Irish health system targeted twice by ransomware hackers

The Irish Department of Health said it shut down its IT systems after it experienced a ransomware attack on Thursday, and then a similar attack on the Health Service Executive (HSE) on Friday caused “substantial” cancellations to services.

The same international cybercrime group is believed to be behind both incidents, RTE has reported.

Ireland’s health department said it was still assessing the impact on its systems, and Foreign Minister Simon Coveney said malware had been inserted across the HSE healthcare system network “in multiple locations”.

“It’s going to take quite some time, I understand, to clean that data, piece by piece and to try to backup and protect as much of the data as we can – so this is a very serious attack,” he said.

The Covid-19 vaccine portal was forced to close temporarily on Friday, but authorities have said the programme will continue as planned with about a quarter of a million doses expected to be given this week.

On Saturday, Ireland’s health minister, Stephen Donnelly, said the impact across the country “will vary” due to the data kept by hospitals, but warned there would be “cancellations in the coming days”.

An international cybercrime gang was behind both attacks, Ireland’s minister responsible for e-government Ossian Smyth said, describing it as possibly the most significant cybercrime attempt against the Irish state.

Ireland’s Covid-19 vaccination programme was not directly affected, but the attack was affecting IT systems serving all other local and national health provision, the head of the HSE said.

Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups. Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.

“We are very clear we will not be paying any ransom,” Prime Minister Micheal Martin told reporters.