HSE Missed Cyber-attack’s Warning Signs
An investigation into the springtime cyber-attack on HSE Ireland has found that criminals spent two months inside the healthcare system's computer network before deploying ransomware.
The attack, which struck HSE Ireland with Conti ransomware in mid-May, forced the health service to take its IT systems offline, leading to the cancellation of multiple hospital appointments.
An investigation into the cybercrime, launched by Ireland’s national police service, Gardai, led to the September seizure of several domains involved in the attack.
An independent review of the attack conducted by multinational professional services network PricewaterhouseCoopers (PWC) found that HSE failed to act on warning signs that a cyber-attack could be imminent.
PWC learned that the ransomware gang behind the attack phished their way into the healthcare system's network on March 18 when an individual using an HSE computer unwittingly opened a malicious Microsoft Excel document attached to an email.
Cyber-criminals then spent eight weeks accessing sensitive data stored within the health service’s network before using ransomware to encrypt HSE’s files in May.
The review determined that there were “several missed opportunities” to detect suspicious network activity before the ransomware attack took place.
PWC found that the IT system in use by HSE was “frail” and