“If something happened to our financial services here, similar to what happened to the NHS (in Friday’s international ransomware ‘WannaCry’ cyber attack) it would have a crippling impact in terms of people accessing cash, paying their mortgages and making payments in general,” said Pat Moran, head of cyber security at professional services firm PwC.
The IT forensics and cyber security expert said the Ulster Bank systems failure in the summer of 2012, which affected 600,000 customers’ ATM withdrawals and processing of payments over a month-long period, exemplified how such a cyber attack would affect our financial services.
Mr Moran also said that a cyber attack would put lives at risk if hospital groups and the Health Service Executive (HSE) were affected.
“In the UK on Friday, there were reports of individuals fasting and being prepared for an operation and then while on the way to theatre, they had their trolley turned around because hospital staff were unable to access medical records and health information (because of the ransomware cyber attack),” Mr Moran said.
While not commenting on the HSE specifically, he said that the healthcare sector, in general, has “underinvested in their global security measures,” despite the information they store being incredibly valuable to online fraudsters.
In Ireland, internal records show that computers within the HSE’s own IT network were the subject of a ransomware attack by cyber criminals as long ago as last June.
The attack occurred at University Hospital Galway (UHG) on June 23, 2016, when an email containing a ransomware virus was opened by a staff member, resulting in PCs on the network being compromised.
All data held on computers linked to the affected unit at the hospital was encrypted and was never recovered, although the service retained paper-based records to back up information.
“Ransomware virus on compromised PCs, loss of all data by ransomware encryption. No personal data was disclosed,” a record of the incident states.
A spokesperson for Saolta University Healthcare Group, which is responsible for the management of UHG, confirmed that an email containing ransomware was received in a “standalone UHG service” and “inadvertently opened” in June 2016.
A statement from the HSE over the weekend said: “Since the afternoon of 12 May, the HSE’s office of the CIO (chief information officer) has been working to protect the digital health system of Ireland from a global cyber attack.”
However, it is not just health bodies that need to remain vigilant but businesses too.
“We advise extra vigilance regarding cyber security on the part of all organisations and their employees,” said Ibec’s head of digital policy, Erik O’Donovan, who also called on the Government to provide significantly more funding for our National Cyber Security Centre.