HSE scrambles to halt attackers
Health facility is thought to be the first Irish victim IT experts race to beef up their computer systems GPs told: ‘Don’t open your emails in the morning’
A HEALTHCARE facility is believed be Ireland’s first victim of hackers who this week launched a global cyber-attack.
A suspected case of the ‘Wannacry’ ransomware virus was spotted in a HSE-funded voluntary organisation in Wexford yesterday.
IT experts around the country are now racing to strengthen their systems in anticipation of further attacks this week.
The incident has been contained and prevented from spreading as the computer systems at the facility are separate from the main HSE computer network.
Overnight, the HSE’s IT department has been working closely with the organisations that deliver technology to the health system to ensure systems are protected.
It said in a statement: ‘Anti-virus updates are currently being installed in these devices and a process of testing is under way. As there are approximately 1,500 devices it is expected that this process will take a number of days
Targets computers that use older software
to complete. The HSE’s IT National Service Desk has been placed on high alert to support all staff queries and actions on this matter.’
Just as Communications Minister Denis Naughten warned that the health system here could face attacks similar to those on the NHS in Britain, the HSE revealed that it had shut down all external access to its IT network, including external email. It said that there were 1,500 devices that were considered to be vulnerable.
This includes devices that deliver diagnostic imaging and bio-medical device control machines. The malware created by the hacker group is targeting computers that use an older software called Legacy, which is outdated and can be easily breached by hackers.
Mr Naughten has said that it is not only the HSE that faces threats from international hackers.
He added that the likelihood is that more attacks may be recorded next week because there is a large amount of Legacy equipment still being used.
The global cyber-attack using hacking software thought to have been developed by the US National Security Agency has immobilised Britain’s NHS computer system and has infected more than 50,000 computers worldwide.
The Wanna Decryptor malware is ‘a malicious software that encrypts files on a user’s computer locking them out of their files and threatening to delete them if a payment is not made via the online currency Bitcoin’.
More than 20 NHS hospitals were forced yesterday to divert emergency ambulances and cancel operations after its computer systems were affected. One patient, Martin Hardy, 52, was left in agony after an operation on his broken kneecap was delayed when the Royal London Hospital said his case was not urgent enough.
Mr Hardy said he would like the cyber-criminals to ‘experience being in my position’. The attack has rendered various clinical and patient systems useless across the affected hospitals.
The rapid attack struck computers in around 100 countries. The cyber extortionists tricked victims into opening malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files, a scamming technique known as phishing.
Once the email is opened, the files become locked and a pop-up appears demanding a ransom payment between €300 and €600 for the files to be released, or else they will be deleted within seven days.
Wanna Decryptor – or Wannacry – is a hacking tool thought to have been developed by the US National Security Agency but was stolen by a mysterious online hacker group called the Shadow Brokers in April. Researchers with security software maker Avast said that they observed 57,000 infections in 99 countries, with Russia, the Ukraine and Taiwan the top targets.
Dr Brian O’Mahony, IT expert with the Irish College of General Practitioners, said GPs using old computer software should not open emails on their practice computers tomorrow until IT security fears had died down. He said: ‘There is a real threat to GPs’ practice computers from this virus.’
Europol said in a statement the
Demands a ransom for files to be released
recent attack was at an ‘unprecedented level’ and would require a complex international investigation to identify the culprits. Hospitals and doctors’ surgeries interconnected by NHS computers were particularly badly hit.
It became clear yesterday that tens of thousands of NHS computers were vulnerable because they outdated, in some cases by 15 years. Many of the NHS computers still run on Windows XP, software that was vulnerable to attack as makers Microsoft stopped issuing security patches in 2014.
In March, Microsoft issued a patch to close the weakness exploited by hackers on Friday, but users who did not install the update were left vulnerable. The worldwide attack was so severe that Microsoft quickly changed its policy and announced that it would make security fixes available for free for older Windows systems, including XP.
As experts assessed the fallout from the attack, Government bodies and other organisations around the world were warned to secure their networks immediately to prevent them from being infiltrated.
One expert, Brian Lord, a former GCHQ (the home of British intelligence) director, said fear of embarrassment may have stopped the trusts coming forward to report the earlier attacks.
He said they should have led to hospitals ‘getting their basic security measures up to date and not doing the equivalent of leaving all the doors and windows wide open’.
Last night, experts warned that the NHS faced a race against time to protect its computers from a ‘second-wave’ attack 10 times worse than the first.
Second wave 10 times worse than the first