Irish health service hit by ransomware

[harlan4096]

A ransomware attack forced Ireland’s healthcare service to shut down its servers. Here’s what we know so far.

Media outlets are reporting an attack by yet-unspecified ransomware on the Health Service Executive (HSE), Ireland’s healthcare system. The HSE decided to shut down key information systems for thorough investigation and protection against further threat spread. A number of clinics have reported temporary shutdowns or at least disruptions in their operations, although they continue to provide emergency care services. The COVID-19 vaccination program was not interrupted, although some institutions have had to revert to outdated workflow systems.

The Irish healthcare system attack in brief

According to HSE representatives, a “very sophisticated,” human-operated ransomware attack caused “significant disruption” to their services. Such incidents are particularly difficult to counter because the cybercriminals adjust their tactics and specific targets during the attack.

External experts and law enforcement cyberspecialists are contributing to the investigation, which is still in early stages. However, HSE representatives presume the main target was data stored on the organization’s servers.

Representatives of Rotunda Hospital, a medical institution affected by the attack, say the unified HSE patient registering system may have been a spreading vector. Fortunately, the attack did not affect life-saving equipment; only healthcare records are unavailable.

How to protect healthcare from ransomware

Ransomware threats to healthcare institutions around the world are on the rise. To minimize infection risk, we recommend prioritizing the protection of remote access tools and e-mail systems, the two most common entry points for ransomware. In addition, security awareness is more than just important.

In particular, we recommend:

• Raising employee awareness about modern cyberthreats and the role all staff play in cybersecurity;
  
• Avoiding remote connections to internal networks to the extent possible;
  
• Maintaining a strict password policy requiring all passwords be unique, complex, and secure;
  
• Installing security patches and updates promptly;
  
• Using robust security solutions on all devices with access to the Internet, including medical equipment and information kiosks and panels;
  
• Protecting corporate mail servers, through which a fair number of threats enter company infrastructure.
  

Additionally, Endpoint Detection and Response–class solutions can help detect ransomware threats in their early stages, simplifying response actions and investigation.
...

Continue Reading