Over 95% of services and devices disrupted by HSE cyberattack fully restored

“Most of our priority systems are back online on local sites, including radiology and diagnostic systems; maternity and infant care; patient administration systems; chemotherapy; radiation oncology; radiotherapy and laboratories,” a spokesperson for the HSE said.

Restoration is “technically challenging” and needs to be completed “in a very safe way” but IT teams continue to work “around the clock seven days a week” to restore all servers and devices, the spokesperson added.

At present, less than 10 site-specific instances of systems remain to be brought back online and all enterprise systems are operational.

The majority of HSE staff have access to email, but work is ongoing regarding enabling access to historical emails.

“There still remain small, residual problems in some areas,” the spokesperson added.

Garda operation targets gang behind HSE cyber attack

Gardaí have carried out a major operation targeting the gang behind the ransomware attack on the Health Service Executive (HSE).

The operation is expected to have a major impact on the gang, with gardaí saying 753 attempts were made by ICT systems to connect domains that had been seized by the force. 

A spokesman said on Sunday: “A significant disruption operation which targeted the IT infrastructure of a cyber crime group has been conducted by the Garda National Cyber Crime Bureau (GNCCB).

“The Garda National Cyber Crime Bureau have seized several domains used in this and other ransomware attacks.”

The ransomware attack on the HSE, which occurred in May, caused major disruption to the health service.

HSE chief Paul Reid said in June that it had had a “devastating impact” and cost the health service millions of euros.

On Sunday, the garda spokesman said the seizure of the websites had “directly prevented” other ransomware attacks across the world.

A so-called “splash screen” has been used on the web domains by gardaí to warn any potential victims that it is likely that their system has been attacked by ransomware.

Gardaí are also working with other police agencies as part of the wider operation.

“A process has also commenced between the Garda Siochana and their law enforcement partners at Europol and Interpol to provide the details of the visiting URLs to the member countries to ensure that the infected systems are appropriately decontaminated,” the spokesman said.

He added that the operation will have a major impact on the cyber crime gang.

“To date a total of 753 attempts were made by ICT systems across the world to connect to the seized domains.

“In each instance, the seizure of these domains by the GNCCB investigation team is likely to have prevented a Conti ransomware attack on the connecting ICT system, by rendering the initially deployed malware on the victim’s system as ineffective.”