The Health Service Ransom Attack Will Cost Ireland As Much As €100m

A ransomware attack on the Irish healthcare system in 2021 has caused 80 million in damages and counting, as the government continues to notify victims of the incident that their personal information was illegally accessed and copied. As many as 100,000 people had their personal data stolen during the attack.

The figures come from a letter from HSE chief information officer Fran Thompson sent to the Irish Aontú party leader, Peadar Tóibín. This comes months after the Department of Health said in February the attack could cost up to €100m.

Now, Thompson has confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) recently this year. “Ireland has a very capable national cybersecurity center and a well-oiled CSIRT team that engages the public/private sector,” said Andrew Barratt, vice president at risk management firm Coalfire. “If the cost does continue to escalate to €100m, we have to look at that in perspective and its equivalent to everyone in the Republic of Ireland having been defrauded by €20.”

According to The Irish Times, Tóibín described the costs were “enormous,” and asked for the government to complete a comprehensive assessment of the impact caused by the breach.

Russian ransomware group Conti claimed credit for the spring 2021 attack that began when the attackers sent a phishing email with a malicious Microsoft Excel file attached and ended with nearly 80% of HSE data under malicious encryption, including medical and banking data.

The attack is understood to have been generated by a malicious Microsoft Excel file that was delivered via a phishing email.

According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. 

“Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices,” commented Dave Gerry, CEO at penetration testing firm Bugcrowd. Making sure that critical applications, devices and systems are secure should remain the main priority for healthcare security professionals. “Bad actors understand the critical nature of the systems supporting healthcare organisations and the human impact behind it, leading to an increased likelihood of ransom payments,” Gerry said.

Irish Times:       Bank Info Security:     Infosecurity Magazine:    HeadTopics:   

You Might Also Read: 

Lives Are At Stake As More US Hospitals Are Hacked:
 

« Guardian Newspaper Suffers A Large Scale Ransomware Attack
Preventing Insider Threats In Kubernetes Clusters »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

TUV Sud

TUV Sud

TÜV SÜD is one of the world's leading technical service organisations. Services offered include industrial cyber security.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

PizzlySoft

PizzlySoft

PizzlySoft is a global company that is seeking convergence of network and security / software and hardware. We put our value on creating the best security.

Center for Infrastructure Assurance and Security (CIAS)

Center for Infrastructure Assurance and Security (CIAS)

CIAS is developing the world's foremost center for multidisciplinary education and development of operational capabilities in the areas of infrastructure assurance and security.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.