Ireland has refused to pay a bitcoin ransom to hackers who have been forced to shut down most of healthcare IT systems, leaving doctors unable to access patient records and patients unsure if should they show up for appointments.
“Redemption is sought and cannot be paid in accordance with state policy,” a spokesman for Ireland’s Health Service Executive told the Financial Times on Friday night, confirming reports that the ransom was being demanded in cryptocurrency.
Paul Reid, chief executive of Ireland’s Health Service Executive, told a morning radio show that the decision to shut down the systems was a “precautionary” step following a “most sophisticated” cyber attack affecting national and local systems and “involving all of our core services”.
Some elements of the Irish health service remain in place, such as the clinical systems and the Covid-19 vaccination program, which are run on separate infrastructure. Covid’s re-booked trials are ongoing.
However, the system for processing referrals from GPs and close contacts has been exhausted, the HSE tweeted, adding that those in need of testing should go to walk-in centers, to prioritize symptoms. case.
“It has a serious impact on our health service and community care today, but individual hospital services and groups are affected in different ways. Emergency services continue, as well as @AmbulanceNAS [the National Ambulance Service], “Health Minister Stephen Donnelly wrote on Twitter.
No group has yet claimed responsibility for the attack, though Reid said Friday morning that it included “Conti, human-run ransomware”, which refers to differently used software. Conti was first spotted in December 2019, and hackers believed to be based in Russia or eastern Europe typically demanded a median ransom of $ 240,000 according to research by Arete Advisors.
“We are in the early stages of fully understanding the threat, its impact and trying to prevent it,” said Reid, adding that they have received assistance from the Irish police force, defense forces and support teams. cyber to third parties.
The HSE’s Twitter feed shows a long list of hospital updates on what services they have canceled, including non-emergency radiation treatment, X-rays, physio and cardiac diagnostic services. Some of the cancellations will go until Monday.
The owner of Rotunda Maternity Hospital in Dublin said it was advising patients less than 36 weeks pregnant not to attend for appointments on Friday. In a statement, Cork University Hospital said patients had to show up for their outpatient appointments, chemotherapy and surgery “unless you are contacted to cancel”, but X-ray and radiotherapy appointments for Friday were canceled.
Professor Donal O’Shea, consultant endocrinologist at St Vincent’s Hospital in Dublin, told RTE radio that there could be implications for patient care. “Clinical systems aren’t targeted yet, but if you can’t access your computer, you can’t get results. . . so soon, there are clinical implications, ”he said. In its statement, Cork University Hospital said “only emergency bloods” would be processed at this hour.
Reid said patients nationally “still need to come until they hear something different”.
Health workers told the FT they were told kill their laptops, leaving home staff offline and those working in hospitals returning to pen and paper to manage patient information.
In a statement on its website, Ireland’s child and family agency Tusla says the emails, internal system and portal for child protection referrals are also offline because they are managed by the HSE network.
The attack came because the actions of cyber criminals to disrupt public services were further increased during the pandemic. Earlier this month, hackers believed to be from eastern Europe breached IT systems in Colonial Pipeline, a major fuel pipeline that supplies much of the eastern U.S..
“Exploitative cyber attackers targeting flooded health organizations are a common theme throughout the disease,” said Charlie Smith, engineer of consulting solutions at Barracuda Networks. “These scammer are aware of the great importance of IT services to health services at this time, and will therefore stop anything to disrupt said systems or steal vital data in exchange for ransom.”
Further reporting by Hannah Murphy in San Francisco