On Friday the 14th of May, the HSE was hit by a ransomware attack that Ossian Smyth, the Minister for Public Procurement and eGovernment, described as “the most significant cybercrime attack on the Irish State”. The ransomware, believed to be human operated, compromised numerous hospital operations, causing the cancellation of outpatient visits, disruptions to online appointment schedules and long delays for patient waiting times. Proving the indiscriminate nature of ransomware attacks, institutions affected include Children’s Health Ireland and Dublin’s National Maternity Hospital.
BITS’ founder and MD Gavin Dixon provided his own take on the HSE cyberattack this Friday on KCLR96FM – listen to the full interview here.
What is Ransomware?
Ransomware is among a cyber-criminal’s most profitable and prevalent weapons. It’s an illicit software that provides ‘back-door’ access to the victim organisation’s systems, locking users out of files, freezing processes and essentially rendering their infrastructure inoperable. Often, the hijack allows users to access just one file: a ransom note, left by the criminals, demanding a steep payment in exchange for their compromised data.
How Does a Ransomware Attack Occur?
More often than not, via simple human error; namely, by users who fail to spot a malicious email.
Ransomware is often distributed via phishing emails: messages sent en masse by cyber criminals that contain infected links or attachments. If the email can convince the recipient to open its infected links, or download its infected files, the Ransomware can begin infecting their systems.
As you can imagine, a successful Ransomware attack is often the work of capable and organised criminal organisations with exceptional technical skills. That’s how – unfortunately – so many Ransomware groups continue to elude capture. This HSE attack is so complex and large-scale that Interpol are among its investigators, and while no known cybercrime groups have been named, international involvement is suspected.
Why the HSE?
Currently the HSE is valuable and vulnerable – two qualities that are irresistible to cybercriminals – straining under the pressure of COVID-19, the health service is already in a compromised position. Being a government institution, any money that can’t be made from a ransom demand can be made on the online black market, where stolen sensitive data can fetch a high price from an interested party. This might be why, just two days later on the 16th, the Department of Health was targeted by a cyberattack similar in nature, believed to be by the same perpetrators.
What happens now?
The HSE could give in to the attacker’s demands, which is never advisable. Not only could this cost the HSE millions, but it also demonstrates cybercrime as a lucrative money-maker while further funding the cyber criminals’ campaigns. There’s also no guarantee that any stolen assets will ever be returned.
It’s been reported that the HSE, opting not to pay the ransom, have returned to pen-and-paper processes, suggesting that they’ve completely deactivated their electronic systems in an attempt to prevent the spread of infection. We can only hope they’ve a robust data recovery system in place, or their systems, files and processes could be drastically set back. There is solace, at least, in the confirmation that the rollout of the COVID-19 vaccine has not been affected by this attack.
How Could this Have Been Prevented?
There are plenty of technical solutions that could have prevented this attack – or at least, softened the blow – but ultimately, cyber security begins at a cultural level.
Staff training might have prevented an infected email being opened, and while we can’t assume this is how HSE were compromised, it remains among the most common methods. The human firewall remains a company’s most effective form of security, so it’s important to keep employees trained against the latest criminal techniques.
Finally – crucially – companies can no longer assume they’re too small a target. While institutions like HSE make the biggest headlines, SMEs are disproportionately targeted by cyber criminals. The unfortunate truth is that any business – whatever its size – has to assume themselves a target. Not least when cybercrime is as profitable, prevalent and predatory as it has become this past year alone.
If you’re concerned about the risk of a cyberattack on your business, contact us today to discover how we can help protect your business.