Irish Health Service Ransom Attack Will Cost Ireland As Much As €100m

A ransomware attack on the Irish healthcare system in 2021 has caused 80 million in damages and counting, as the government continues to notify victims of the incident that their personal information was illegally accessed and copied. As many as 100,000 people had their personal data stolen during the attack.

The figures come from a letter from HSE chief information officer Fran Thompson sent to the Irish Aontú party leader, Peadar Tóibín. This comes months after the Department of Health said in February the attack could cost up to €100m.

Now, Thompson has confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) recently this year. “Ireland has a very capable national cybersecurity center and a well-oiled CSIRT team that engages the public/private sector,” said Andrew Barratt, vice president at risk management firm Coalfire. “If the cost does continue to escalate to €100m, we have to look at that in perspective and its equivalent to everyone in the Republic of Ireland having been defrauded by €20.”

According to The Irish Times, Tóibín described the costs were “enormous,” and asked for the government to complete a comprehensive assessment of the impact caused by the breach.

Russian ransomware group Conti claimed credit for the spring 2021 attack that began when the attackers sent a phishing email with a malicious Microsoft Excel file attached and ended with nearly 80% of HSE data under malicious encryption, including medical and banking data.

The attack is understood to have been generated by a malicious Microsoft Excel file that was delivered via a phishing email.

According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. 

“Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices,” commented Dave Gerry, CEO at penetration testing firm Bugcrowd. Making sure that critical applications, devices and systems are secure should remain the main priority for healthcare security professionals. “Bad actors understand the critical nature of the systems supporting healthcare organisations and the human impact behind it, leading to an increased likelihood of ransom payments,” Gerry said.

Irish Times:       Bank Info Security:     Infosecurity Magazine:    HeadTopics:   

You Might Also Read: 

Lives Are At Stake As More US Hospitals Are Hacked:
 

« Guardian Newspaper Suffers A Large Scale Ransomware Attack
Preventing Insider Threats In Kubernetes Clusters »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.