to unlock Health Service Executive and Department of Health data stolen during a ransomware attack, the Minister for Health has said.

The organised cyber crime group being the attack has provided the decryption key, which is now being checked by the commercial IT specialist company employed by the HSE, but there is some evidence that it works.

The decryption tool may be able to unlock the data that was disabled by the ransomware, but it will not be utilised on HSE systems until the IT specialists are certain it does not contain any other malware or will not further damage the systems.

This is expected to take a few days as it will have to be first tested on virtual systems.

However the organised cyber crime group still have the stolen data and can still put confidential patient information and medical records into the public domain and sell it on to other criminals for extortion and blackmail.

Minister for Health Stephen Donnelly said no ransom has been paid by the State in order to secure the key.

The National Cyber Security Centre and gardaí believe the organised crime group behind the attack is known as 'Wizard Spider' and is based in and around St Petersburg in Russia.

It primarily uses three types of ransomware - Trickbot, Ryuk and Conti.

Conti is the ransomware used to attack the HSE and the Department of Health.

A message online purporting to be from the Conti ransomware gang posted this afternoon says "we are providing the decryption tool for your network for free but you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation."

Law enforcement agencies say cyber crime gangs often offer their victims a decryption key as proof of what they have done and because it is the data that is the valuable asset.

Some also suggest the criminals may have been put under some pressure in their own country or countries because of the damage they have done to the health service here, in particular to hospitals and clinics caring for children, cancer patients, elderly and seriously ill patients.

The Government has already been in contact with the Russian authorities about the cyber attack and the damage it has done to the health service.

A spokesman for the HSE said they were aware of the report but said their sole focus remains on restoring service.

The NCSC and the Garda National Cyber Crime Bureau are now conducting an international investigation into the attack.

They are liaising with law enforcement agencies abroad including the FBI, the UK National Crime Agency, Interpol and Europol and working closely with the Europol cyber crime agency.

State did not pay ransom for decryption key - Donnelly

No ransom has been paid by the Irish State in order to secure a decryption key to unlock Health Service Executive and Department of Health data stolen during a ransomware attack, the Minister for Health has said.

www.rte.ie

HSE secures injunction against sharing of stolen data

Russian ambassador calls for criminals to be brought to justice

The Russian Ambassador to Ireland has described the cyber attack on the HSE as a hideous criminal attack and said that this kind of activity - Russian or otherwise - is illegal and its perpetrators should be brought to justice.

Speaking on RTÉ's Drivetime, Yuri Filatov said that they have offered their assistance to the Irish Government and have suggested that there be a joint effort to investigate the incident.

He said certainly he is not privy to the ongoing developments about the decryption key, but his whole attitude is that this is a heinous criminal attack which should be condemned and he does that.

Asked whether the Irish Government has asked for Russia's assistance in this regard, Mr Filatov said the subject had been touched upon in a very recent conversation.

Earlier this week, Minister for Foreign Affairs Simon Coveney and his Russian counterpart Sergey Lavrov discussed the issue during a scheduled call regarding UN Security Council business.

He said the offer has been made from their side and that it was on the table.

It was up to the Irish authorities to decide if that is the way to deal with the situation which he described as very difficult and serious, he said.

He also said that if they were talking about a Russian based criminal group they would be very interested in joining the investigation since they were hunting these people all along.

Attack 'catastrophic' for health system - Reid

Earlier the Chief Executive Officer of the HSE has said that the impact of the cyber attack on the health services is "quite grave" in the immediate term.

Speaking at the latest HSE briefing, Paul Reid said the attack was "catastrophic" on the health system, and a "stomach-churning criminal act".

Mr Reid also said that the act was an attack on humans, carried out by people against people, against some of the most vulnerable in our society.

He said it was "a callous act" and an attack on healthcare workers, who have worked relentlessly for 15 months, many making personal sacrifices and taking risks.

The attack came after the first quarter of 2021 which involved "three of the most challenging months for the health system" in Ireland, because of the Covid-19 surge.

"The impact is quite grave in terms of the impact on our services," he said, adding that appointments have been cancelled, and simple everyday communications between medics, to allow them to access information and make decisions, can't be made.




Mr Reid said the work to undo the damage caused by the ransomware attack is "not a short sprint" but will involve working against a "sustained impact" over the coming weeks.

"Our primary focus is striving to provide the health services for those who are in immediate and highest risk," he said.


Health services generally are about balancing risks every day, he said, and the impact of this cyber attack shifts the balance "not in our favour", so it does increase the risks to the system, he said.

"Our response has been immediate, it's been comprehensive and will continue to be relentless," Mr Reid said, adding that they have secured the full support of the state agencies, as well as "the best of the best" of Irish technology services, since last Friday.


There are over 2,000 different systems used by the health service, he said, with over 4,500 servers providing information.

"It’s a very complex legacy network, in many cases, a function of the healthcare systems of the past, and a web of very interconnected servers and networks."

He said the immediate response is to prioritise patients and services, and the HSE is currently in the assessment phase, "to understand the impact across the network".

Repairing the damage done to the HSE's systems following the ransomware attack is "in essence the rebuilding of a legacy network of 30 years," Mr Reid said.

Hospitals which have the capacity to stand alone within their own systems have been prioritised, he said, "to carry out those services within their own hospital".

Mr Reid praised the "inspirational response" from teams within the HSE: "If there's anything that shines above such a criminal act, it's the immediate response of our own teams right across the health service. Our frontline teams immediately began concentrating on workarounds, and on their patients."

Paul Reid said he could not confirm that patient data has been leaked online but said it is not unusual and not unexpected that there is a threat to publish.

He also said if members of the public suspect that they may have been targeted, then they should contact the gardaí immediately.

He also said the HSE has had no direct engagement with the hackers.

'Actions were taken' in cyber protection

Cyber-crime organisations are always trying to stay "a step above" the security systems being put in place by organisations like the HSE, according to Paul Reid.

He said that €300 million has been invested in capital infrastructure in the HSE systems in recent years, with about €82 million of that "related specifically to the core network".

This is as a result of reports initiated by the HSE regarding risks to the system.

When the ransomware attack happened last week, a message was left on the HSE's servers. "The double extortion method," Mr Reid said. At this point, they handed over to the national cyber-security centre, and the gardaí.

"We've had no direct engagement, that's fact," Mr Reid said in reply to a question on whether there had been engagement with the cyber-criminals.

Paul Reid said it is going to take "at least a week" to assess where exactly in the HSE's systems the cyber-crimials managed to gain access.

There are up to 150,000 access points in the network, he said.

"It can be as simple as an email, clicking on an attachment to an email, that's a proven way of getting in," Mr Reid said, adding that it could also be by using login credentials, or a combination of a range of such factors.

"We haven’t got confirmation of that. We have plenty of suspicions... but we haven’t fully determined that as of yet. We can determine that there have been many access points of vulnerability but haven’t determined what is the single point of failure for entry."


Mr Reid said that the entire Irish health system needs to move into "an integrated technology system".

There are debates, and have been debates, he said about how secure networks are if they move to a cloud-based system. "These are difficult choices. Moving to the cloud has risk-based judgements as well."

Some parts of the health service, such as the traditional voluntary hospitals, have been more "resilient" than others, which rely on a central network system, he said.

"It's easier to look back with hindsight," he said when asked about risk assessments. There’s no doubt the more money invested in capital infrastructure, in renewing our networks, in protecting our networks, the better."

However, like everything else, there are "difficult trade-offs to be made" in health spending, he said.

Addressing the issue of a ransom demand from the hackers, Mr Reid said: "Paying a ransom is a race to the bottom."

"What you are doing, paying ransoms, is increasing the capacity and capability of criminal organisations." This would further stretch state resources, he said.

"But ultimately from a HSE perspective, they are issues for government and government policy."

Mr Reid said he was not aware, as reported in some media, that the gang have said they will publish some of the stolen data on Monday.

Asked if the impact of the attack would result in missed or delayed diagnosis or even death, Dr Colm Henry said that the situation certainly made healthcare riskier.

HSE Chief Operations Officer Anne O'Connor said the HSE was aware of reports from GPs that they were getting anonymous calls saying they had patient data.

Mr Reid said there is no doubt that other criminals are using this attack as an opportunity to attempt fraud on people.

He urged the public not to give out PPS numbers or any other confidential information to people purporting to be from the HSE over the phone.

Additional reporting Conor Hunt

 

[Melodi]

And with people working from home, on their home computers, the chances of keeping this from ever happening again are probably zero....

HSE cyber attack began on a single computer when an employee clicked on a link
Sources have confirmed an encryption key was provided by the attack launched by the criminal gang last week.
37 minutes ago 43,103 Views 50 Comments Share23 Tweet Email

THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.

A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer.

“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said.

What followed was a lengthy exchange in which the hackers told the employee that they had accessed 700 gigabytes of data of patients’ home addresses and other personal details through their computer.

The employee was told that a ransom of close to €15 milion would be needed, the source said.

“The hackers gave the person they were corresponding with examples of the type of file they had downloaded and then threatened that they would start selling patient data on at the start of the week if there was no ransom paid,” the source explained.

It is understood the communication was in English, and the hackers provided a decryption key, saying that they would sell the data if the ransom wasn’t paid.

”The message was in very calm, non-threatening language. It was very transactional,” the source added.


HSE gets access to crucial decryption tool and secures High Court injunction to prevent the sharing of leaked data
The downloading of huge amounts of data by the criminal organisation had already taken place before it was discovered late last week.

Reports in recent days have claimed that a gang in Russia, known as Spider Wizard, are responsible for the hack.

Howver, it is believed that rather than being a single group of criminals, it was instead carried out by dozens of people spread across multiple locations.

Sources have told The Journal that the messages received did not identify the group as Spider Wizard.

When contacted by The Journal tonight, a HSE spokesperson refused to comment as it “was an active investigation”.

An earlier statement released by the HSE confirmed that an encryption key has been made available.

“The HSE is aware that an encryption key has been provided. However further investigations have to be conducted to assess if it will work safely, prior to attempting to use it on HSE systems,” it said.

The HSe this evening secured a High Court injuction to stop the illegal use of any data that may have been stolen during the ransomware attack.

Short URL

HSE ransomware attack began on a single computer when an employee clicked on a link

Sources have confirmed an encryption key was provided by the attack launched by the criminal gang last week.

jrnl.ie

 

[Melodi]

Warning as fraudsters see HSE hack as opportunity to scam people with calls and texts
HSE CEO Paul Reid said fraudsters are “leveraging off the fear” people have around this hack.
4 hours ago 23,099 Views 18 Comments Share20 Tweet Email

Image: Shutterstock
THE PUBLIC HAS been advised to be aware of a number of call and text scams today as fraudsters are taking advantage of the fear around the HSE hack.

The HSE has said other criminals, who are not connected to the HSE ransomware attack, see the hack as an opportunity to try to obtain personal and financial information from people.

Speaking at the HSE’s weekly briefing this afternoon, Dr Anne O’Connor, HSE Chief Operations Officer, said the HSE is aware of calls in different parts of the country and is capturing them to identify whether they relate to a data breach.

“We are hearing about strange calls or strange texts and we are recording those centrally wherever they’re coming from,” she said. Dr O’Connor said if it is determined that they relate to a data breach then it will form part of a criminal investigation. [like the calls I got - Melodi]

However the HSE’s CEO Paul Reid said there is “no doubt” that other criminal organisations or fraudsters – who do not actually have access to patient data – are using this as an opportunity, both in Ireland and internationally, to attempt to defraud people.

“The HSE will not be contacting you looking for your PPS number proactively,” Reid said. “If anyone has a suspicion about a phonecall they got purporting to be from the HSE, please do alert gardaí.

Don’t give any confidential information that you have if you have any level of suspicion whatsoever, we’re not in a process right now of proactively contacting patients so most likely it’s not from us. And it is most likely a fraudster attempt.

He said fraudsters are “leveraging off the fear” people have around this hack and potential data breaches and they are contacting people to extract further information.

Separately the Department of Health is also warning people to be aware of scam calls and messages claiming to be from the department. These fraudsters are seeking personal information from the people they contact.

The department said it does not contact people in this way and no one should share their personal information if they are contacted. The public is also advised to let vulnerable family and friends know about these scams.


Short URL

Warning as fraudsters see HSE hack as opportunity to scam people with calls and texts

HSE CEO Paul Reid said fraudsters are “leveraging off the fear” people have around this hack.

jrnl.ie

 

[Melodi]

And the story continues to be well, complicated...

'Enormous work' ahead to rebuild IT system - Taoiseach

Taoiseach Micheál Martin has said the Government made no payment for the decryption key which the HSE is using to try to restore its IT systems.

www.rte.ie

Cyber attack decryption key 'validated' but 'flawed'
Updated / Friday, 21 May 2021 13:05

Those behind the breach have threatened to release the stolen data on the internet
By Paul Reynolds
Crime Correspondent

The National Cyber Security Agency has validated the decryption key supplied online by the criminal gang which attacked the Department of Health and the HSE's computer systems and stole confidential personal and medical data.

They now need to remove the associated "flaws and bugs" and incorporate them into a decryption tool that is compatible with the HSE systems to safely restore the stolen data.

The agency along with IT specialists are testing and validating the key which is a complicated algorithm and is "highly flawed."

It is estimated that the gang spent hundreds of thousands of euro designing and inserting the ransomware and will be seeking some return through publishing the information on the darknet or selling it on to other criminals for extortion and blackmail.

However, specialists believe the High Court injunction on publishing the information has limited the criminal gang's options.

The NCSC and the private IT specialists contractors said they have not engaged at all with the criminal gang responsible who are being targeted by gardaí and law enforcement agencies in the US, the UK and Europe.

They are satisfied that this criminal gang knew that it had attacked a health service and that its crime would impact on sick, elderly and vulnerable people including children.

Digital notes left by the criminal gang were addressed to the HSE and investigators are satisfied the gang targeted the Health system and this was not "an accidental discharge."

All parties involved insist that no ransom has or will be paid by the Government, that no money has changed hands and that no agency, representative, or private individual, directly or by proxy has or will pay any ransom and that none will be paid and disguised in the fees paid to a commercial company.

Security specialists working to restore the systems have described the decision of the criminal gang to publicly release a decryption key as "highly unusual".

It is not clear why they did this publicly, they may be seeking to increase pressure for a ransom payment but may also be under pressure from political or criminal factions in their own country.

However, law enforcement officers say it is not possible to predict what the gang will do but the Government has decided not to engage with the organised crime group.

It cannot be seen to give credence or credibility to criminals or validate their business model.

They have established it to be "a valid decryptor", "a binary solution" which they validated by programming it into a "sandbox" which is a safe cyber environment in which to 'open the key.’

IT specialists were able to then use it within that safe environment on a sample of the HSE’s encrypted data, and discovered that the key decrypted the data.

However, while they now have the algorithm, the decryption code, they need to build "an engine" in order to be able to use the code to unlock the corrupted data.

"We have the cargo but we now have to build the truck" one specialist said.

The criminal gang inserted "a rolling encryption" into the HSE’s systems to capture the data but also pushed that encryption down through the entire system.

IT specialists say it is therefore a complicated task to unlock the data even with the algorithm code because the code changes or "reiterates" every time they go into the system and they must recommence at the exact same place.

They say it is a complex procedure which if not done carefully could corrupt the data.

The IT specialists also have to undo some of the protections that they put into the system to use the decryption key "a long string code".

As one specialist put it "we have to take reverse engines and take one step back to move five steps forward."

The National Cyber Security Agency and its private contractors are continuing to work 24 hours to avoid corrupting or losing data and to resolve the issue.

Officials say once the decryption key that can be used on the HSE systems has been built they can begin rolling it out online.

They can also put it on USB keys and send officials to hospitals and health clinics and use it to restore systems onsite, however they are cautioning that this will take some time and some systems will take longer to restore than others.

What systems are restored and when will be a matter for the HSE.



A High Court injunction was secured against the unknown hackers to prevent this happening, but it also applies to social media platforms such as Twitter, Google, and Facebook and therefore limits the gang's scope for disseminating the information.

The Government is also continuing to insist it has not and will not pay a ransom to the cyber criminals.

Minister for Justice described the attack as a heinous crime and said the criminals who carried it out have no regard for human life.

Speaking in Glaslough, Co Monaghan, Heather Humphreys said it is clear the criminals do not care that they have caused untold chaos in the Irish health service.

She also confirmed that she will be meeting with the Garda Commissioner Drew Harris tomorrow to discuss the attack.

Earlier, Minister for Health Stephen Donnelly said work is ongoing with security contractors to test the validity of the decryption key provided by cyber criminals to the HSE, but he said initial results have been positive.

Minister Donnelly said that the HSE has to be sure it can restore health systems rather than potentially cause more harm.

Speaking on RTÉ's Morning Ireland, he said that no ransom has been paid directly, indirectly, or through any third-party to the cyber criminals, nor will it be paid.

The minister said that it is unclear why the decryption key was made available and it came as a surprise. He said he did not want to speculate as to why the hackers did this.

He said that in parallel to examining the decryption key, work continues to get services back online,

The minister said that progress was made last night in getting some systems back in a number of voluntary hospitals. This includes the National Integrated Medical Imaging System (NIMIS) radiology system, lab systems, and patient administration systems.

Minister Donnelly said the Government is taking the threat about publication of patient and medical information very seriously.

He said that it is entirely possible there will be a "data dump" on Monday and urged anyone concerned or approached about information to contact the garda confidential helpline on 1800 666 111.

He said that the court order secured by the HSE yesterday makes anyone with possession of this information obliged to hand it over and not publish it.

Minister Donnelly said while criminals will not be concerned by a court order, it should prevent people from sharing information out of their own interest.

 

[Melodi]

This makes it easier to understand why insurance companies are quietly telling their clients to just "pay the ransom" on these attacks. Which makes sense from their point of view but will ultimately result in the collapse of nearly everything if piracy rules the digital seas...

Cyber attack will likely cost HSE over €100 million, Paul Reid says

Eight people have died from Covid-19 in the last 12 days, the HSE also confirmed.

www.thejournal.ie

Cyber attack will likely cost HSE over €100 million, Paul Reid says

Reid said the HSE is keen to have an independent investigation further down the line.
3 minutes ago 181 Views 1 Comment Share Tweet Email
Anne O'Connor, HSE Chief Operations Officer (file photo)Anne O'Connor, HSE Chief Operations Officer (file photo)

HSE CEO PAUL Reid has said it could cost over €100 million to deal with the fallout of the cyber attack on Ireland’s health service.

Speaking at the HSE’s weekly Covid-19 briefing, Reid said it will cost “tens of millions” to undo the damage and that €100 million is an early estimate but this figure is likely to increase.

“In terms of the network restoration, the IT costs and resource costs and extra costs by upgrading elements of our network and laptops … I said at the outset [that the cost of this] will be in the tens of millions and there is no doubt that €100 million will be the smaller figure in terms of the total cost of this.”

Reid said the HSE is keen to have an independent investigation further down the line into how the cyber attack happened and how it was handled.

“We are certainly keen to have an independent and objective assessment of the incident. I am certainly very open to an independent assessment, and that’s what our board are currently finalising.”

The HSE confirmed that eight people have died with Covid-19 in the last 12 days. The daily death figures have been unavailable since the cyber attack almost two weeks ago.

Also speaking at today’s briefing, Chief Operations Officer Anne O’Connor said trojan work was continuing in a bid to get more services back online.

About 14,000 of 80,000 HSE devices such as laptops have been plugged back in so a “cleaning process” can be carried out in response to the massive cyber attack that targeted the health service two weeks ago.

HSE workers across the country were advised to turn off all work devices in a bid to limit the damage done by hackers.

Speaking at today’s briefing, Chief Operations Officer Anne O’Connor said trojan work was continuing in a bid to get more services back online.

O’Connor said that staff in various services are “really struggling” without the use of email. She said email is integral to the running of many services and getting it back up and running is an “absolute priority”.

The email system has been “hugely compromised” , but the HSE expects to get some access later today.

“Email sounds very benign, when you look at the other very high tech systems, but actually it’s hugely important for us, and we are really struggling with ours. And that’s not the kinds of emails about setting up meetings, this is email between multidisciplinary team members.”

O’Connor said this is impacting community services such as mental health teams and disability teams who reply on email to share patients’ assessment of need across multidisciplinary teams.

O’Connor said that, as of lunchtime yesterday, up to 14,000 devices of about 80,000 devices such as laptops were able to be plugged in to undergo “a cleaning process” – “the first step” in a longer security process.

This would be a “rolling improvement” over the next two days, she added.

O’Connor said elective activity is continuing in hospitals, but there has been a “significant impact” on theatre scheduling and booking, as well as “widespread cancellation” in relation to outpatient appointments.

Chemotherapy services are back to about 80-100% capacity, she said.

In terms of radiotherapy, she said there is no service in Cork, but limited service in Galway, adding there was somewhat reduced capacity at St Luke’s, Beaumont and St Vincent’s.

 

[lostinaz]

Speaking as a 25+ year IT vet, the biggest problems come from not having network security professionals working and implementing policies to prevent these issues. Many of these intitution don't have pros working for them, they outsource it and this doesn't translate well to changing policies, since it's hard to effect change as a contractor. Basic rule: No employee should have the ability to install software without IT assistance. Email should be in a cloud server. Firewalls should be setup such that they have built in blocking for malware. Servers with valuable data should be seperately firewalled and backed up, and mapped drives should not be allowed (which introduces device encryption malware infection vectors) Otherwise you are setting yourself up for any joe user clicking on a link from a spam email and installing some malware which uses all the access and links it has to spread to the next server.

 

[Melodi]

Speaking as a 25+ year IT vet, the biggest problems come from not having network security professionals working and implementing policies to prevent these issues. Many of these intitution don't have pros working for them, they outsource it and this doesn't translate well to changing policies, since it's hard to effect change as a contractor. Basic rule: No employee should have the ability to install software without IT assistance. Email should be in a cloud server. Firewalls should be setup such that they have built in blocking for malware. Servers with valuable data should be seperately firewalled and backed up, and mapped drives should not be allowed (which introduces device encryption malware infection vectors) Otherwise you are setting yourself up for any joe user clicking on a link from a spam email and installing some malware which uses all the access and links it has to spread to the next server.

Information is dribbling out slowly that totally supports your case. For example, the salary for the head IT specialist in charge of the Health Service was so low that no one has even applied for two years, the post has been vacant. Part of that is like the US Federal Government which can sometimes have the same problem, there is a limit on what people can be paid, but a lot of it was just no one really thought the job was THAT important.

A "committee" was told last week that Ireland's health service alone should probably be spending between 10 and 30 times what it does on IT and security but of course, the money for that just isn't "there" it never is. After the spent 100 million they don't have, there will be even less of "there."

But you are totally correct, I have no good answers...

 

[WalknTrot]

Yeah...by the time I left the working world, IT had implemented a "Big Brother" system for our workstations - everything was set up in the shop by IT, and even updates totally controlled/enforced centrally. All corporate account software....you couldn't install software, couldn't download, the email system was hardened, only a small # in the org could access the "internal" systems (finance, HIPAA protected, mechanical systems, records, etc. ) and those who could, only had access to the bits they were approved and trained for. Always dual authentication, firewalls aplenty and in addition, if you were doing remote access or personal hardware, you needed special permissions first, (Blimey - we checked and this one isn't a total moron!), then had to use their VPN and their provided software or you'd never get in.

Was reminded of it all because just the past couple of days I spent time cleaning up my old but still marginally viable netbook to determine if it was worth spending $45.00 for a new battery. I'd used it at work in the office, (power outages or systems down) and also at home for work, especially after I'd officially retired, but not really retired. (Haha). Managed to get a lot of their "stuff" off it, but also ran into areas that wouldn't allow me permission to delete or uninstall - not my authorization. I really didn't want to wipe it back to Genesis and re-install the operating system, only to find out that there was no real improvement in performance, so anyway, got it cleaned up enough to warrant a new battery I guess.

 

[Melodi]

They were just explaining on the news (TV) just how nearly impossible the situation is for nurses, doctors, and other medical staff.

They gave the example of an emergency nurse working in a children's hospital having to try and weigh a child exactly in order to give them the right dose of medication without being able to access any test results, information, or even data records on the previous weight of the child. Then in a few hours, they had to the whole thing over again.

Only about a few labs out of about 20 in the country are up and running and able to process test results, many samples taken over two weeks ago have yet to be looked at and some will have to be discarded and replaced.

They think it will take months to get everything working again, meanwhile, doctors and nurses are starting to suffer worse "burnout" than they did from COVID. Most medical staff are trained to work full out during emergencies but after COVID most of them were already "tapped out."

They are setting up an emergency mental health team for doctors, I gather this is getting really bad.

Oh and the 100,000 Euro figure is the "low estimate" it will "probably be a lot higher," again per the evening news.

 

[summerthyme]

They think it will take months to get everything working again, meanwhile, doctors and nurses are starting to suffer worse "burnout" than they did from COVID. Most medical staff are trained to work full out during emergencies but after COVID most of them were already "tapped out."

They are setting up an emergency mental health team for doctors, I gather this is getting really bad.

Oh and the 100,000 Euro figure is the "low estimate" it will "probably be a lot higher," again per the evening news.

I doubt you have ANY idea how "bad" it really is for those doctors and nurses. EVERYTHING is computerized and mechanized...hell, most docs can't even diagnose a basic heart murmur with a stethoscope these days. They are so used to running tests, scans, etc that they *can't* diagnose without them! The stress on them, *knowing* they are likely missing important clues, has to be immense.

The hackers need murder charges, because people WILL die from this mess.mightvwant to look into charging the politicians who were so parsimonious they haven't had a chief IT officer for the health service for a couple of years!

Summerthyme

 

[Melodi]

I doubt you have ANY idea how "bad" it really is for those doctors and nurses. EVERYTHING is computerized and mechanized...hell, most docs can't even diagnose a basic heart murmur with a stethoscope these days. They are so used to running tests, scans, etc that they *can't* diagnose without them! The stress on them, *knowing* they are likely missing important clues, has to be immense.

The hackers need murder charges, because people WILL die from this mess.mightvwant to look into charging the politicians who were so parsimonious they haven't had a chief IT officer for the health service for a couple of years!

Summerthyme

Oh, I have some idea, Nightwolf has told me, I also have talked with my father in law who has been a doctor since the early 60s and a hospital administrator during the change over from doing everything by hand and moving towards computers.

One thing Nightwolf did was to learn both from his Dad and an elderly teacher at the Medical school was how to do things like diagnosing the old way.

Thankfully in Ireland, there are still some older doctors (and missionary trained ones) who can function, they still train medical missionaries here especially for places like the Congo, and those doctors can't rely on modern stuff.

But over the last ten years, things have become very computerized, the last time I had to carry my four-pound file (at least) by hand from one station in the hospital to the other was when my arm was broken about six or seven years ago. That used to be standard here and my GP has had a computerized system connected to the HSE now for at least five years.

A lot of new buildings (some of our hospitals were 250 years old) have been built and they no longer have the "shoots" that used to send documents from one floor to another and as I said simply no longer employ the people they used to run things around by hand.

Hospitals no longer have their own labs (or not full ones) stuff is "sent out" and on the computer - this is a mess, not perhaps as big a mess as it would be in Dallas where my FIL is, but at least 100 thousand Euros and a lot of dead people, especially cancer and heart patients mess.

Heck, they had to cancel all maternity checks except for very late stage Moms and/or extremely high-risk pregnancies. I gather they are running emergency scans with laptops (that are not connected to the internet).

 

[WalknTrot]

Yep. I know of one med school that sends their Second Years to Africa for their second summer. Those kids learn how to gather donations before they leave (boxes and boxes of "outdated" stuff gets shipped with them - we are SO wasteful with resources here) take a good patient history, do an exam and diagnose by the seat of their pants, draw blood, run a CBC or urinalysis the old fashioned way, manage a field hospital down to doing laundry, play stork or stork's helper for the Mamas. Basically how to get their hands dirty, and practice basic medicine without all the bells and whistles. Hopefully, what they learn sticks with them throughout their careers.