Following a massive cyberattack targeting Ireland’s health service IT infrastructure across the country nearly two weeks ago, many hospitals are still without computer services. Believed to have been launched by a cybercriminal group known as Wizard Spider, a ransomware tool called Conti was used to attack the Health Service Executive (HSE). It’s the worst cybercrime attack on an Irish state agency to date.
On May 14, 2021, the HSE’s systems and many hospital servers were targeted by Wizard Spider, encrypting and stealing more than 700GB of data. The ransomware group claims that they had been in the HSE’s systems for two weeks prior to the attack. The group then demanded $20 million in ransom for the data, which the Irish government so far has refused to pay. In the last few days, the hackers have provided a decryption tool to the HSE for free in order to retrieve the medical data; however, they are still adamant about selling or publishing the data if the ransom is not paid.
As one might expect, chaos has ensued when it comes to providing medical services. Because of the IT outage, there is strain across the board, especially when it comes to emergency services, CT scans, and x-ray appointments. Because computers are used to control proper dosing, radiation therapy for cancer patients has been chiefly suspended. According to ABC news, lack of access to patient records and medical histories makes it difficult to provide people with the care they need. Furthermore, because of the lack of computer access, labels for samples and blood transfusions need to be written by hand, so doctors worry about the potential for error.
Even though a decryption tool has been provided, it will likely be weeks before systems have returned to normal. The police also fear that people’s personal data could be harvested for years and utilized for criminal scams.
How can such attacks be prevented?
It has been widely reported that Ireland’s health services were not prepared to handle such a cyberattack, with a plethora of weaknesses apparent across the HSE’s computer systems. Among these was the use of older and legacy systems, including 37,000 computers that still use Windows 7. Windows hasn’t automatically provided security updates for the operating system since January 2020. The HSE, however, denies that Windows 7 was to blame for the incident, and experts have not yet pinpointed the specific cause. Experts say that this is something that all European countries should be worried about, as Ireland isn’t the only one depending on vulnerable legacy systems for their IT infrastructure.
To prevent such attacks on critical infrastructure in the future, agencies using out-of-date and legacy systems will need to give their cyber networks a complete overhaul. While this is a time-consuming and expensive solution, with ransomware attacks on the rise (growing by 150% in 2020 alone), it is necessary. The EU thinks so too; it’s currently working on a mandate that would require both public and private entities across the union to adhere to a higher level of cybersecurity or face hefty fines.
Making sure that staff have adequate training when it comes to social engineering is also important. Conti often gains access to networks via malicious email links, attachments, or stolen Remote Desktop Protocol (RDP) credentials. Therefore, employees knowing how to recognize suspicious or malicious communications is vital for ransomware prevention.
The attack on Ireland’s healthcare system was devastating, and unfortunately, it’s unlikely to be the last of its kind. Last week the FBI issued an alert stating that there have been at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, driving home the fact that this is a global issue. They are among 400 organizations worldwide that have been Conti targets over the past year.
Hopefully, this incident and the recent Colonial Pipeline attack serve as a wake-up call for public and private entities alike regarding up-to-date IT infrastructure. Unfortunately, unless IT systems reflect modern standards, anyone could become a target too.