Ransom will not be paid to perpetrators of HSE cyber attack

The HSE's chief operations officer has warned the service could be in 'a very serious situation' if the difficulties caused by the cyberattack continue
Ransom will not be paid to perpetrators of HSE cyber attack

The HSE's system Covid-19 test referral system is no longer operational following a large-scale cyberattack on the health service's IT system this morning. Picture: iStock

A ransom has been demanded from those behind the ransomware attack on the Health Service Executive (HSE).

However, in line with state policy, it will not be paid, the HSE has confirmed this evening.

The HSE suffered "possibly the most significant cybercrime in the history of the State" today, a Government Minister has said.

Minister of State for Public Procurement and eGovernment Ossian Smyth told RTÉ Radio's News at One that the Government are "deploying everything" to respond to the ransomware attack. 

Mr Smyth said that because of the nature of the attack “right at the core of the HSE” this was a criminal investigation.

"The Garda National Cybercrime Bureau are involved and we have brought in a world-class cybersecurity company for assistance,” he said.

"This is a human-driven attack using an exploit that was previously unknown. They managed to compromise the system early this morning."

Mr Symth said there is "a constant bombardment on systems,” adding that this is “just one that got through." 

The Minister, who has worked as a technical Project Manager in Saint Vincent’s Hospital and has taught at a CoderDojo where young people learn computer programming, said it is currently unknown where the attack originated and how it got into the system.

He said it is possible that attackers gained access through something as simple as a malicious email and added home working does introduce “additional risks” in this regard.

Chief Medical Officer Dr Tony Holohan said the public should not let the attack distract us from the basic public health messages.

"People can still come in for testing. The HSE is putting in measures whereby the referral process having been interrupted from GPs can come directly into walk-in centres to be tested," he told a briefing on Friday.

"What it interrupts is our ability to efficiently, for example, organise testing and referral or to generate testing and pull that back in.

"That's going to impede our ability to know the total number of cases that might arise over the course of a day."

However, he said the "really important" thing is that people who are positive still know what to do, and know what measures should be followed.

Minister of State with responsibility for Public Procurement and eGovernment at the Department of Public Expenditure and Reform, Ossian Smyth.
Minister of State with responsibility for Public Procurement and eGovernment at the Department of Public Expenditure and Reform, Ossian Smyth.

HSE could be in 'very serious situation' from cyber attack fallout

Speaking on RTÉ Radio's News at One, the HSE's chief operations officer has warned the service could be in “a very serious situation” if the difficulties caused by the cyberattack continue into next week.

At present the entire system is shut down and it will take some time to determine which sections are clear, Dr Anne O'Connor said.

She said many clinics and services are continuing today with appointments scheduled in advance, but there could be delays as everything is being done manually.

“If this continues into Monday we will be in a very serious situation and we will have to cancel more appointments.” 

Dr O'Connor said the HSE is not aware that any personal information has been compromised at this time.

The cyberattack was a ‘zero day threat,' she added, which meant that it was a brand new vulnerability and the HSE had no previous knowledge of it.

Dr Anne O'Connor, HSE Chief Operating Officer
Dr Anne O'Connor, HSE Chief Operating Officer

The National Cyber Security Centre (NCSC) has activated its crisis response plan and said it is “intensively engaging” with the HSE and deploying its resources to fully support the HSE in identifying the affected systems and to bring all systems back online.

“The NCSC is also working with the HSE to identify the technical details of the malware used in this incident and will issue an advisory later to share these details.” The NCSC confirmed it is also engaging with EU and other international partners to share information on this incident and to ensure that the HSE has immediate access to international cyber supports.

It is understood Gardaí are working with Interpol, regarding the attack.

Vaccine registration portal test and trace systems restored

The Covid-19 vaccine online registration portal is back online this evening. Those who are aged 50-69 can register for their vaccine here.

Covid test results and contact tracing services have been restored to normal tonight after not being operational all day on Friday following the large-scale cyberattack this morning.

People who have symptoms of Covid-19 are advised to self-isolate and can avail of testing on a walk in basis at any of our static or walk in test centres.

This afternoon, the Health Minister said all static Covid-19 testing sites are operating as 'walk-ins' for both those with symptoms and those without.

Stephen Donnelly said the HSE is adding three additional pop-up centres next week.

These three centres will be:

  • Tallaght Stadium, Dublin - May 16-21, 11am-7pm 
  • Hyde Park, Roscommon - from May 17, 11am-7pm 
  • Louth County Council building, Bolton Street - May 18-20, 10am-6pm.

While contact tracing was down today, the HSE moved all contact tracing to two sites that remained operational.

Tracers will call the required individuals with detected results and will gather the required data. They will continue to gather close contact information and call close contacts to ask them to attend a walk-in site for testing.

However, the HSE stated that this process may take longer than usual.

Despite the challenging day for the HSE, Health Minister Stephen Donnelly said the vaccination programme continued to perform with the Aviva vaccination centre surpassing 52,000 vaccinations - more than the capacity of the stadium.

The overall Covid-19 vaccination programme was not been affected by the ransomware attack as it operates on a separate system. The National Ambulance Service (NAS) is also operating as normal.

HSE CEO Paul Reid has said the service is working with gardaí, the Defence Forces and third-party cybersecurity experts to respond to the attack.

Mr Reid told RTÉ Radio’s Morning Ireland that they had become aware of the attack overnight which was targeted at the information-sharing systems across the HSE’s network shared on central servers.

The IT systems were then shut down as a precaution.

Equipment within hospitals was based on local infrastructure and they were not impacted, he explained.

Mr Reid said the attack was “significant” and was not “a standard attack."

Health Minister Stephen Donnelly has said he has been in close contact with health officials on the matter throughout the day.

“We are working to ensure that the systems and the information is protected,” he said.

Mr Reid said the HSE was still in the early stages of understanding what had happened but he believes it was “human-operated” with attackers attempting to access data and seeking a ransom.

However, he later clarified that no ransom had yet been sought.

“There has been no ransom demand at this stage. The key thing is to contain the issue,” he said.  

HSE CEO Paul Reid said the HSE was still in the early stages of understanding what had happened. File Picture: Leon Farrell / Photocall Ireland
HSE CEO Paul Reid said the HSE was still in the early stages of understanding what had happened. File Picture: Leon Farrell / Photocall Ireland

It is understood the HSE has instructed people who have not yet logged on to its network to keep their machines switched off.

Services affected

Hospitals around the country have been affected by the attack, with several cancelling outpatients appointments and others limiting their services for today. 

HSE Chief Clinical Officer Dr Colm Henry said it will take days to resolve the issues caused by this morning's attack.

"It is going to take a number of days to get to the bottom of this, to resolve it and to reopen those systems on which our services depend on those IT systems," said Dr Henry.

The HSE highlighted that x-ray appointments are "severely affected".

The National Maternity Hospital in Dublin has said its services will be disrupted today. The hospital has asked patients to attend scheduled appointments and bring hospital registration details with them until further notice.

The Rotunda Hospital said services on Monday and Tuesday will be impacted by the recent cyber attack.

It's asking people under 36 weeks pregnant not to attend for appointments or scans.

All outpatient appointments and inpatient elective surgeries are cancelled.

Babies under two weeks old should attend their appointments, while babies older than two weeks will be rescheduled.

Anyone who is unsure if they are affected is advised to contact the hospital.

The Mater Hospital has said it has disconnected its network from the HSE's and cancelled a Covid-focused webinar scheduled to take place this afternoon. 

Cork University Hospital (CUH) meanwhile has said it will be "limited" in the number and type of services it can provide today

CUH said its labs are "severely affected" with existing GP blood tests no longer able to be processed. Emergency bloods will be processed, however. 

Radiotherapy appointments are also cancelled, and anyone planning to attend the hospital's emergency department has been told to expect delays. 

University Hospital Limerick Group has advised all emergency services are continuing across the group’s hospitals including the Emergency Department at UHL, injury units at Ennis, Nenagh and St John’s hospitals and the Early Pregnancy Assessment Unit/Maternity Emergency Unit at University Maternity Hospital Limerick.

UHL has advised outpatients with appointments to still attend but warned they can expect delays. 

The Dublin Midlands Hospital Group said its running all its services as scheduled today.

It said some disruption is expected into next week at its seven hospitals in Dublin, Kildare, Laois and Offaly.

All patients should attend their appointments as scheduled unless they hear otherwise from the hospital where the appointment is scheduled.

The attack is having considerable impact on services at University Hospital Galway and at Merlin Park and Portiuncula hospitals.

All outpatient x-ray, CT and MRI appointments are cancelled while at UHG radiotherapy appointments have been cancelled. In addition to the IT systems, some telephone systems are also affected.

Outpatient, chemotherapy and maternity appointments are continuing as normal and patients should attend their appointments.

Children's Health Ireland (CHI) has advised all patients aged 16-18 who are scheduled to receive their vaccine in CHI at Connolly this weekend to attend their appointment as normal.

In Cavan and Monaghan Hospitals, all outpatient radiology appointments have been cancelled today with the exception of urgent maternity cases.

Long delays can be expected at the emergency department. The minor injuries unit in Monaghan hospital is open and vaccine and test centres are operating.

At the National Orthopaedic Hospital Cappagh, outpatient clinics will operate in a limited capacity over the coming days. The Joint Register Clinic tomorrow has been cancelled and several outpatient clinics from Monday have also been cancelled.

Patients with queries about outpatient appointments can contact the hospital on 01 814 0401/8.

Mr Reid urged the public to plan to attend any health appointments today “unless you hear from us.”

You can find a county-by-county breakdown of hospital disruptions via its website.

Earlier: Rotunda cancels all outpatient appointments

The Rotunda Maternity Hospital said the attack is affecting all of the hospital's electronic systems and records.
The Rotunda Maternity Hospital said the attack is affecting all of the hospital's electronic systems and records.

Due to the cyberattack, one of the country’s busiest hospitals has cancelled all outpatient visits for today.

The Rotunda Maternity Hospital said all of its electronic systems and records are now inaccessible.

In a statement, the hospital said all appointments for today, Friday, May 14, have been cancelled, except to those for women 36 weeks pregnant or later, or to anyone in a major medical emergency.

All gynaecological clinics have also been cancelled.

Master of the Rotunda, Professor Fergal Malone earlier told Morning Ireland  that the hospital became aware of the ‘conti’ ransomware attack on its systems overnight.

Prof Malone said patients in the hospital were being cared for as normal and that all machinery and equipment at the hospital - including vital lifesaving equipment - was still operational.

The hospital's inability to access its records means it has had to switch back to its contingency paper-based record-keeping system. Prof Malone said this change meant information entry was now happening at a much slower rate than normal.

Prof Malone was unable to say how long he anticipated the hospital's electronic systems might be out of use.

"We use a very common system throughout the HSE for registering patients and getting the demographics, and it certainly seems that is the entry point," Prof Malone said. 

He said four other hospitals use the same system, though it was unclear as yet whether their electronic systems have also been taken offline.

Rather than speculate as to the reasons for the attack, Prof Malone said teams at the hospital were putting their focus on keep operations going. 

“We will leave it to authorities to pursue how this happened and where it originated from," he said. 

*Note: This article was edited to correct an error at 12.25pm on May 14

More in this section

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.