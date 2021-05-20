



A cyber attack on Irelands health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing and forcing medical appointments canceled. Using ransomware, which is malware that encrypts victims’ data until they pay a ransom, the people behind the attack have held the data hostage in a publicly funded health care system in Irelands, the Health Service Executive. The attack forced the HSE to shut down its entire information technology system. At a news conference Thursday, Paul Reid, HSE chief executive, said the attack was shaking his stomach. Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said hospitals were forced to keep all their data on paper. We were back in the 1970s, she said.

Security researchers believe the attack on Irelands hospitals was the work of a Russian-speaking cybercriminal group known as the Spider Wizard. In a ransom note posted online, criminals have threatened to publish stolen health network data if officials do not pay a ransom of $ 19,999,000.

Irelands Prime Minister, Michel Martin, said the government would not pay. We were very clear that we would not pay any reward, he said at a press conference last week. Mr Reid said the impact would be felt for many weeks. This is not a short run, said Mr. Reid. This will be a lasting impact of the period. The attack is the latest in a spate of ransomware attacks on hospitals around the world in recent weeks.

In California, Scripps Health, which operates five hospitals and a number of clinics in San Diego, is still trying to restore its systems online two weeks after a ransomware attack destroyed its data. In New Zealand, an ransomware attack paralyzed numerous hospitals across the country, forcing clinicians to use pen and paper, and postponing non-selective operations. Late last year, a ransomware attack at the University of Vermonts Medical Center destroyed the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory. The attacks come at the head of a similar ransomware attack on the Colonial Pipeline, the U.S. pipeline operation that supplies nearly half of the East Coast gas, oil and fuel. This attack prompted the Colonial Pipeline to close its pipeline operations, causing the purchase of pump panic and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, another cyber criminal gang called DarkSide, nearly $ 5 million to decrypt its data. The attack in Ireland has caused congestion inside emergency rooms from Dublin to Galway and patients have been urged to stay away from hospitals unless they seek urgent care. In many Irish counties, appointments have been canceled for radiation treatments, MRI, gynecological examinations, endoscopy and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working. Irish health officials said Thursday that the HSE was working to build a new network, separate from the one affected. Hundreds of experts have been recruited to rebuild 2,000 distinctive systems. The effort is likely to cost tens of millions of euros, said Mr. Reid. The HSE said Thursday it was equipped with a key that could decrypt data held for reward, but it was unclear if it would work.

Ransomware attacks against hospitals escalated after two separate attempts one by the Pentagons Cyber ​​Command and a separate legal battle by Microsoft to bring down a large botnet, an infected computer network called Trickbot, that served as a channel key to ransomware. In the weeks following those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat prompted the Department of Homeland Security and the National Security Infrastructure Security Agency to warn healthcare operators to improve their protection against ransomware. Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders. Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of the Wizard Spider, the group responsible for the attack on health systems in Irelands, spoke Russian and researchers were highly confident they were Eastern European, apparently Russian. . Last month, records of a school district in Florida were held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $ 40 million in cryptocurrency. Criminals encrypted data and posted thousands of school district files online after officials refused to pay. Last December, chipmaker Advantech was also hit by Wizard Spider. Her details were posted on the so-called dark network after she refused to pay. Some cyber insurance companies have covered the costs of reward payments, estimating that reward payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have begun pressuring insurance companies not to pay ransom claims, arguing that they are only fueling more ransomware attacks and encouraging cybercriminals to make more lucrative claims.

AXA, the French insurance giant, said last week that it would no longer cover premium payments. Within days of its announcement, AXA was hit by a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines. This is just business as usual, said John Dickson, a cyber security expert at the San Antonio-based Denim Group, in an interview Thursday. These attacks should not come as a surprise to anyone who has been paying attention.

