Irish health service hit by “very sophisticated” ransomware | Kaspersky official blog

According to the media outlets, yet unspecified ransomware attacked Health Service Executive (HSE), the Irish healthcare system. The HSE decided to shut down key information systems for thorough investigation and protection against further spreading of the threat. A number of clinics have reported temporary shutdowns or at least disruptions in their operations, although they continue to provide emergency care services. COVID-19 vaccination program was not interrupted either. Some institutions have to revert to outdated workflow systems.

An attack on Irish healthcare system: what is going on?

According to HSE representatives, the “significant disruption” of their services is caused by “very sophisticated” human-operated ransomware attack. Such incidents are much harder to detect and counter, because cybercriminals are adjusting their tactics and specific targets during the attack itself.

External experts and law enforcement cyberspecialists are taking part in investigation. It is at early stage right now, so there are no details available. However, HSE representatives say that presumably the main target if the malefactors was data stored on the organization’s servers.

According to BBC, representatives of Rotunda Hospital, one of the medical institutions affected by the attack, say that unified HSE patient registering system may have been a spreading vector for the threat. Fortunately, attack did not affect life-saving equipment — only healthcare records are unavailable.

Healthcare institutions around the world are increasingly facing the ransomware threat nowadays. And since the health and lives of people directly depend on their normal functioning, they should pay exceptional attention to information security problems.

How to protect healthcare from ransomware

In order to minimize chance of infection, we recommend paying special attention to the protection of tools for remote access to corporate infrastructure, and to the protection of e-mail systems. Those are the two most common ransomware entry points. In addition, the security awareness is more than important: Without it, an employee’s mistake or oversight can lead to disaster.

In particular, we recommend:

  • Raise employee’s awareness about modern cyberthreats. Computers play a vital role in modern healthcare, so even doctors and nurses need to understand where the threat can come from and how to resist it.
  • Do not use remote connections to internal networks unless absolutely necessary.
  • Maintain a strict password policy: passwords for all services must be unique, complex, and most importantly, they must be stored securely.
  • Install security patches and updates (especially for operating systems, VPN solutions, and security products).
  • Use robust security solutions on all devices with access to the Internet without exception. Do not overlook medical equipment and various information kiosks and panels.
  • Do not forget about the protection of corporate mail servers — a fair amount of threats gets into the company’s infrastructure from there.

Also Endpoint Detection and Response class solutions can help with detection of the ransomware threat on early stages, and simplify response actions and investigation in case of the incident.