Last night, the HSE became aware that they were the victim of a serious and sophisticated ransomware attack. At the time of writing, there is very little detail on the exact nature of the attack, but the following information has been made public.
- The attack was coordinated by humans and not automated by a botnet.
- The attack targeted the HSE servers that host their patient record database.
- No ransom request has been made at the time of reporting and all other hospital systems remain unaffected.
If this was just a standard ransomware attack and no other destructive software infiltrated the network, it should be relatively easy for the HSE to restore the affected data from their last reliable backup. The fact that Paul Reid, the CEO of the HSE, has described the attack as “serious and sophisticated” would suggest that this was more than just a ransomware attack that encrypted data. There is always the possibility that the attackers gained admin level access to the HSE’s systems and have stolen sensitive patient data. If this is the case, it will leave the HSE in a grave predicament as they will not want to pay a ransom to the attacker(s) but they will also not want the stolen data to be published on the public Internet. Lets hope this is not the case.
The most basic defences to ransomware are as follows:
- Use anti-virus software that has ransomware protection functionality.
- Use firewall services to detect intrusion attempts and to block network entry points.
- Monitor your network devices and computers for possible intrusion attempts
- Educate your staff and contractors about phishing and “trojan” emails.
- Have a robust business continuity plan in place that defines how you will resume form a serious network breach.
- Test your recovery systems regularly.
If you have concerns about your own network and would like advice about ransomware attacks, please contact us on 1091388304.