Three healthcare institutions in Canada, Ireland and New Zealand are in the midst of a security incident this week, highlighting the dangerous cybersecurity landscape of some of the world’s leading organizations.
The Irish Department of Health was attacked twice last week, and finally shut down its entire computer system following a ransomware attack last Thursday. The same group also hit the health service executive with a ransomware attack. Anne O’Connor, chief operating officer of the health service executive, told The Journal that the office had been affected by the Conti ransomware.
According to RTÉ and the BBC, dozens of outpatient services were canceled, a vaccine portal against Covid-19 was closed and the country has spent days trying to get its healthcare computer system back online. Irish Foreign Minister Simon Coveney called it a “very serious attack”, while Irish Secretary of State Ossian Smyth said it was “possibly the most important cybercrime attack against Irish state “.
Irish government leaders met on Monday and said the National Cyber Security Center brought in Europol, private sector experts in cybersecurity and hundreds of others to help solve the ransomware attack.
The newspaper reported that 85,000 computers were shut down once the attack was noticed and that cybersecurity teams are going through 2,000 different computer systems one by one.
“Those who carried it out have no worries about the fat impact suffered by patients in need of care or the privacy of those whose private information has been stolen. These ransomware attacks are despicable crimes, especially when they are directed at critical health infrastructure and sensitive patient data, “the government statement said.
“The significant disruption of health services must be condemned, especially at this time. Any public dissemination by criminals of this attack of stolen patient data is equally and utterly despicable. There is a risk that medical and other data will be abused. “.
Emergency services continue to operate in the country, but are now busy due to the IT outage. Many radiology appointments are canceled, according to a government statement, and there are now delays in the submission of COVID-19 test results, as well as delays in the issuance of birth, death or marriage certificates. According to The Journal, pediatric services, maternity services and outpatient clinics at certain hospitals have been affected by the attack.
Dublin Rotunda Hospital, National Maternity Hospital, St Columcille Hospital, Child Health Ireland (CHI) Crumlin Hospital, The UL Hospitals Group, have reported different levels of IT cuts .
Health Minister Stephen Donnelly added this week that the HSE payment system was overthrown by the attack and that the 146,000 people working in the healthcare industry will face problems with full payment.
On Thursday, the Financial Times reported that the people behind the ransomware attack were demanding $ 20 million to restore the system and had already begun leaking private information about patients online. Irish Prime Minister Micheál Martin had previously told the BBC that the government would not pay the ransom.
New Zealand faces a similar problem as IT services in its healthcare system report a cybersecurity incident that ended the entire system. Clinical services at Waikato, Thames, Tokoroa, Te Kuiti and Taumarunui hospitals have been affected by the attack. Even landline services have fallen and the government has said some external consultations may need to be canceled. More than 30 elective surgeries were canceled in recent days due to the shutdown.
In addition to the attacks on Irish and New Zealand healthcare systems, Canadian insurer Guard.me, one of the world’s largest insurance companies, is still dealing with a demolished website after “suspicious activity was directed at the guard website. .me “. The site still does not work, with a long message explaining that they withdrew their website as a precaution.
Guard.me provides students studying abroad with international health coverage and the company has already sent a letter to students informing them of the attack, according to Bleeping Computer.
The letter admits that the “suspicious activity” they captured was actually someone who accessed a database containing birth dates, sexes, phone numbers, email addresses, email addresses, student passwords .
Cybersecurity expert Mathieu Gorge, CEO of VigiTrust, based in Ireland, said ransomware gangs and other cybercriminals have repeatedly demonstrated through attacks on health systems during the pandemic that they have little regard for human life or privacy.
“What worries me most about this is that it has established a trend that allows critical infrastructure to be attacked anywhere and everywhere,” Gorge said. “And they are not necessarily sophisticated attacks by nation-states; they are low-skilled attacks with huge consequences exploiting attack surfaces that, frankly, should be better protected.”
Saryu Nayyar, CEO of cybersecurity company Gurucul, said ransomware gangs have now perfected the art of monetizing every aspect of an attack. In addition to the rescues they generate by attacks, medical records, she says, contain highly sensitive personal data that can be used to make money socially from frail patients who are not as smart as the elderly, not to mention the obvious identity theft. .
“The fact that the Irish government is not giving in to the attacker’s demands is a sign that it is confident of having backups to restore its systems and data sufficiently. But cybercriminals are likely to publicize their reservation of sensitive health data. patients just because they can and are bad, ”Nayyar added.
“Normally, the price of the ransom is determined by the amount of cybersecurity insurance the victims’ organization has. The Irish government may not have cybersecurity insurance, but in this case it doesn’t matter, as it is known that Conti operates on the basis of “double extortion attacks, so the data will be made public anyway. “
Zerto’s vice president of product marketing, Caroline Seymour, noted that even when organizations have backups or recovery systems, they can have days or weeks, leading to inevitable gaps and data loss that can be highly damaging. , in addition to significantly adding to the overall cost of recovery.
Many other experts noted that the rush to digitize hospital services around the world has left almost all countries vulnerable to ransomware operators eager to hold hostage the critical arms of governments.
With millions of dollars being earned through ransomware, the gangs behind it have become more methodical and are now managed as companies with scalable campaigns, according to Hank Schless, senior manager of Lookout.
“Historically, attackers were much more likely to attempt to brutally break into infrastructure and exploit the weaknesses of their defenses,” Schless explained.
“Every day, hundreds, if not thousands of users, connect to the corporate infrastructure from unmanaged devices and networks. They also hope to have seamless access to a mix of local and cloud-based services in order to do their job. takes place outside the security of the traditional perimeter, it could open countless back doors to your infrastructure. “