The National Cyber Security Center warned of potential ransomware attacks on the health service in October 2020, more than four months before the Health Service Executive was targeted by hackers, it has been revealed. .
The healthcare service was hit by a massive cyberattack earlier this year that caused chaos in hospitals, delayed patient care and resulted in projected costs of nearly $ 100 million.
A malicious file attached to a phishing email opened on March 18 resulted in the HSE computer systems shutting down after the Conti ransomware was “denoted” on May 14.
The criminal gang behind the attack – according to several observers most likely based in Russia – demanded $ 20 million (17.7 billion euros) in Bitcoin.
The government said no ransom would be paid and on May 20, hackers posted a link to a key that decrypted files that had been encrypted by the ransomware.
State Minister for e-Government Ossian Smyth said he was still not sure why the gang provided the decryption key, but suggested that “there was a lot of pressure that they didn’t would not be used to “. Mr Smyth said he was told Gardaí believed the attackers were based in seven different jurisdictions.
The Green Party minister also said that unlike the risk to private hospitals that had been affected by ransomware attacks, “the HSE was not going to go bankrupt. So these threats were not going to work. I think at some point they realized that this combination of global law enforcement and military intelligence was pointing them at them, without receiving any money, it was time to move on to another target.
He said it was not like targeting an insurance company, adding that in these cases “you are not going to see senior officials in your government in the country you live in being contacted and asked to lobby. you “.
A PWC report on the cyberattack commissioned by the HSE found that several “alerts” were issued within the health department that the IT system could be compromised after the first email was opened in March, but the importance of alerts was not identified at the time.
Risk of conti
Mr Smyth said the cybersecurity center warned in October 2020 that healthcare facilities across the state were at risk from Conti’s danger after hospitals in the United States were targeted. “They said it, they warned,” he said.
When asked if the HSE had not heeded the warning, Mr Smyth replied: “I think the PWC report indicates what were the shortcomings of the HSE approach. . . it’s not like it hasn’t been predicted.
He said there would have been engagements with HSE at the time and “I was told they were in a much better position than they were a year ago. They had done a lot of job.
However, he said it was done in the context of “you talk about fixing software and what people really want to talk about is ventilators and contact tracing and all that stuff, cancer treatments. . . . It is very difficult to draw attention to anything that is non-clinical in a health care system.
The HSE said it was “aware of increased alerts and acting accordingly by providing additional mitigation and controls.” This included a file backup strategy, security patches, external firewalls and “significant user awareness and online training were available to increase awareness.”