Ransomware attacks on Irish health services & Colonial Pipeline cause major disruptions to critical services
Ireland’s health services hit with ransomware attack a week after Colonial Pipeline surrenders $5M in ransom
A ransomware attack on Ireland’s health services today, along with last week’s cyberattack on Colonial Pipeline in the US, are causing major disruptions to critical health and mobility services that citizens depend upon.
“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole” — Klaus Schwab, WEF
Ireland’s Health Service Executive (HSE) announced on Twitter that it was shutting down all of its IT systems as a precaution in the wake of Friday’s “significant ransomware attack.”
There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.
— HSE Ireland (@HSELive) May 14, 2021
In the same thread, HSE announced, “We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available. Vaccinations not effected are going ahead as planned,” and that “the National Ambulance Service are operating as per normal with no impact on emergency ambulance call handling and dispatch nationally.”
Update: “It has emerged this evening that the hackers have since demanded a ransom, but full detail on the demands have not been revealed yet,” according to the Independent.
“The HSE has insisted it will not pay any ransom to hackers in the nationwide ransomware attack, its bosses have insisted.”
“Possibly the most significant cybercrime attack on the Irish State”– Ossian Smyth, Ireland’s Minister of State for Public Procurement and eGovernment via RTE
“This is having a severe impact on our health and social care services today” — Stephen Donnelly, Ireland’s Minister of Health
This morning, Ireland’s Minister of Health Stephen Donnelly tweeted that the attack was “having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways,” Donnelly tweeted.
This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the @AmbulanceNAS. Updated information will be available @HSELive throughout the day.
— Stephen Donnelly (@DonnellyStephen) May 14, 2021
“If this continues to Monday, we will be in a very serious situation and will be cancelling many services” — Anne O’Connor, HSE
If the situation isn’t resolved by the weekend, HSE Chief Operating Officer Anne O’Connor warned that they may be “cancelling many services.”
“More services are working than not today,” O’Connor told reporters on Friday.
“However, if this continues to Monday, we will be in a very serious situation and will be cancelling many services.
“At this moment, we can’t access lists of people scheduled for appointments on Monday so we don’t even know who to cancel,” she added.
While a cyber attack has disrupted healthcare systems in Ireland, the United States has been dealing with its own crisis, with emergency declarations issued across 17 states due to the Colonial Pipeline ransomware attack and subsequent gas shortages.
According to the most recent numbers from GasBuddy, over half the gas stations in North Carolina, Virginia, South Carolina, Georgia, and Washington DC are experiencing fuel outages.
Our outage report has been updated this morning. Most recent numbers by state:
DC – 86%
NC – 72%
GA – 51%
SC – 52%
VA – 53%
MD – 42%
— GasBuddy (@GasBuddy) May 14, 2021
Last December, US Cybersecurity and Infrastructure Security Agency (CISA) Acting Director Brandon Wales testified before Congress that ransomware was “quickly becoming a national emergency.”
“As a general rule, we have recommended against paying ransom, in part because it furthers the business model” — Brandon Wales, CISA
According to Wales, organizations that pay out ransom are exacerbating the problem by furthering the ransomware business model.
“As a general rule, we have recommended against paying ransom, in part because it furthers the business model.”
“Ransomware is not going away as long as the business model is viable — as long as ransomware operators can do it,” he added.
While Wales warned of this six months ago, Colonial Pipeline reportedly surrendered nearly $5 million in ransom on Friday.
On Monday, the FBI confirmed the Colonial Pipeline was carried out by the group known as DarkSide (which is allegedly disbanding) while the Irish Mirror reported on Friday that the Irish HSE attack was a “zero-day threat with a brand new variant of the Conti ransomware.”
This week, a Toshiba Corp unit in France also announced it was recently hit with a ransomware attack attributed to DarkSide.
“A cyber attack with COVID-like characteristics would spread faster and farther than any biological virus” — WEF
Meanwhile, the World Economic Forum (WEF) has been prepping for a looming “cyber pandemic” that Founder Klaus Schwab says would be worse than the COVID-19 pandemic.
In July, 2020, the WEF and partners simulated a mock cyber attack exercise called Cyber Polygon, with the central theme — digital pandemic: how to prevent a crisis and to reinforce cybersecurity on all levels.
In his welcoming remarks at Cyber Polygon 2020, Schwab warned:
“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.
“The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyber attack,” he added.
Schwab added, “It is important to use the COVID-19 crisis as a timely opportunity to reflect on the lessons of cybersecurity community to draw and improve our unpreparedness for a potential cyber pandemic.”
Participants from dozens of countries will be responding to “a targeted supply chain attack on a corporate ecosystem in real time.”
If the results and recommendations from the WEF’s previous (non-cyber) pandemic simulations are any indication of what may lie ahead for society, then the findings and policies coming out of Cyber Polygon 2021 may have real-world societal impact in the very near future.
Many scenarios played out in the WEF-backed fictional pandemic simulations Clade X (May, 2018) and Event 201 (October, 2019) later came to pass, along with several policy recommendations for dealing with the COVID-19 pandemic. See more below.