THE ransomware attack on the HSE could leave systems down for a while, but it’s not the first time healthcare systems have been targeted by cyber criminals.

Ransomware is a type of software that gains access to data and blocks user access to those files or systems. Then, all that data is held hostage using encryption until the victim pays a ransom in exchange for a decryption key.

Although the number of ransomware attacks have increased in recent years, they are not new, with the first attack believed to have taken place in 1989.

AIDS Trojan: The first ransomware attack

The AIDS Trojan was one of the first viruses of its kind and was spread through floppy disks. It was created by a biologist, Joseph Popp, who handed out 20,000 infected disks to attendees of the World Health Organisation’s AIDS conference.

After infecting a computer, it would ask users to “renew the license”, and contact PC Cyborg Corporation for payment. They had to pay $189 to a post office box in Panama.

Mr Popp was eventually discovered by the British anti-virus industry and was charged with 11 counts of blackmail. However, he defended himself by saying the money that went to the PC Cyborg Corporation was to go to AIDS research.

Cybercriminals target healthcare

Since then, this cybercrime has only grown in popularity, and it has taken a particular focus on healthcare services. Professor Barry O'Sullivan works at the School of Computer Science in UCC, and he explained why hospitals have become a target for these criminals.

“They are becoming more common in hospitals,” he said. “It’s obviously a horrendous thing to do, but the reason to do it is this data is valuable.

“It’s patient data, it’s test results, it’s lots of personal data. It’s data that the HSE and the Government will be very concerned about. So these people know that this is where it hurts. This is the kind of data that we really can’t have offline for very long periods of time.

“If you’re a cancer patient and you were expecting to go into hospital this morning, then your next step in your treatment plan is determined by your most recent scans, your most recent blood work. These will all be encrypted now. These will all be beyond reach by the HSE.”

Hollywood Presbyterian Medical Centre

In 2016, Hollywood Presbyterian Medical Centre in Los Angeles was targeted in an attack similar to that experienced by the HSE today.

The hospital ended up paying a $17,000 (€14,000) ransom in bitcoin to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid.

For the duration of the attack, the hospital was forced to return to pen and paper for its record-keeping.

The hospital’s chief executive, Allen Stefanek, told the Los Angeles Times: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Coordinated attack against six US hospitals

In October 2020, six US hospitals were targeted with ransomware attacks from Russian-speaking criminals.

The FBI revealed that the criminals demanded a ransom, for upward of $1 million (€824,000), to unlock the system. Some of the hospitals did end up paying out.

Thankfully, there were no reported deaths as a result of this incident. However, some of the hospitals diverted ambulances during the downtime and postponed elective procedures and services.

Cybercrimes in the future

Prof O’Sullivan said that, for the most part, ransomware attacks will not be targeted at ordinary people. However, they do pose a threat for the future.

“The question for the gardaí and for the HSE, and the Government as well, is how to respond here,” he said. “Because the data is probably unrecoverable – inaccessible – until it’s decrypted. And in order to decrypt it, one has to negotiate with these people in some way.

“People are working from home, they’re working on WiFi networks that might not be particularly secure… The person doesn’t even know they’ve been compromised.

“As we work from home more, we’re relying on people’s own home internet to be secure. We’re relying on companies being up to date with the most recent technologies. But at the end of the day, the greatest vulnerability in cybersecurity is the individual.”

In the meantime, he advises that people be wary of any phishing scams, and that they’re careful about any personal information they provide which could allow others access to private databases.