'Serious and sophisticated' - HSE confirms ransomware cyber attack has hit all hospital IT systems

Ransomware attack is affecting all national and local IT systems in the HSE this morningAll HSE email also down as a result'This is a major incident for us' - HSE chiefCyber attack is not affecting ongoing vaccination programmeRotunda taking emergencies and certain appointments only, Holles St encourage all patients to attend as normal

The Rotunda Hospital in Dublin

Eoghan Moloney

HSE boss Paul Reid has confirmed that a ransomware attack is affecting all national and local systems this morning.

Mr Reid described the attack as a "serious" and "sophisticated" attempt to breach the HSE's IT system.

Ransomware is malware that threatens to permanently block a system or distribute the victim’s data unless a ransom is paid to hackers.

The HSE is receiving support from cyber security experts and from the Gardaí, the Defence Forces and from Government.

The State’s Child and Family Agency Tusla said their internal systems are not operating due to the cyber attack.

Mr Reid said life-saving equipment in hospitals is not affected by the attack and said it was largely an IT system issue.

“Our first priority is to contain the issue. This is a major incident for us. As the morning progressed we’ll gain greater clarity on the impact of this," he told RTE's Morning Ireland.

“The vaccination programme continues, this is not impacted. So, do come forward for this.

The HSE is shutting down most of its IT systems as part of an “information capture and protection” operation. All HSE emails are also out of action as a result.

The online registration portal for Covid-19 vaccines is currently not working due to the ongoing cyberattack on the IT systems.

If people aged 50-69 wish to register for a Covid-19 vaccine today, they should contact the HSE at 1850 24 1850 to do so.

The Rotunda maternity hospital in Dublin has been forced to cancel many routine appointments due to the IT issues.

It described the situation as a "critical emergency".

"Due to a serious IT issue all outpatient visits are cancelled today - unless you are at 36 weeks pregnant or later," the hospital tweeted.

It said all gynaecological clinics had been cancelled on Friday.

In a tweet, the hospital added: "If you have any urgent concerns please attend as normal."

Master of the Rotunda Prof Fergal Malone said the hospital can function without its IT system but it elected to cancel most appointments as “throughput is much slower” without IT.

“All patients in the hospital are safe and care is unaffected. But we are asking people with appointments to not attend today unless absolutely necessary or if you’re 36 weeks pregnant,” Prof Malone said on RTÉ Morning Ireland.

Prof Malone said all machinery in the hospital was operational and the problem was with the information-logging IT systems.

“We use a very common system throughout the HSE for registering patients and it would seem this was the entry point,” Prof Malone said.

The hospital was asking people not to attend routine appointments as a “precaution” and stressed “all patients are safe”.

Prof Malone said the Rotunda learned in the early hours of the morning that its systems had been hit by a Conti ransomware attack.

Meanwhile, Holles Street have encouraged their patients to attend the hospital as normal today.

The National Maternity Hospital has said that due to the major IT issue across the HSE, “there will be significant disruption” to all of their services today.

The hospital is advising people that have appointments today or if people need to attend, they should do so as normal, but are asking people to bear with them through this disruption.

There are likely to be delays due to a switch from electronic to paper records temporarily.

Meanwhile, the State’s Child and Family Agency Tusla said their internal systems are not operating due to the cyber attack.

A Tusla spokesperson said this includes email, internal systems and the portal through which child protection referrals are made.

“This measure is for security reasons as the agency is hosted on the HSE ICT network. Any person wishing to make a referral about a child can do so by contacting the local Tusla office in their area,” he added.

Prof Seamus O’Reilly of the oncology department in Cork University Hospital said he arrived to work this morning to an IT system “paralysis” due to the ransomware attack.

He said most services will continue but that the system outage will put huge pressure on staff today as they revert to temporary paper records.

Meanwhile, the HSE wrote on Twitter; “The National Ambulance Service is operating as per normal with no impact on emergency ambulance call handling and dispatch nationally."

This type of ransomware is known for the speed and efficiency with which it encrypts and spreads across a target system.

Conti is human-operated and is known as a “double extortion” ransomware as it encrypts the information but also threatens to expose it.

The gang behind the Conti ransomware have leaked information of over 180 attacks they’ve carried out on an online news site since the malware was first discovered in 2020.

A spokesperson for the HSE said: "There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.

"We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available.

"Vaccinations are not effected and are going ahead as planned."

Last year, an Irish security firm warned that international cyber criminals are attempting to exploit the Covid-19 pandemic with a series of randomware attacks on healthcare facilities.

Smarttech247 urged all Irish health centres to carefully review their defences against cyber attack following an alarming 70pc surge in such healthcare attacks in the US in the space of just five weeks.

In Europe and the Middle East, such attacks surged by 36pc between September and October 2020.

A number of such attacks had also attempted in Ireland but were foiled by security systems at the time.

Smarttech247 admitted they were alarmed at the lack of awareness in Ireland of the rising cyber threat levels – with cyber gangs determined to exploit the pandemic for profit.

The FBI warned all US hospitals to protect data systems amid fears cyber criminals will use the pressure of the Covid-19 pandemic to paralyse medical networks and then try to extort money to unlock such systems.

General manager Raluca Saceanu spoke at the time and warned such incidents are potentially devastating.

“The attack wave could be unprecedented in magnitude for healthcare institutions around the world," she said.

"It takes an average of two and a half weeks to restore networks after a ransomware attack, which is a massive amount of time for a healthcare facility where lives could be put at risk.

Healthcare officials are urged to ensure their management and IT plans are up to date, adequate back-up systems are in place and all operating systems are patched as soon as manufacturers release updates.

Officials have also been urged to invest in security and prevention systems.

"While an organisation is working to repair the damage from an attack, they also need to ensure they will not be compromised again. The average victim is hit six times. Ransomware attacks are not a once-off. The hackers will strike again and again until they get what they are after."

Meanwhile, Holles Street have encouraged their patients to attend the hospital as normal today.

In a statement issued on social media, they wrote; "Due to a major IT issue, there will be significant disruption to all our services today.

"If you have an appointment/need to come to the hospital, please come as normal.

"We ask that you bear with us.

"We apologise for any inconvenience caused."


Today's Headlines

More News

Download the Sunday World app

Now download the free app for all the latest Sunday World News, Crime, Irish Showbiz and Sport. Available on Apple and Android devices