Expert comment on Irish health service ransomware attack
May 2021 by Experts
Following the news that Ireland’s health service has closed down its computer systems after a ‘significant ransomware attack’, please see below for comment from security experts at F-Secure, Censornet and ThycoticCentrify.
Matt Lawrence, Director of Detection and Response at F-Secure:
“Attacks against the Healthcare sector are abhorrent and we hope that Ireland’s health service can recover as quickly as possible to minimise the damage and risk to life. Since 2019, the Healthcare sector has seen a shift from breaches caused by Internal actors to primarily External actors. Healthcare now matches the trend seen in other sectors and reflects how, in recent years, human operated ransomware has become a prevalent and an impactful threat to organisations worldwide.
A proactive approach is essential to prepare for compromise and all organisations should consider the steps necessary to enable a more a more agile, responsive and effective defensive posture before it’s too late.”
Richard Walters, CTO at Censornet:
“Ransomware attacks against any organisation can have serious consequences, but in the case of healthcare services, any downtime could cause real harm to real people in need of medical treatment. Unfortunately, healthcare systems include a lot of legacy infrastructure which is difficult or sometimes impossible to patch, making those systems a soft target.
The HSE acted extremely quickly and the response of taking systems offline whilst the extent of the attack is fully investigated and understood is vital to containing it, despite the obvious concern and unease this will cause for patients.”
Joseph Carson, Chief Security Scientist at ThycoticCentrify:
Ransomware attacks are on the rise and evolving into a very dangerous digital weapon. Not only are they on the rise but they are becoming more successful, more damaging and the ransom demands are increasing into tens of millions of dollars. Ransomware and data theft continues to be the biggest threats to organizations around the world and no one is immune. It is clear that cybercrime groups are not above targeting the healthcare sector or critical infrastructure with ransomware, making them no longer just digital thieves but now digital terrorists. When your motive is financial that is one thing, but when you put people’s lives at risks it is a serious impact to society. Cybercrime groups have to realise that targeting healthcare or critical infrastructure during a global pandemic will result in unnecessary deaths. If you do become a victim of Ransomware, you typically only have a few choices and one of them is to decide on whether to pull the plug on the systems and network which appears to have been the decision on recent ransomware victims.