Irish Health Service Ransom Attack Will Cost Ireland As Much As €100m

Uploaded on 2022-12-23 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A ransomware attack on the Irish healthcare system in 2021 has caused 80 million in damages and counting, as the government continues to notify victims of the incident that their personal information was illegally accessed and copied. As many as 100,000 people had their personal data stolen during the attack.

The figures come from a letter from HSE chief information officer Fran Thompson sent to the Irish Aontú party leader, Peadar Tóibín. This comes months after the Department of Health said in February the attack could cost up to €100m.

Now, Thompson has confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) recently this year. “Ireland has a very capable national cybersecurity center and a well-oiled CSIRT team that engages the public/private sector,” said Andrew Barratt, vice president at risk management firm Coalfire. “If the cost does continue to escalate to €100m, we have to look at that in perspective and its equivalent to everyone in the Republic of Ireland having been defrauded by €20.”

According to The Irish Times, Tóibín described the costs were “enormous,” and asked for the government to complete a comprehensive assessment of the impact caused by the breach.

Russian ransomware group Conti claimed credit for the spring 2021 attack that began when the attackers sent a phishing email with a malicious Microsoft Excel file attached and ended with nearly 80% of HSE data under malicious encryption, including medical and banking data.

The attack is understood to have been generated by a malicious Microsoft Excel file that was delivered via a phishing email.

According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. 

“Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices,” commented Dave Gerry, CEO at penetration testing firm Bugcrowd. Making sure that critical applications, devices and systems are secure should remain the main priority for healthcare security professionals. “Bad actors understand the critical nature of the systems supporting healthcare organisations and the human impact behind it, leading to an increased likelihood of ransom payments,” Gerry said.

Irish Times:       Bank Info Security:     Infosecurity Magazine:    HeadTopics:   

You Might Also Read: 

Lives Are At Stake As More US Hospitals Are Hacked:
 

« Guardian Newspaper Suffers A Large Scale Ransomware Attack
Preventing Insider Threats In Kubernetes Clusters »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

Fraugster

Fraugster

Fraugster provides the most precise anti-fraud solution for e-commerce businesses.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

SynSaber

SynSaber

SynSaber is a data collection, detection, and visibility solution that forms the foundation of industrial cybersecurity.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.