Close on the heels of Colonial Pipeline and Brentagg, Republic of Ireland's national health care systems have suffered a massive ransomware attack. The attack is significant enough that HSE, Ireland's health care service has to temporarily shut down all of its IT systems disrupting patient services including COVID-19 testing among other things.
The attack appeared to not affect all the data stored on the health system’s central servers, as no patient data was compromised. According to reports, the attackers demanded that the ransom be paid in Bitcoin, which the government has denied.
Ireland's Taoiseach (prime minister) Micheál Martin said:
'We're very clear we will not be paying any ransom or engaging in any of that sort of stuff' Taoiseach @MichealMartinTD says of the ransomware attack on the HSE | Live blog: https://t.co/itscpwqdS7 pic.twitter.com/Pl4A4JNOST— RTÉ News (@rtenews) May 14, 2021
Health minister Stephen Donelly said although the attack was significant but emergency services continued to operate normally. Also COVID-19 vaccination program has not been affected.
This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the @AmbulanceNAS. Updated information will be available @HSELive throughout the day.— Stephen Donnelly (@DonnellyStephen) May 14, 2021
Ireland joins the growing list of countries and companies being attacked by threat actors such as DarkSide, 'UNKN', REvil and Babuk group to name a few. Colonial Pipeline, German chemical major Brentagg, electronics major Toshiba and even DC police department were all attacked in recent days. DC police department even had employee data leaked when negotiations to pay ransom broke down. Toshiba's name appeared on DarkSide's leak website sometime earlier this month before falling victim to the attack.
After the Colonial Pipeline incident, DarkSide which was behind the attack has reportedly had its servers seized. The group's website is down and it has released a statement that the group is shutting down and "disbanding" due to pressure from US government.