70pc of devices back in use following HSE cyberattack

23 Jun 2021

Image: © kras99/Stock.adobe.com

HSE CEO Paul Reid said the immediate financial costs of the ransomware attack are ‘well over €100m’.

More than a month after a major ransomware attack on the Irish Health Service Executive (HSE), 75pc of the HSE’s servers have been decrypted and 70pc of end-user devices are now back online.

That’s according to HSE CEO Paul Reid, who spoke to an Oireachtas Joint Committee on Health this morning (23 June).

The attack involved malware known as Conti, which is a ‘double-extortion’ ransomware, meaning that as well as holding access to systems to ransom, criminals might also steal information stored on the system.

Almost a week after the attack, stolen health data reportedly appeared online, prompting the HSE to secure a High Court injunction against the sharing of this data. Reid told the committee today that he doesn’t know of any further leaking of data, however he warned that the organisation “can never be confident we’ve seen the worst of this”.

Additionally, while many systems are now operational again, Reid said that restoring interoperability between systems and sites is ongoing, which will continue to impact services.

“Although we can effectively decrypt data, that is only one element. The malware must also be eradicated,” he said.

“Decryption takes much longer than the original encryption, and eradication involves additional tasks to ensure that the perpetrators have no access route back into our systems.”

Costs of the cyberattack

Reid told the committee that it will take months before systems are fully restored. “There is no underestimating the damage this cyberattack has caused,” he said.

“There are financial costs certainly, but there will unfortunately be human costs as well. I assure members, and the public, that we are doing everything possible to restore the systems.”

Some of the financial costs include the technical work on decrypting the systems and eradicating the malware, as well as replacing devices, upgrading key systems and other third-party costs.

When asked for more clarity on the financial costs of the attack, Reid said that while long-term costs are still being estimated, he said that immediate costs are “well over €100m”.

In the midst of the attack, the cybergang involved sent a ransom note demanding payment of almost $20m for the data stolen in the attack.

However, paying ransoms for cyberattacks is generally not advised. Noel O’Grady, director of Sungard Availability Services Ireland, explained that paying cybercriminals “sends the message that an organisation is willing to hand over money and can put a target on them for future attacks”.

Jenny Darmody is the deputy editor of Silicon Republic

editorial@siliconrepublic.com