by Simon Walsh
Ireland’s healthcare system has been the recent subject of an unprecedented cyber attack, called out by the Irish government as “possibly the most significant cybercrime attack on the Irish state”. This has led to IT systems being taken offline and the cancellation of a number of hospital appointments.
What has happened so far
Ireland’s Department of Health confirmed Sunday that it was subjected to a ransomware attack last Thursday. Since Friday morning, the National Cyber Security Centre Ireland has been engaging with HSE, deploying its resources in identifying the affected systems, and identifying the technical details of the attack used in this incident. In an advisory issued on Friday, NCSC Ireland said cyber criminals used the human-operated Conti ransomware to target the IT network of HSE on Thursday morning, forcing HSE to shut down all of its IT systems as a precaution in order to assess and limit the impact.
There have been cancellations across many outpatient services with widespread cancellation of radiology services across Ireland, the HSE said on its website on Sunday.
The Irish health service expects to spend tens of millions of euros rebuilding its IT systems and continue to see significant disruption to diagnostic services into next week.
Cyber attacks like these can be extraordinarily stressful and painful, requiring comprehensive cyber crisis management, state-of-art threat hunting expertise, digital forensics and professional advice.
How we can help if you are affected
We are here to help with Trend Micro’s Incidence and Response Service. Our team of experts can help establish a customised plan of action with your IT department. Our workforce, tools and processes can be set up to monitor your network traffic while logs and disk images are being analysed for Indicators of Compromise or Indicators of Attack Thursday. In the background, our incident coordinators organise the flow of information, making sure all defined stakeholders are being kept in the loop about findings, developments and key decisions.
We structure our engagements along the SANS incident response model as it has proven to be the most effective industrial standard for organizing fast and decisive incident response services.
If you are experiencing a cyber attack, or are concerned you will be, we are here to help you to understand what’s happening, how you can secure your environment and advise you on what steps you need to take in order to increase your security posture going forward. For more information go to www.trendmicro.com or contact us.