‘Tens of Millions’ Needed to Fix Irish Health System After Ransomware Attack

May 18, 2021 Updated: May 18, 2021

The cost of repairing damages done to the Irish national health service by a ransomware attack on Friday will “no doubt” run into “tens of millions,” the health service boss has said.

Ireland’s Health Service Executive (HSE) shut down its IT systems on Friday morning as a “precautionary” measure after it was hit by a ransomware attack.

The system’s Chief Operations Officer, Anne O’Connor, told Newstalk radio on Sunday that many cancer treatment sessions, X-rays, and other radiology appointments had been canceled, describing perhaps the worst impact to date on a healthcare system from ransomware.

The impact of the attack on services is expected to last throughout this week and beyond, with thousands of patients facing cancelled appointments and delays.

Speaking to Ireland’s national broadcaster RTÉ on Monday, HSE Chief Executive Paul Reid said that even when the systems are back up, it’ll take awhile to know how stable the systems and the interconnectivity between them will be.

“So we are in for a period, well beyond this week,” he said.

Asked about the potential cost of fixing the problem, he replied: “This will be in the tens of millions in terms of impacts on our systems. There’s no doubt about it.”

Reid said that the HSE is working on three priorities: to enlist help of voluntary private hospitals, to get diagnostic systems, lab systems, patient information systems, and oncology services back up, and to restore basic connectivity such as mail servers.

According to Reid, there are about 19 voluntary hospitals with “standalone systems” in Dublin and Cork that can be brought on board, including the Mater, St James’, Beaumount, St Vincent’s, and Tallaght hospital.

Reid said the HSE has to assess 2,000 different systems to ascertain what information has been taken.

Minister for eGovernment Ossian Smyth told RTÉ that the data affected are mostly administrative, not clinical.

On the day of the attack, Taoiseach (Prime Minister) Micheál Martin has said that Ireland “will not be paying any ransom.”

Both Reid and Smyth said they expected some data would be published on the darkweb.

Smyth told RTÉ that the first thing hackers tried to do was to delete backup data, but the attempt has failed.

“As far as I understand, we are not aware of any server where we have lost data. We have the backups, and so far, we are not aware of any data loss,” he said.

The attack has also extended to the Department of Health—although it has not been as severely affected.

Tánaiste (Deputy Prime Minister) Leo Varadkar has said he is “not aware” of any other Government agencies that have been hit by the cyber attack.

According to RTÉ, the group behind the attack, Russian-based Wizard Spider, has been targeted for many years by the FBI, the UK’s National Crime Agency, Interpol, Europol, and other international law enforcement agencies.

Reid said he didn’t know the amount the group demanded. The Associated Press reported that the ransom negotiation page shows the amount to be $20 million (€16 million).

Meanwhile, a different cybercriminal group has hit four Asian subsidiaries of the Paris-based insurance company AXA with a ransomware attack, impacting operations in Thailand, Malaysia, Hong Kong, and the Philippines.

Ransomware attacks returned to headlines this month after hackers struck the United States’ largest fuel pipeline, the Colonial Pipeline, and the company shut it down for days to contain the damage.

PA and The Associated Press contributed to this report.