Ireland has refused to pay a ransom in bitcoin to hackers who forced the shutdown of most of its healthcare IT systems, leaving doctors unable to access patient records and patients unsure of whether they should show up for appointments.
“Ransom has been sought and won’t be paid in line with state policy,” a spokeswoman for Ireland’s Health Service Executive told the Financial Times on Friday evening, confirming reports that the ransom had been sought in the cryptocurrency.
Paul Reid, chief executive of Ireland’s Health Service Executive, told a morning radio show that the decision to shut down the systems was a “precautionary” measure after a “very sophisticated” cyber attack that affected national and local systems and was “involved in all of our core services”.
Some elements of the Irish health service remain operational, such as clinical systems and its Covid-19 vaccination programme, which is powered by separate infrastructure. Covid tests already booked are also going ahead.
However, the system for processing referrals from GPs and of close contacts is down, the HSE tweeted, adding that those in need of testing should go to walk-in centres, which would prioritise symptomatic cases.
“This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the @AmbulanceNAS [the National Ambulance Service],” health minister Stephen Donnelly wrote on Twitter.
No group has yet claimed responsibility for the attack, though Reid said on Friday morning that it involved “Conti, human-operated ransomware”, referring to the type of software used. Conti was first detected in December 2019, and hackers believed to be based in Russia or eastern Europe typically demand a median ransom of $240,000 according to research by Arete Advisors.
“We are at the very early stages of fully understanding the threat, the impact and trying to contain it,” Reid said, adding that they were receiving assistance from the Irish police force, defence forces and third-party cyber support teams.
The HSE’s Twitter feed features a long list of hospital updates on what services they are cancelling, including non-emergency radiation treatment, X-rays, physio and cardiac diagnostic services. Some of the cancellations go as far as Monday.
The master of Dublin’s Rotunda Maternity Hospital said it was advising patients who were less than 36 weeks pregnant not to attend for appointments on Friday. In a statement, Cork University Hospital said patients should present themselves for outpatient appointments, chemotherapy and surgery “unless you are contacted to cancel”, but that X-ray and radiotherapy appointments for Friday were cancelled.
Professor Donal O’Shea, consultant endocrinologist at St Vincent’s Hospital in Dublin, told RTE radio that there could be implications for patient care. “Clinical systems haven’t been targeted, but if you can’t access your computer, then getting results is impossible . . . so before long, there are going to be clinical implications,” he said. In its statement, Cork University Hospital said “only emergency bloods” would be processed at this time.
Reid said patients nationally “should still come forward until they hear something different”.
Healthcare workers told the FT they were told to turn off their laptops, leaving staff at home offline and those working in hospitals reverting to pen and paper to manage patient information.
In a statement on its website, Ireland’s child and family agency Tusla said its emails, internal systems and portal for child protection referrals were also offline because they were hosted by the HSE’s network.
The attack comes as actions by cyber criminals to disrupt public services have increased during the pandemic. Earlier this month, hackers believed to be from eastern Europe breached the IT systems of the Colonial Pipeline, a major fuel conduit that supplies much of the eastern US.
“Opportunistic cyber attackers targeting flooded healthcare organisations has been a common theme throughout the course of the pandemic,” said Charlie Smith, consulting solutions engineer at Barracuda Networks. “These scammers are aware of the huge significance of health services’ IT systems at this time, and so will stop at nothing to disrupt said systems or steal valuable data in exchange for ransom.”
Additional reporting by Hannah Murphy in San Francisco