Ireland’s public healthcare system said it shut down major technology systems Friday after a ransomware attack, causing disruption at hospitals and Covid-19 testing centers.
Paul Reid, director-general of the Health Service Executive, told Irish radio Friday the attack was sophisticated and used ransomware known as Conti. He said Ireland’s Covid-19 vaccination services will continue normally because they use different technology than the country’s other healthcare operations.
Mr. Reid said the HSE hadn’t received a ransom note.
The attack appears to be the first major strike to disable a country’s centralized public health system during the Covid-19 pandemic. However, hackers have attacked individual hospitals and research centers around the world, including a Czech hospital treating coronavirus patients. Cyberattacks cost hospitals in the U.S. millions of dollars in 2020.
Other critical infrastructure industries are also battling destructive ransomware attacks. Colonial Pipeline Co. shut down operations last week after a ransomware attack, leading to gasoline shortages in the U.S. The company resumed services on Thursday.
Staff at Dublin’s National Maternity Hospital resorted to using pen and paper to record patient details on Friday after the HSE disabled all access to its IT services, said Shane Higgins, the hospital master. “It is very disruptive,” he said. The hospital, which has 1,200 employees, didn’t cancel medical appointments but advised patients there could be delays, he said. The hospital relies entirely on electronic patient records. It will likely take several days to recover, he added.
Liz Morrow said she took Friday off work and traveled about 44 miles from her home in southern County Donegal to Letterkenny University Hospital for a mammogram appointment. After arriving in the clinic, a staff member told her appointments were cancelled due to the cyberattack. Ms. Morrow said she had already delayed the mammogram several months due to the pandemic and doesn’t know when she will be able to reschedule.
The Rotunda Hospital, a maternity hospital in Dublin, said in a statement that all medical appointments on Friday were canceled, except for patients who are 36 weeks pregnant or over. Cork University Hospital said some appointments would not take place Friday but certain technology systems are running, although in a limited capacity.
Most healthcare appointments are taking place but X-rays are “severely affected,” the HSE said. The HSE said individuals won’t be able to make new appointments for Covid-19 tests, including if they were in contact with a person who tested positive or are showing symptoms. Walk-in test centers are open and people who already had appointments can still go to them.
The Conti ransomware is designed to immediately connect to computers on the same network to spread the malware, and attackers have published stolen data from victims on websites after using the ransomware, according to a report published in February by cybersecurity firm Sophos.
In the best case scenario, the HSE could recover in a few days if it has access to backup data from the systems it shut down, said Simon Woodworth, a lecturer in business information systems at University College Cork who conducts research with the HSE. If the healthcare authority doesn’t have that data, it could take longer, he added. Dr. Woodworth said the HSE has many disparate technology systems that interconnect with each other. “There’s a huge risk of disclosure of private data here,” he said.
It is often easier to shut down a large technology infrastructure than it is to restart, because experts need to make sure that different systems are restored in the right sequence, said Brian Honan, executive director of BH Consulting, a Dublin-based firm that advises companies, including after ransomware attacks.
“The key thing is not just to bring data back, but making sure the integrity of the data or any other system or environment that depends on that data doesn’t disrupt the other systems as well,” he said.
Recovering from a ransomware attack involves several slow, careful steps, Mr. Honan added. “Along every stage you want to make sure you’re not enabling the criminals to get back in,” he said.
Write to Catherine Stupp at Catherine.Stupp@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8