Dublin: Staff entering work at various hospitals in Dublin on Friday 14 May found a disturbing view: all over the building, all the computer screens were dark.
The disruption has caused chaos, forcing the mass cancellation of routine appointments, blocking access to patient records, disruption tests and some key treatment services, including cancer patients.
It will probably be weeks before the systems fully recover and, with each continuing day, more delay is created, which puts pressure on the medical workers. Meanwhile, the criminal gang behind the attack threatens to release data from patients it stole during it.
“It’s a mess. There are only ordinary people. It’s totally chaotic,” a doctor at a Dublin hospital told ABC News, speaking anonymously because of hospital rules restricting staff to talk to the media.
“It will be two big moments in the fight against ransomware,” said Brian Honan, a cybersecurity consultant in Dublin.
A health system paralyzed by a cyberattack during a pandemic sounds like a disaster movie. But that is the unlikely reality that Irish officials and medical workers have been dealing with for more than a week. With the COVID-19 pandemic “everything is stretched to the minute,” said a doctor at another major Dublin hospital on condition of anonymity. “It’s just an extra stretch we didn’t need.”
A sign is in front of Naas General Hospital in County Kildare, Dublin, on 15 May 2021.
The attack began in the early hours of the morning of Friday 14 May and targeted Ireland’s Health Service (HSE) systems, as well as many hospital servers. Later, hackers would claim that they had spent two weeks on HSE systems before launching the attack and claimed to have encrypted and stolen 700 GB of data.
The impact has been extensive and probably dangerous, far beyond deferred routine appointments or additional documentation.
One of the biggest challenges is that physicians now have limited or no access to patient records, meaning they have limited knowledge of their medical history. Now lab results also need to be printed and delivered by hand. This has significantly slowed down laboratory testing and forced the health service to ration blood tests in many places, reserving them only for urgent cases.
In hospitals, everything has to be traced back on paper now. Labels printed on samples and blood transfusions are now handwritten. Staff have been advised not to even turn on the computers.
“The chance of error is massive. I mean things like people who make the wrong blood transfusions and send samples with the wrong patient’s name,” one of the doctors at a hospital told ABC News. Dublin.
A psychiatrist working on a community mental health team also spoke on condition of anonymity and described struggling to find out what medication a patient was taking without access to their records.
“I reviewed a patient and needed to make a decision about whether to change the medication. I didn’t know what it was and I couldn’t verify that information,” said the doctor, who added that a process that should have taken minutes took days.
One of the most serious impacts has been on the medical image. The software used to share X-rays and CT scans does not work, which means that in most hospitals it has become impossible to send images between departments or between hospitals. Doctors were forced to go personally to X-ray machines or relied on written descriptions. In some cases, they have resorted to taking photos of scans with their phones to be sent via messengers like WhatsApp, which is banned by the health service due to privacy laws.
A pedestrian walks through the headquarters of the Department of Health in Dublin, Ireland, on 16 May 2021.
“Is that it or do you accept that the patient is receiving poor care,” one doctor said. “It’s a nightmare.”
Doctors also can’t look back at any previous scan, making comparison impossible. When treating cancer patients, for example, doctors currently cannot see how the cancer may have spread.
Radiation therapy for cancer patients is also largely suspended because computers are needed to control dosing.
The disruption means many hospitals and clinics have had to limit their services to urgent cases only. Referrals are also affected because they must be made by phone or mail.
Doctors who spoke to ABC News said they are finding ways to treat patients through the interruption and are working harder to make up for the shortcomings. But they fear that it will be inevitable that diagnoses will be lost and that patients will suffer treatment as a result of declining systems.
Some expressed frustration that there were so few guarantees in hospital systems to protect them, noting that many hospitals are still equipped with older computers, many only run Windows 7, a program for which Microsoft stopped provide security assistance in January 2020.
The ransomware used in the attack, called Conti, is known. It was developed by a cybercrime gang believed to be based in Russia, which leases it to affiliates. The gang tried to communicate with the health service through a chat, publicly reviewable on the Dark Web. Messages posted on the chat show that the gang demanded nearly $ 20 million in ransom and also threatened to start selling stolen data during the attack, a tactic known as “double extortion.”
The Irish government has refused to pay the ransom and began the grueling process of recovering the systems, and called for help from cybersecurity companies FireEye and McAfee.
This process was helped when the band took the amazing step of providing a decryption tool to the healthcare service to unlock the files encrypted by the ransomware. The criminals gave the key a week after the interruption, but did not ignore their threat to publish the stolen data if the ransom was not paid.
Irish authorities, after testing it, found the tool to be genuine, but warned that it was malfunctioning and slow and said it was not a “silver bullet”. In a statement over the weekend, the government said “very steady progress” was now being made, thanks in part to a remodeled version of the tool, but warned it could still take weeks to recover the systems.
A screenshot taken on May 18, 2021 shows a part of the rescue negotiation page on the darknet site of Conti, a Russian-speaking ransomware group demanding $ 20 million from the publicly funded health system in Ireland .
“It’s like someone is wrapping you up, stealing your money, hitting you once and coming back with an empty wallet,” Honan, the cybersecurity consultant, told ABC News. “It’s really an empty gesture. The damage caused by that is already immeasurable. I think the general thoughts are that this is a public relations trick.”
Honan believes the gang probably realized that Ireland would not pay the ransom and was making progress in recovering their files, so they made a cynical decision to hand over the key. He noted that Colonial Pipeline paid $ 5 million for a decryption key that was running so slowly that the company had to continue to recover its backup systems anyway.
A note sent to Children’s Health Ireland staff managing several children’s hospitals in Dublin on Monday said they were still in the first phase of recovery and that services would remain restricted to urgent cases until next Friday 28 May. that in the coming days it is likely that some major Dublin adult hospitals will recover their online systems because they were not so affected.
The ransomware gang had set Monday as the deadline before it began selling stolen data from the health service. Irish Prime Minister Michael Martin said on Monday that so far there was no sign that the criminals had done so on a large scale, but authorities are still waiting for that to happen. Irish police have warned that this could mean repeated waves of data-related fraud.
“Cybercrime is not a crime without victims,” Honan said. “It’s not a crime against a computer. It hurts people.”