Cyber attack on healthcare service

Irish Healthcare Service Disrupted by an Advanced Ransomware Attack

Ireland’s health service was forced to shut down after being hit by a very advanced ransomware attack. According to an article by Reuters, this attack has led to the stalling of diagnostic services, disruption of Covid-19 testing, and cancellation of appointments.

The Irish Department of Health got cyber attacked on Thursday, while the Health Service Executive (HSE) was hit by the attack on Friday.

The Irish minister responsible for e-governance has claimed that this ransomware attack was the most significant cyber attack ever to take place against the country.

The article further reveals that Ireland’s vaccination programme was not directly affected by the attack. However, as it has affected the IT systems that are used by all other health services in the country.

An article on BBC’s website mentions that the appointments in some areas may have dropped by a whopping 80%. This in itself is enough to get an idea about the scale of this ransomware attack. Along with this, as the attack has crippled their systems, health workers have been forced to use paperwork. This has delayed processes that usually took a small amount of time.

The HSE’s national clinical advisor Dr. Vida Hamilton mentioned that this attack has affected every aspect of patient care.

Dr. Hamilton said that the incident is a “major disaster” and that health workers were facing difficulties in accessing patient records. However, the Irish Prime Minister was very vocal about their resolve of not paying any ransom.

Information Shared Online

The Financial Times had reported that they had seen screenshots and files fetched by the hackers through this attack. Following this, Irish Minister Eamon Ryan described these reported health records that have been shared online as “credible”. So, this means that cyber attackers got hold of very sensitive information about patients being treated at healthcare centers.

The Financial Times report even mentions the health record of a man admitted to a hospital for palliative care among those shared online.

The Investigation that Follows

The investigation of this incident has been entrusted upon Garda National Cyber Crime Bureau. They will be working with the National Cyber Security Centre and the HSE to investigate this matter. Along with this, the country’s security experts believe that stolen information has been released to pressure organizations into paying the ransom.

The HSE has even started alerting people about the potential frauds that can trick them. They have also encouraged affected people to contact the department.

How Can Healthcare Organizations Prevent Ransomware Attacks?

The recipe to devise a perfect ransomware prevention method is almost impossible. However, a lot can be achieved in this direction by intelligent use of technology and alert individuals. Some of the following have been found to be helpful in ransomware prevention:

• Security Awareness: Healthcare organizations leave themselves at a huge risk by not focusing on the status of security awareness of their employees. Employees are the first point of contact against any cyber attack.
  It is therefore imperative for the organization to ensure that their employees can thwart a cyber attack right at its onset by recognizing and reporting it.
  Traditional methods of awareness generation are almost always monotonous and repetitive. Therefore, advised that organizations should move towards modern methods including use of security awareness tools like ThreatCop.
  ThreatCop uses a mix of simulation campaigns and a huge library of engaging awareness content to impart knowledge. Moreover, it helps the organization in identifying the weakest links with respect to cyber security so that an accurate cyber security policy can be drawn accordingly.

• Incident Response Tools: It is imperative for organizations to stop a cyber attack attempt right at the beginning. For this, it is necessary that the employees promptly report a cyber attack for its quick elimination.
  Ransomware attacks usually start with phishing emails and it is, therefore, advisable to deploy phishing incident response tools like Threat Alert Button (TAB) for quick detection and elimination of phishing emails lurking in the office environment.
• Multi-Factor Authentication (MFA): As ransomware attacks can take place through compromised emails where the identity of a colleague or senior has been impersonated, MFA protects the account from such compromise. It adds an extra layer of protection to the account, makes sure that its security remains intact even after an attacker gets hold of access credentials.
• Offline Data Backup: Data backup in offline locations is considered a cyber security best practice as it reduces the reliance on system data made inaccessible due to a ransomware attack.

Conclusion

This is not the first time that the healthcare sector has been targeted by malicious actors. These attacks have only grown in numbers and intensity since the start of the pandemic. Whether it is the French hospitals who got paralyzed by ransomware attacks or cyber attacks India’s vaccine producers, threat actors have been very active in this phase.

Seeing all this, it is important for organizations working in the healthcare sector to be proactive about their cyber security and adopt efficient and effective practices to avoid any mishaps.

For more reading on cyber security challenges and cyber attacks concerning the healthcare sector and other critical infrastructure:

• Healthcare Data on Dark Web: How Threat Actors Exploit Covid-19
• Growing Significance of Cyber Security in Healthcare Industry
• Cyber Security for Critical Infrastructure: Challenges and Solutions