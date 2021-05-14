The Rotunda Maternity Hospital in Dublin has cancelled most of its appointments today due to the shutdown of its IT systems as a result of the ransomware attack.

HSE Chief Paul Reid has described the ongoing cyber attack on the HSE as “sophisticated and serious”.

The HSE has shut down all of its IT systems at a local and national level in an attempt to stop the attack and protect the digital records of millions of its patients.

Mr Reid described the situation as “evolving” and said that the extent of the damage caused by the attack is not yet known.

What is this attack?

Professor Fergal Malone, Master of the Rotunda, described the attack as a Conti ransomware attack.

This is a relatively new form of ransomware attack, first seen in 2020, that not only encrypts the files it corrupts, but charges a ‘ransom’ to release them.

It is described as a “double extortion” cyberattack as it also threatens to leak the information online if the ransom isn’t paid. The Conti News site has published the hacked information of over 180 different victims and organisations online in the last year.

When did the attack start?

The HSE became aware some its systems were under attack in the early hours of the morning, Mr Reid confirmed. It then took the precautionary measure of shutting down all local and national systems in an attempt to prevent the spread of this malicious software.

How does the attack work?

If this ransomware attack follows the pattern of many other recent Conti attacks, it may well be possible the malware was inside the system for some time before being deployed by the hackers for maximum effect, infecting as many files and systems as possible. The hack usually makes itself visible at the end of the hacking process, after files have been encrypted.

Ransomware usually holds the affected files and systems hostage until the ransom is paid. Ransomware spreads throughout a computer system similar to a virus would in the wild, moving from file to file. Conti ransomware is human-operated and progressive.

Does this endanger people in hospital? Does it endanger services?

The HSE has said hospitals are still operational and the attack is just on its IT systems. While this will cause major disruption in some hospitals temporarily, all machinery and equipment used on patients in hospitals is still functional.

It is not yet known what files, if any, are behind the paywall of the ransomware so the extent of the damage to the HSE’s files is not yet known.

The Rotunda Maternity Hospital has cancelled almost all appointments today while other hospitals have said the IT shutdown will cause “severe disruption”.

Meanwhile, the State’s child and family agency, Tusla, said its internal systems are not operating due to the cyber attack.

A Tusla spokesperson said this includes email, internal systems and the portal through which child protection referrals are made.

“This measure is for security reasons as the agency is hosted on the HSE ICT network. Any person wishing to make a referral about a child can do so by contacting the local Tusla office in their area,” Tusla added.

Scheduled Covid-19 tests will go ahead today as planned, the HSE has confirmed. The HSE has asked those scheduled to attend a Covid-19 test today to continue as normal.

What will happen next?

This remains unclear. The extent of the damage to the HSE system is not yet known. If the attack was far-reaching and comprehensive, the effects on the provision of healthcare could be huge.

If the attack was detected and sequestered quickly, then it may have been limited to a small number of files and a major, long-term impact may have been avoided. This will become clear as the situation unfolds.



