Irish Health Service Breach Leads to IT Systems Shutdown

The Irish Health Service Executive (HSE) suffered from a data breach last Friday, May 14, 2021, leading it to shut down its IT systems from the ransomware attack, reports Bleeping Computer.

The Conti ransomware gang called Wizard Spider was reportedly responsible for the attack, with the group demanding a massive $20 million in exchange for the decryption tool. The New York Times said Wizard Spider is a Russian-speaking cybercriminal group.

The ransomware encrypted the networks of the HSE, with the Conti gang demanding payment in exchange for the said decryption key. In response to the incident, the company took its IT systems off the radar.

Irish Health Service Ransomware Attack

Bleeping Computer said that the Conti gang claims to have gained unauthorized access to the HSE networks for two weeks, with the attackers stealing around 700 gigabytes worth of data. These include patient information, financial statements, contracts, payroll, and many others.

In a statement, the HSE took to social medial platform Twitter to say that they “have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us (to) fully assess the situation with our own security partners.” The HSE has also apologized to the public for the cybersecurity attack.

Despite the demand made by the attackers, Bleeping Computer reports that Ireland’s health services will not be paying the ransom asked by the Conti gang. Irish Prime Minister Micheal Martin said to an RTE broadcaster, “We’re very clear we will not be paying any ransom or engaging in any of that sort of stuff.”

A week after the initial ransomware attack occurred, the New York Times reports that the Irish health system is still underwater. The news site states that the incident has led to patient records being inaccessible to medical professionals and practitioners. In addition, medical appointments, as well as Covid-19 testing, have been cancelled and delayed respectively.

Bloomberg reveals that the hackers responsible for the ransomware attack posted a message on Thursday, May 20, 2021, that it will be giving the decryption key in exchange for payment, saying, “We are providing the decryption tool for your network for free. But you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation.”

From the initial amount of $20 million demanded by the hackers, the group is now supposedly demanding $19,999 in payment, reports Bloomberg.