LONDON — Ireland’s health system struggled to restore computers and treat patients Tuesday, four days after shutting down its entire information technology system in response to a ransomware attack. Since Friday’s cyberattack, thousands of diagnostic appointments, cancer treatment clinics, and surgeries have been canceled or delayed. Authorities said hundreds of people were assigned to get crippled systems back online, but it could be weeks before the public health service will return to normal.
Irish Prime Minister Micheal Martin said the attack was a “heinous” and targeted patients and “the Irish public.” The chief clinical officer of Ireland’s Health Service Executive, Colm Henry, said the intrusion had “a profound impact on our ability to deliver care” and that disruptions would undoubtedly “mount in the coming days and weeks.”
Over 2,000 patient-facing IT systems were affected, and around 80,000 devices were linked to such systems throughout the health service, Henry told Irish broadcaster RTE. Authorities prioritize the recovery of procedures involved in patient diagnostics, such as radiology, radiotherapy, and maternity and newborn services. “That’s what our experts are focusing on this week, with external help, to ensure those services are not reliant on the manual exchange of information,” he said.
Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyze victims’ networks, and demand a large payment to decrypt the information. Irish officials say a ransom was required, but they will not pay it. Conti, a Russian-speaking ransomware group, was demanding $20 million, according to the ransom negotiation page on its darknet site viewed by The Associated Press. The gang threatened Monday to “start publishing and selling your private information very soon” if it did not receive the money.
“The government will not be paying any money,” Justice Minister Heather Humphreys told RTE. “We will not be blackmailed.” The Irish Association for Emergency Medicine urged people not to turn up at hospital emergency rooms unless they had a genuinely urgent need. The association said electronic ordering of blood tests, X-rays, and scans was unavailable, and clinicians had no access to previous X-rays or scan results.
It added that many hospital telephone systems were also not working because they are carried on computer networks. The attack has also shut down the payment method for health care workers. Patients have expressed frustration at the attack, describing it as another torment thrown into the already tricky struggle accessing health care during the COVID-19 pandemic. Eimear Cregg, 38, a primary school teacher receiving treatment for breast cancer, had her radiation therapy briefly postponed while doctors sought to restore her records so they could treat her properly.
“This is a fierce thing to do to vulnerable people,″ Cregg told The Associated Press. “We’re fighting daily as it is, and this was just another curveball that wasn’t needed.″ Ireland’s publicly funded health care system, the Health Service Executive, said in a statement late Monday that “serious concerns about the implications for patient care arising from the minimal access to diagnostics, lab services, and historical patient records.” The health service said it worked methodically to assess and restore its computer systems.
The Ireland attack comes as ransomware gangs persist in identifying “big game” targets in search of lucrative payouts and data that can help them identify new victims – and even determine the amount of cyber-insurance coverage they carry. Operations of four Asian affiliates of the Paris-based insurance company AXA were hit in recent days by ransomware attacks: in Thailand, Malaysia, Hong Kong, and the Philippines. The attackers claimed to have stolen three terabytes of data, including medical records, customer IDs, and privileged communications with hospitals and doctors.
The hackers threatened to leak documents within ten days if AXA did not pay an unspecified ransom. AXA said this month that it would stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals, saying the practice encourages more such attacks. In a new case, authorities said ransomware took down IT systems across five hospitals south of Auckland, New Zealand, forcing staff to cancel some elective surgeries and preventing doctors from accessing clinical records.
Ransomware attacks have surged in the past year, though there may be a dip following the worst attack on U.S. critical infrastructure. A nearly week-long shutdown of the Colonial Pipeline, which supplies the east coast with 45% of its petroleum products, led U.S. President Joe Biden to vow retaliation. That prompted the moderator of one of the most popular darknet criminal forums, XSS, to disavow ransomware syndicates and ban them from recruiting and conducting other business on the forum. But experts say it’s typical for criminals to lay low when law enforcement scrutiny gets acute.
Ransomware reached epidemic levels last year as the criminals, who enjoy safe harbor in former Soviet states, increasingly turned to “double extortion,” stealing sensitive data before activating the encryption software that paralyzes networks — and threatening to dump it online if they don’t get paid. Bajak reported from Boston. Nick Perry in Wellington, New Zealand, Jill Lawless in London, Chalida Ekvitthayavechnukul in Bangkok, and Elaine Ganley in Paris contributed to this report.
