Ireland's health service shuts down IT systems after ransomware attack

The HSE's chief exec said it hadn't received a ransom demand yet.

Clodagh Kilcoyne / reuters

Ireland's national health service has been hit with a ransomware attack, prompting it to shut down its computer systems. The Health Service Executive (HSE) described the step as a "precaution" aimed at containing the issue while it assesses the situation with security partners. According to The Irish Times, the HSE is investigating the breach with support from Ireland's national police, the Gardaí; the Defence Forces; the government and cybersecurity experts.

COVID-19 vaccinations were not affected by the attack and will proceed as normal, the HSE said. But, widespread delays to appointments and consultations are expected as health workers are having to switch from electronic records to pen and paper, reports the

Outlining the severity of the attack, the HSE's chief exec Paul Reid said it had impacted all national and local health systems on Friday morning. He added that there had been no ransom demand at this stage and that the health service is currently in the containment stage.

Though the origins of the malware have yet to be confirmed, a professor at Ireland's Rotunda hospital told the that it had suffered a Conti ransomware attack. In cybersecurity circles, Conti is described as a human-operated “double extortion” ransomware that steals and threatens to expose information as well as encrypting it. The gang behind the malware has published data stolen from at least 180 victims on its leak site.

The HSE breach is the latest example of the growing threat to vital healthcare and infrastructure operations from hacking-for-ransom gangs. It follows a large-scale cyberattack on the UK's National Health Service in 2017, which resulted in 19,000 medical appointments being canceled after computers at hundreds of surgeries were shut down. A subsequent government report said the WannaCry attack could have been prevented through basic IT security.

In the US, officials are still grappling with the effects of the Colonial Pipeline breach last week, which forced the gasoline supplier to shut down its systems for several days. Reports claim the company paid nearly $5 million to hackers believed to be from the Darkside group operating out of Eastern Europe.