Friday 20 October 2017

Maternity and children's hospitals come under attack

Yesterday’s surveillance uncovered ransomware viruses different to the current threat, which had previously tried to hack into three hospitals. Stock picture
Yesterday’s surveillance uncovered ransomware viruses different to the current threat, which had previously tried to hack into three hospitals. Stock picture

Eilish O'Regan and Adrian Weckler

A children's hospital and a maternity hospital in Dublin were targets of the cyber attack that has infected government and healthcare systems around the world.

The Irish Independent understands Our Lady's Hospital in Crumlin and the Rotunda Maternity Hospital are believed to be among the facilities battered by hackers who tried to infect their Windows computer systems with the WannaCry ransomware.

However, in a statement, the Rotunda Hospital said that they were not targeted by the cyber attacks.

"The Rotunda Hospital was not targeted by the recent cyber attacks. The hospital has, and continues to follow the guidelines as set by the HSE in relation to this matter."

Richard Corbridge, HSE chief operations officer, confirmed that the attempts to attack computer systems across the health service in Ireland had been as "virulent" as in other countries.

However, the HSE said the current ransomware virus, which is capable of spreading across a computer network, had been thwarted and had not infected any device in the health system.

Read More: Our PCs are hopelessly dated and left vulnerable

Mr Corbridge declined to provide the names of hospitals targeted since Friday, but said some of the major centres were assaulted.

But sources have told the Irish Independent that the children's hospital and maternity hospital were both targeted.

A key defence was the decision of the HSE to shut down all inward emails since Friday, removing one of the main weapons of the hacker, and this has been extended until tomorrow morning.

"We want to ensure we capture all of the risks we can," Mr Corbridge said.

The HSE IT team has put anti-viral protections in place in around 56,000 devices including MRI scan machines .

Yesterday's surveillance uncovered ransomware viruses different to the current threat, which had previously tried to hack into three hospitals. The threat involved around 20 machines that were isolated and disinfected yesterday.

Mr Corbridge said that in a small number of cases in the last year health service machines had been infected with a ransomware virus. It is understood that hospitals in the Midlands, including Portlaoise, have been the targets of previous ransomware viruses.

It has emerged more than 150,000 home, government and business PCs running Windows in Ireland are unprotected against ransomware and cyber attacks. New figures show up to 5pc of Irish PCs are running out-of-date software such as Windows XP that is likely to be defenceless against cyber attacks.

The machines include computers in the HSE.

The figures come from Statcounter, an Irish-based research company that tracks IT systems worldwide.

Windows XP is used on computers attached to expensive medical equipment that cannot be cheaply adapted to updated systems. Modern versions such as Windows 10 are much less vulnerable.

"There's a big danger of infection with old XP computers," said Colm McDonnell, a partner in Deloitte who specialises in IT security. It's the smaller businesses and some large organisations like hospitals with specialised machines that are getting caught."

Mr Corbridge said that the HSE had reduced the number of Windows XP machines from 7,500 in 2014 to 1,500 today.

"In many cases they're running critical functions that are very expensive," he said. "It's equipment such as cardiology or radiology infrastructure and laboratory machines."

The computer statistics from Statcounter come as the Wannacry ransomware epidemic continues to threaten global PC systems. At least 200,000 computer systems around the world have been infected so far. Meanwhile, Tusla, the Child and Family Agency, expressed concerns about the potential risks to children as a result of the email shut down.

A spokeswoman said that due to the threat its inward email system had been frozen - which means it has not received any notifications of child protection concerns via email since Friday. She asked anyone with a concern to visit the www.tusla.ie website.

Dublin Information Sec 2017, Ireland’s cyber security conference, addresses the critically important issues that threaten businesses in the information age. Tickets for the event at the RDS in Dublin can be booked here.

Irish Independent

Editor's Choice

Also in Irish News