Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/solarseven

HSE confirms ransom has been sought over cyber attack but says it will not be paid

HSE chief Paul Reid said it was “quite a sophisticated” attack, and a “major incident”.

LAST UPDATE | 14 May 2021

THE HSE IS grappling to continue healthcare services today after a “sophisticated” ransomware attack that the HSE chief executive called a “major incident” and the Irish Government called “possibly the most significant cyber attack on the Irish State”.

The HSE was made aware of the attack during the night, and has shut down all national and local IT systems in order to protect them from encryption by attackers.

Because computers are shut down as a precautionary measure, some health services today are affected: the extent of the disruption varies from each hospital and service.

The HSE has confirmed that a ransom has been sought but it will not be paid in line with State policy. 

HSE CEO Paul Reid said it was “quite a sophisticated” attack, a “major incident” for the health service, and is a “human-operated” cyber attack. He said that information technology systems and data stored on central servers are being targeted.

Minister of State for Public Procurement and eGovernment Ossian Smyth told RTÉ’s News At One that the attack was not espionage, and that it was an international attack.

This is a very significant attack, possibly the most significant cyber attack on the Irish State.

He said that the motive is to encrypt private data, and threaten to publish the data if a ransom is not paid.

Speaking this evening, Taoiseach Micheál Martin said it would take “some days” to assess the impact of the cyber attack. 

He was also clear that no ransom would be paid, and said that it would be dealt with in a “methodical way”. 

Security sources have said that the most likely suspects for the attack are criminals who are ‘state actors’.

“This is an almost daily occurrence, and the HSE were targeted this time. In terms of cyber security the most difficult thing is that these hackers are state backed and are most likely from North Korea, Russia or China,” a cyber security source said.

HSE: Health services may not be back by Monday

Equipment in intensive care units, and other ‘standalone’ infrastructure in hospitals, has not been affected by the attack. But computers used to monitor scans cannot be turned on, based on a cautionary approach; and lab test results could possibly be delayed. 

“We are at the very early stages of fully understanding the threat, the impacts,” Reid said on RTÉ’s Morning Ireland before 8am. A list of health services that are and are not operating have been published this lunchtime.

“[For now] everyone should continue to come forward [for hospital appointments] until they hear something different from us, in terms of services impacted,” Reid said.

NO FEE HSE weekly update 001 (1) Leon Farrell Leon Farrell

Speaking later to RTÉ’s Six One News, Reid said updates would be provided throughout the weekend for patients and service users as to what the situation would be on Monday.

 

“We’re assessing the impact across each our of national and local systems,” he said. “Before we can go to the recovery stage, we have to be sure that in bringing them up we’re not compromising them again.”

HSE Chief Operations Officer Anne O’Connor said that this was a ‘day zero’ attack, meaning that it is a new cyber virus that escaped past its virus defence system.

“We had no warning, we don’t know what it is… There is no previous known experience of this. The risk for us is that if we turn on a system, it would get in.”

Minister of State Smyth said that what was happening now, was cyber security teams aiding the HSE were going through the HSE network step-by-step, clearing it and reopening it. This would continue throughout the weekend and possibly beyond that.

Indications are that it’s “high impact but possibly low-transmissibility”, he said, and is targeting the core of the HSE system: backups and anything that controls user data.

“This could go on for a number of days, we don’t know yet,” Anne O’Connor said, adding that it was unlikely to be solved by today or tomorrow.
One positive is that we’re heading into the weekend… if this has not been resolved by Monday, we will be in a very serious situation and we will be cancelling services.

O’Connor added that if that were to happen, it would be particularly tricky as “we don’t even know who to cancel on”, as they don’t have access at the moment to their IT system.

What health services are affected

Scheduled Covid-19 tests will go ahead as planned, the HSE said – but the GP and close contact test referral system is down, so walk-in centres may have to be used.

The Covid-19 vaccination programme has not been affected by the attack, and people should attend those appointments as normal.

Reid said this evening that the portal to register for the vaccine was taken down for a short period but access has been restored this evening for those aged 50-69 to register for their vaccine.

The child and family agency Tusla released a statement to say that its emails, internal systems, and the portal through which child protection referrals are made, are not operating.

Anyone who wants to make a referral about a child can do so by contacting the local Tusla office in their area; details of local offices are available here.

Health Minister Stephen Donnelly said that he and Reid are working to ensure that HSE systems and the information is protected.

“This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the National Ambulance Service.”

The list of services that are and are not affected by the cyber attack can be found here.

NPHET response

At this afternoon’s briefing of the National Public Health Emergency Team (NPHET), chief medical officer Dr Tony Holohan said that the issue is “impeding” the ability of the HSE to carry out its Covid-19 testing as normal. 

He said that the “ability to efficiently arrange testing” is impeded by the cyber attack.

Dr Holohan urged people to still follow the “basic public health messaging” if a person has symptoms, such as self-isolating, even if they have to wait longer to receive a test and a result.

“I’m appealing to people not to be distracted by this,” he said. 

“I don’t know when this is going to be resolved… People are working to rectify this as quickly as possible.”

Dr Holohan added that the HSE is putting in place arrangements for people to have access to testing, which includes walk-in centres.

He added that the issue had affected the Department of Health, also, as they’ve been unable to send or receive emails today.

Maternity hospitals

The Rotunda Maternity Hospital in Dublin has cancelled all non-urgent appointments and other hospitals are likely to be impacted.

Master of the Rotunda Hospital Professor Fergal Malone told Morning Ireland that logging into electronic healthcare records, and the ability to access patient demographics, is the issue.

A contingency plan has been put in place to revert back to the “old-fashioned” paper-based system, he said, but added that “throughput would be much slower” this way.

As you can imagine, when a new patient patient arrives at the front door of the hospital, traditionally you type in her name into a computer and get hold of her details – that can’t happen now, so we have to do that by hand and paper.

In a separate statement issued this morning, a Rotunda spokesperson said: “All appointment have been cancelled for today Friday 14th May. The only exception are for patients who are 36 weeks or over pregnant.

“Otherwise you are asked NOT to attend at the Rotunda unless it is an emergency. The Rotunda will issue updated information as soon as possible.”

In a statement this evening, the Rotunda said that if you are less than 36 weeks gestation, your appointment for Monday 17 and Tuesday 18 May is cancelled. 

All outpatient appointments and inpatient elective surgeries are cancelled. 

In terms of paediatric appointments, for babies older than two-weeks-old, their appointment for Monday or Tuesday is cancelled. “If you’re unsure if this affects you, please ring our helpline on 01 211 9351 to speak to a midwife or doctor,” the hospital said.

The National Maternity Hospital at Holles Street said that there will be “significant disruption” to its services today as a result.

“If you have an appointment/need to come to the hospital, please come as normal. We ask that you please bear with us,” it said.

The National Cyber Security Centre (NCSC) and Gardaí are working with the HSE on the issue. The NCSC is also liaising with the EU and other international agencies.

With reporting from Órla Ryan, Niall O’Connor, Hayley Halpin and Sean Murray.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Gráinne Ní Aodha
View 206 comments
Close
206 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds