Irish Health Service Ransom Attack Will Cost Ireland As Much As €100m

Uploaded on 2022-12-23 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A ransomware attack on the Irish healthcare system in 2021 has caused 80 million in damages and counting, as the government continues to notify victims of the incident that their personal information was illegally accessed and copied. As many as 100,000 people had their personal data stolen during the attack.

The figures come from a letter from HSE chief information officer Fran Thompson sent to the Irish Aontú party leader, Peadar Tóibín. This comes months after the Department of Health said in February the attack could cost up to €100m.

Now, Thompson has confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) recently this year. “Ireland has a very capable national cybersecurity center and a well-oiled CSIRT team that engages the public/private sector,” said Andrew Barratt, vice president at risk management firm Coalfire. “If the cost does continue to escalate to €100m, we have to look at that in perspective and its equivalent to everyone in the Republic of Ireland having been defrauded by €20.”

According to The Irish Times, Tóibín described the costs were “enormous,” and asked for the government to complete a comprehensive assessment of the impact caused by the breach.

Russian ransomware group Conti claimed credit for the spring 2021 attack that began when the attackers sent a phishing email with a malicious Microsoft Excel file attached and ended with nearly 80% of HSE data under malicious encryption, including medical and banking data.

The attack is understood to have been generated by a malicious Microsoft Excel file that was delivered via a phishing email.

According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. 

“Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices,” commented Dave Gerry, CEO at penetration testing firm Bugcrowd. Making sure that critical applications, devices and systems are secure should remain the main priority for healthcare security professionals. “Bad actors understand the critical nature of the systems supporting healthcare organisations and the human impact behind it, leading to an increased likelihood of ransom payments,” Gerry said.

Irish Times:       Bank Info Security:     Infosecurity Magazine:    HeadTopics:   

You Might Also Read: 

Lives Are At Stake As More US Hospitals Are Hacked:
 

« Guardian Newspaper Suffers A Large Scale Ransomware Attack
Preventing Insider Threats In Kubernetes Clusters »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Opscura

Opscura

Opscura (formerly Enigmedia) brings the reliable and cautious hands of operations together with the analytical minds of cyber experts and cryptography researchers.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

bluedog Security Monitoring

bluedog Security Monitoring

Sentinel from bluedog provides powerful and affordable internal network monitoring.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

Lifetech

Lifetech

Lifetech is a software development, product engineering and system integration company. Cybersecurity services include SIEM deployment and training.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

Airgap Networks

Airgap Networks

Airgap is fixing the fundamental flaw of excessive trust. We help enterprises modernize their network for a simple and secure infrastructure.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

RKON

RKON

RKON Technologies provides managed IT and cybersecurity services to organizations across various industries, helping businesses mitigate risks and secure their digital infrastructures.