Irish Health Service Ransom Attack Will Cost Ireland As Much As €100m

A ransomware attack on the Irish healthcare system in 2021 has caused 80 million in damages and counting, as the government continues to notify victims of the incident that their personal information was illegally accessed and copied. As many as 100,000 people had their personal data stolen during the attack.

The figures come from a letter from HSE chief information officer Fran Thompson sent to the Irish Aontú party leader, Peadar Tóibín. This comes months after the Department of Health said in February the attack could cost up to €100m.

Now, Thompson has confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) recently this year. “Ireland has a very capable national cybersecurity center and a well-oiled CSIRT team that engages the public/private sector,” said Andrew Barratt, vice president at risk management firm Coalfire. “If the cost does continue to escalate to €100m, we have to look at that in perspective and its equivalent to everyone in the Republic of Ireland having been defrauded by €20.”

According to The Irish Times, Tóibín described the costs were “enormous,” and asked for the government to complete a comprehensive assessment of the impact caused by the breach.

Russian ransomware group Conti claimed credit for the spring 2021 attack that began when the attackers sent a phishing email with a malicious Microsoft Excel file attached and ended with nearly 80% of HSE data under malicious encryption, including medical and banking data.

The attack is understood to have been generated by a malicious Microsoft Excel file that was delivered via a phishing email.

According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. 

“Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices,” commented Dave Gerry, CEO at penetration testing firm Bugcrowd. Making sure that critical applications, devices and systems are secure should remain the main priority for healthcare security professionals. “Bad actors understand the critical nature of the systems supporting healthcare organisations and the human impact behind it, leading to an increased likelihood of ransom payments,” Gerry said.

Irish Times:       Bank Info Security:     Infosecurity Magazine:    HeadTopics:   

You Might Also Read: 

Lives Are At Stake As More US Hospitals Are Hacked:
 

« Guardian Newspaper Suffers A Large Scale Ransomware Attack
Preventing Insider Threats In Kubernetes Clusters »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

InfoSecurity Magazine

InfoSecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Arab Information & Communication Technologies Organization (AICTO)

Arab Information & Communication Technologies Organization (AICTO)

The Arab ICT Organization (AICTO) is an Arab governmental organization working under the aegis of the league of Arab States.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.