Throwback Attack: Ireland ransomware attack costs HSE $83 million

Courtesy: CFE Media
Courtesy: CFE Media

In school, kids learn about the great potato famine that affected Ireland and the fallout that followed. More recently, Ireland faced yet another threat to the nation that was not taught in schools: a strain of Conti ransomware that infected their health care system. While the impact wasn’t as monumental as the famine, it still sent ripples throughout the health care service industry.

The cyberattack on Ireland’s Health Service Executive (HSE) has been described as one of the most significant digital assaults on a health care system in recent memory. The incident reportedly cost the organization more than $83 million and exposed systemic vulnerabilities that could be exploited in health care organizations globally. This attack is not just a disturbing moment for the HSE or Ireland, but a stark reminder for health care systems worldwide of the threats they face in today’s digital landscape.

The HSE cyberattack

In the early morning hours of May 14, 2021, an unknown group of cybercriminals launched a sophisticated ransomware attack on the HSE, crippling its information technology (IT) systems. The immediate fallout was severe: Many health care services were suspended, patients’ records were compromised and the organization faced a large financial blow. The health care body decided not to pay the demanded ransom, instead focusing on a restoration effort that came with an estimated price tag of $83 million.

According to Dave Gerry, chief operating officer at Bugcrowd, “Health care continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT (Internet of Things) devices.”

A detailed investigation revealed that the attackers used the Conti ransomware strain. According to NordVPN, this “malware will spread across servers, files, backups, and even security software. As Conti spreads, it begins to make copies of your files while also encrypting the originals. The encrypted process is faster than the average ransomware.”

This type of ransomware, which encrypts files and demands a ransom for decryption, has been identified as one of the most dangerous threats to enterprises worldwide. This is because ransomware can lead to downtime and cost a company money. Its use underscores the sophistication of the attackers and the level of threat that health care organizations are now facing.

While the technical aspects of the attack have been widely reported, the broader implications are equally important and extend beyond the Irish border. This devastating assault presents a cautionary tale for health care organizations across the globe, specifically for those in the United States.

The incident at the HSE served as a reminder of the inherent vulnerabilities that exist within these organizations. The combination of a high volume of sensitive data, aging IT infrastructure and a lack of cybersecurity awareness among employees makes health care organizations an attractive target for cyber criminals. This potent mix of risk factors necessitates a stronger focus on cybersecurity measures in these institutions.

According to Health IT Security, the Health Sector Cybersecurity Coordination Center (HC3) said, “The HSE did not have a single responsible owner for cybersecurity, at senior executive or management level at the time of the incident.”

Further, if the ransomware infection had spread to the connected IoT devices, those devices could have been taken offline, affecting the lives of the people in the Irish hospitals.

The health care sector global impact

The health care sector is important and necessary to a functioning society, thus making it critical infrastructure. Globally, it has struggled to keep pace with the rapidly evolving cyber threat landscape. The pandemic, in particular, has exposed weaknesses in IT systems and cybersecurity measures. COVID-19-related cybercrime has surged, with ransomware attacks becoming increasingly common. Health care organizations are attractive targets for such attacks because they contain vast amounts of sensitive data and often have critical dependencies on their IT systems. This is a major pain point because it can cause chaos and lead to big payouts. According to the Scholarly Community Encyclopedia, “the COVID-19 testing referral system was made offline because of the HSE attack, requiring individuals with suspected cases to attend walk-in COVID-19 testing centers, rather than attend an appointment.”

Understanding the lessons from the HSE cyberattack is vital for improving the overall security posture of health care organizations. It underlines the importance of robust cybersecurity infrastructure. Along with this, it highlights the need for regular system updates and patches to prevent potential vulnerabilities that could be exploited by cybercriminals. There is also a need for increased cybersecurity awareness and training among health care staff.

Another key takeaway is the importance of a contingency plan in the case of a cyberattack. The ability to react swiftly and effectively can significantly reduce the damage done. With the HSE, the decision to refuse to pay the ransom and instead focus on restoring their systems showcases the importance of having a robust disaster recovery plan.

Lastly, this incident demonstrates the role cyber insurance can play in mitigating the financial impact of cyberattacks. As cyber threats become more common, so should insurance policies that can help protect against them. In fact, a well-structured cyber insurance policy could have helped the HSE cushion the substantial costs incurred in the aftermath of the attack.

The cyberattack on the HSE was indeed a shocking event. However, it provides a valuable learning opportunity for health care organizations worldwide. The implementation of robust cybersecurity infrastructure, regular system updates, staff training, contingency planning and cyber insurance are all vital steps toward ensuring the safety and security of health care data and services.




Keep your finger on the pulse of top industry news