Department of Health and Health Service Executive Both Were Targeted
Two healthcare agencies in Ireland suffered ransomware attacks last week that appear to be related, not just one as originally reported, authorities say.
Last Thursday, the Irish Department of Health, which is responsible for health policy, spotted an attack and was able to quickly halt it, according to state broadcaster RTE.
That attack came the day before ransomware hit Ireland’s Health Service Executive, the nation’s state-run health services provider.
The HSE expects many healthcare services to continue to be disrupted nationwide until at least Wednesday as systems are restored, The Irish Examiner newspaper reports.
The attack on the Department of Health “wasn’t as extensive” as the HSE attack because it was “intercepted earlier,” Irish Minister for Communications Eamon Ryan told RTE. Nevertheless, the health department shut down ts systems and is working to safely restore its data.
The East European criminal gang “Wizard Spider” that uses Conti ransomware was behind the HSE cyberattack, RTE reports, citing the National Cyber Security Agency. A note attackers left on the Department of Health’s systems is similar to the one discovered on HSE’s systems, the agency reports, suggesting the same attackers were involved in both incidents, according to RTE.
HSE Declines to Pay Ransom
The Bleeping Computer news site said that a cybersecurity researcher shared with it a screenshot of a chat between Conti and Ireland’s HSE that said Conti would provide a decryptor and delete stolen data if a ransom of $20 million was paid. The attackers claimed they had stolen 700GB of personal data of patients from the HSE, including personal documents, phone numbers, contacts, payroll and bank statements.
On Monday, HSE said that it did not respond to the attackers and passed on information about the threat to Ireland’s National Cyber Security Center.
Irish Prime Minister Micheál Martin says the government and its agencies won’t pay any ransoms and they are not communicating with the attackers, echoing the words of Fran Thompson, CIO at the HSE, who told the Irish press: “We don’t pay ransoms.”
Rules Have Exceptions
Many law enforcement agencies and security experts worldwide urge organizations to avoid paying ransoms because it can encourage other attacks.
“The rule is never pay a ransom. Paying a ransom finances and encourages further attacks – both against the ransom payer, and against the wider community,” says Thomas Naylor, CIO at enablement.tech in the U.K. “If a health authority pays a ransom, it encourages further focus by criminal groups on ransomware attacks against hospitals.”
But Naylor notes that all rules have exceptions. “If, for a hospital, a delay in restoration of IT will result in critical care systems not being operational, and people die as a result, then the ransom should be paid,” he says. “On the other hand, if the cost of restoration of systems and recovery or re-creation of data is even several times higher than the ransom sum, and this is the only consideration, then the ransom should not be paid, as this would likely prove to be a false economy in the medium term.”
John Walker, visiting professor at the School of Science and Technology Nottingham Trent University in the U.K., says hospitals should “look to invest in a robust cybersecurity postures, as opposed to investing in criminal gangs [by paying ransoms] – as they will be back.”