Healthcare Cybersecurity Case Study: Ireland's Health Service
Executive Ransomware attack
The Covid-19 pandemic has spurred the growth of telemedicine and other digital care services, which is anticipated to continue. While the pandemic inspired incredible demonstrations of cooperation and compassion, evil actors used the situation for personal gain, as with every disaster. Despite the desperate effort by hospital employees of setting up field hospitals in parking lots and clinicians risking their lives to combat the terrifying virus, hackers, ransomware gangs, and financial con artists redoubled their efforts to steal sensitive patient information.
According to the Forbes study, the number of reported hacking incidents in healthcare increased for the fifth year in a row in 2020, increasing 42%. In 2019, hacking events accounted for more than half of all patient data breaches (62%).
Cybersecurity is a significant concern for healthcare businesses all over the world. As cyber- attacks and patient data breaches become more widespread, hospitals and other care facilities need to invest enough in the patients' privacy security. Cyber-hackers regard the healthcare industry as an easy target compared to the financial, industrial, and retail sectors.
On May 14, 2021, a ransomware attack hit Ireland's Department of Health and Health Service Executive (HSE). On the Department of Health's network, malicious cyber activity was discovered. Several HSE systems were significantly harmed, and the majority of the company's other systems had to be shut down, affecting essential health services.
Ansomware attack occurs when a criminal group uses software to access a system, encrypts essential data, and then demands payment to decrypt it. The May attack in Ireland was unprecedented in Irish history, hitting nearly every aspect of the country's healthcare system, which had already been battered by more than a year of fighting Covid-19.
According to cyberlaw, a criminal gang known as Wizard Spider was identified as the perpetrators, and they are believed to be based in Saint Petersburg, Russia. Since a similar digital letter was left on the Department of Health and the Health Service Executive computers, both events are thought to be the work of the same cybercrime organization.
A remote access tool known as Cobalt Strike Beacon was discovered on the affected devices, implying that it was used to move laterally within the environment before executing the Conti ransomware payload. The assault began when a single computer failed, prompting the user (an HSE employee) to seek assistance by clicking on an infected link.
The HSE decided to turn off its IT systems as a precaution to minimize the attack's impact. For the general public and the HSE, this has had far-reaching consequences. Services that rely on computerized processes, such as scans, referrals, and diagnostic services, had to be operated manually, which caused delays. The cyberattack brought cyber security risks to the attention of Irish businesses, the media, and the general public.
The assailants were most likely pursuing monetary gain because they demanded the HSE for $20 million (£14 million) to restore services following the incident. However, the Irish government stated that it did not and would not compensate the hackers. The incident impacted several Irish hospitals. It forced the cancellation of many outpatient clinics and healthcare services since the HSE's national and local networks were nearly completely shut down.
While the HSE hack targeted a large organization, cyber risk affects all healthcare organizations, regardless of size or brand. Healthcare organizations must guarantee that cybersecurity is prioritized as a board-level problem, as it is in most other industries.
The Irish cyberattack served as a reminder of the cyber threat that healthcare organizations face today. The strike was the most severe attack on essential infrastructure in Irish history, causing treatment delays and non-emergency procedures to be canceled. Similar events have been recorded across Europe, where the failure to protect health systems and data has put patients' data under security threat.
The lack of cyber security has already been demonstrated to be one of the leading causes of healthcare service disruptions, but the need for cyber security extends far beyond that. As health services become more reliant on information technology, attackers' interest in health organizations and data develops. Terrorists, fraudsters, and other attackers can abuse data privacy, the availability of health services, or even the lives of patients.
HSE CEO Paul Reid termed the incident as "quite a sophisticated." He warned that the hospital information technology systems and the healthcare data stored on central servers are constantly being targeted.
In conclusion, health care institutions remain the most vulnerable and on target by cyberattackers. Healthcare database systems are known to hold so much information of significant monetary and intelligence value to cybercriminals. Primary healthcare providers, specialists, community and aged care providers, diagnostic service providers, government health departments, research and academic organizations, and healthcare consultancies are vulnerable to cybercrimes in the healthcare sector.