Cybersecurity experts last night warned that it could be weeks before HSE systems return to normal after yesterday's ransomware attack.
Ronan Murphy, of Cork-based cybersecurity experts Smarttech247, said it could be into next month before remedial work fixes problems caused by what has been described as "the most significant attack the Irish State has ever had".
“This will cause unbelievable disruption to the HSE,” he said.
He said that while there are hundreds of ways ransomware can be spread throughout a network, it usually starts with something as simple as an employee clicking on a link or opening an email attachment.
However, that action alone could be made all the worse if the person clicking on the link or downloading the file was working on a system that did not have all its software updated to the latest versions.
If their system did not have the most up-to-date security patches, there would have been an added vulnerability in their system.
“Ransomware exploits known vulnerabilities in a network,” Mr Murphy said. “It is not overly sophisticated.
“Once it gets into a network, it spreads very fast and encrypts data, and a ransom note pops up on the screen, warning the user they have 72 hours to pay up.”
IP-Performance’s chief information security officer Phil Cracknell, a former cybersecurity adviser to the UK government, said the attack could also have been initiated by someone figuring out the user name and password of somebody with access to the HSE network.
He also suggested that this particular attack could have been launched weeks or months ago, but only initiated early on Friday morning.
“There is not enough information out about this attack so far, “ he said.
“Various buzzwords are being used, like ‘zero-day threat’ and ‘distributed denial of service’ [DDOS] attack.
“However, you wouldn’t normally associate such attacks with a ransomware attack," he said:
He suggests that one of the things an attacker could have done is get into the network undetected some time ago and spread ransomware around the network.
“If they did this some time ago and went undetected, it could mean that hourly or daily backups would, over a period of time, be infected,” he said.
“This could lead to a situation where the company under attack tries to turn to its more recent backups to reload their systems, only to discover their backups have ransomware too.”
One of the world’s leading cybersecurity experts had warned last December that Ireland’s health service was at risk of the same deadly cyberattacks hitting other countries.
One such health service attack in September 2020 was being blamed for contributing to the death of a pensioner needing emergency care for an aneurysm in Düsseldorf, Germany.
She had to be diverted to another city because a ransomware attack at the hospital in Düsseldorf caused disruption to its IT systems.
Hospital IT systems in the UK and the US were also being targeted in so-called ransomware attacks at the time.
When asked if such attacks — including the one in Germany — could happen here, US cybersecurity expert Bruce Schneier, a speaker at the Web Summit 2020, told the: “Unless the laws of physics are different in Ireland, yes.
“There's nothing magical about anybody's borders that makes it more or less likely. These attacks happen pretty much at random, to everybody who is vulnerable."