Ireland has shut down most of the major IT systems running its national health service, leaving doctors unable to access patient records and people unsure whether to show up for appointments, following a “very sophisticated” ransomware attack.
Paul Reid, managing director of the Health Service Executive in Ireland, told a morning radio show that the decision to shut down the systems was a “precautionary” measure after a cyber attack that impacted national systems and locals “involved in all our basic services”.
Some elements of the Irish health service remain operational, such as clinical systems and its Covid-19 vaccination program, which is fed by a separate infrastructure. The already booked Covid tests are also continuing.
However, the system for handling referrals from general practitioners and close contacts is down, the HSE tweeted, adding that those in need of testing should go to walk-in centers that would prioritize symptomatic cases.
“This has serious implications for our health and social care services today, but individual services and hospital groups are affected in different ways. Emergency services are continuing, as is the @AmbulanceNAS [National Ambulance Service]Health Minister Stephen Donnelly wrote on Twitter.
No group has yet claimed responsibility for the attack, although Reid said Friday morning that it involved “Conti, human-operated ransomware”, referring to the type of software used. He added that the HSE had not yet received a ransom demand.
“We are in the very early stages of fully understanding the threat, its impact and the attempt to contain it,” he said, adding that he was receiving assistance from the Irish police, the forces of defense and third-party IT support teams.
The master at Rotunda Maternity Hospital in Dublin said he was advising patients who are pregnant under 36 weeks not to show up for appointments on Friday. In a statement, University Hospital Cork said patients should come for outpatient appointments, chemotherapy and surgery “unless you are contacted to cancel”, but radiology appointments and radiation therapy for Friday were canceled.
Professor Donal O’Shea, consultant endocrinologist at St Vincent’s Hospital in Dublin, told RTE radio there could be implications for patient care. “Clinical systems haven’t been targeted, but if you can’t access your computer, you can’t get results. . . so soon there will be clinical implications, ”he said. In its statement, Cork University Hospital said “only emergency blood” would be treated at this time.
Reid said patients nationwide “should still come forward until they hear something different” and that an update is expected to be available later Friday. An HSE spokesperson was unable to provide an additional update on mid-morning patient care. “We apologize for the inconvenience to the public and will give further information as it becomes available,” she added.
Healthcare workers told FT that they had been told to switch off their laptops, leaving home staff offline, and those working in hospitals are returning to pen and paper to manage patient information.
In one declaration On its website, the Irish Child and Family Agency Tusla said its emails, internal systems and child protection referral portal were also offline as hosted by the network HSE.
The attack comes as the actions of cybercriminals to disrupt public services have escalated during the pandemic. Earlier this month, hackers believed to be from Eastern Europe violated the computer systems of the Colonial pipeline, a major fuel line that supplies much of the eastern United States.
“Opportunistic cyber attacks targeting flooded healthcare organizations have been a common theme throughout the pandemic,” said Charlie Smith, consulting solutions engineer at Barracuda Networks. “These crooks are aware of the enormous importance of healthcare IT systems today and will therefore stop at nothing to disrupt such systems or steal valuable data in exchange for ransom.”