There is a risk that sensitive medical information and other patient data will be leaked in the aftermath of a serious ransomware attack against Ireland's health services, the Irish government has warned.
Ransomware is a form of malicious software deployed to encrypt a victim's files, with the attacker then demanding a ransom in exchange for restoring access to the data.
The HSE is working with Ireland's National Cyber Security Centre (NCSC), and experts have already confirmed the attack as a human-operated ransomware variant known as "Conti". A remote-access tool called Cobalt Strike Beacon was found on the HSE's systems, which was used by the hackers to move within the computer networks before launching the attack and demanding a ransom.
Conti deploys what are known as "double extortion" attacks, in which the hackers threaten to make the stolen information public if the ransom isn't paid. In cases such as this one, it could mean that sensitive patient health data could end up leaked online.
"This attack on Ireland's health care system and its patients was carried out by an international cyber-crime gang. It is aimed at nothing other than extorting money and those who carried it out have no concern for the severe impact on patients needing care or for the privacy of those whose private information has been stolen," said the government in a press release.
"There is a risk that the medical and other data of patients will be abused," it added.
IT systems across the HSE, which were all immediately taken down as a precautionary measure to contain the attack, remain temporarily shut down. This means that some patients are seeing delays in access to care, notably as a result of very limited access to diagnostics, lab services and historical patient records.
Emergency services as well as the national ambulance service are still running, and the HSE reported that vaccinations against COVID-19 and test-and-trace are operating. The most common impact of the attack is seen in radiology and laboratory systems.
The HSE is working at speed to restore computer systems, which involves wiping, re-building and updating all the infected devices, before using offsite backups to restore the systems safely.
There are up to 2,000 systems to go through and around 80,000 devices to check, all connected to an IT infrastructure that has grown over the course of 30 years. In other words, it could be some time before the situation is fully resolved, and the HSE expects disruptions to continue well into this week.
"Hundreds of people are working flat out in response to this despicable cyber attack on our health system and on patients. We're focused on getting health services and appointments for patients back on track as quickly as possible," tweeted Stephen Donnelly, the minister for health. "Some priorities include radiation oncology, diagnostics, lab services and patient admin systems.
"While it may take weeks to get all systems back, steady progress is being made, starting with services for the most urgent patients."