💰🗃️💣

Health Service Executive (HSE) Security Incident

14-May-21 1592 days ago Resolved

Incident Overview

Situation Description

The Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack on May 14, 2021, causing nationwide IT system shutdowns and significant disruptions to health services.

Event Types

Ransomware Data Breach Malware / Destructive Attack

Industry Sector

Healthcare

Geographic Scope

National (Other)

Response Actions

Took Systems or Services Offline Refused to Pay Ransom / Extortion Obtained a Formal Security Attestation or Certification

Impact Analysis

Event Types (3 identified)

Ransomware Data Breach Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

520

Data Types Compromised

PII (Personally Identifiable Information) PHI (Protected Health Information) Credentials Government Data Operational / System Data

Primary Impacts

Operational Disruption Data Exposure Financial Loss Reputational Damage Legal/Regulatory Penalties

Key Decisions Made

The HSE took down its IT systems to protect them from the attack and consider options.; Taoiseach Michel Martin stated that the ransom would not be paid.; The HSE obtained a High Court injunction to prohibit the sharing of leaked information.

Technical Analysis

Attack Method

Phishing

Threat Actor Attribution

Wizard Spider ContiLocker Team

Vulnerability / Tool

Cobalt Strike

Additional Information

From Wikipedia, the free encyclopedia 2021 cyber attack on the Health Service Executive in Ireland Health Service Executive ransomware attack Date 14May2021 ( 2021-05-14 ) Location Ireland Type Cyberattack , data breach , ransomware using Conti Target Health Service Executive (HSE) Department of Health Outcome All HSE IT systems shutdown Hospital disruptions and appointment cancellations Department of Health IT systems shutdown Medical data breach Employee record data breach Suspects Wizard Spider , ContiLocker Team On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down. [ 1 ] [ 2 ] [ 3 ] [ 4 ] It was the most significant cybercrime attack on an Irish state agency and the largest known attack against a health service computer system. [ 5 ] [ 6 ] Bloomberg News reported that the attackers used the Conti ransomware . [ 7 ] The group responsible was identified as a criminal gang known as Wizard Spider , believed to be operating from Russia. [ 8 ] [ 9 ] [ 10 ] The same group is believed to have attacked the Department of Health with a similar cyberattack. On 19 May, the Financial Times reviewed private data for twelve individuals which had appeared online as a result of the breach. [ 11 ] On 28 May, the HSE confirmed confidential medical information for 520 patients, as well as corporate documents were published online. [ 12 ] Background [ edit ] The attackers began by sending a malicious email to a workstation on 16 March 2021. [ 13 ] The email was opened on 18 March. [ 13 ] A malicious Microsoft Excel file was downloaded, which allowed the attackers access to HSE systems. [ 13 ] The attackers gained more access over the following weeks. [ 13 ] The HSE antivirus software detected activity on 31 March, but could not block it as it was set to monitor mode. [ 13 ] On 13 May the cybersecurity provider for the HSE emailed the Security Operations team that there...

... (truncated for display)

Quick Facts

Company:: Health Service Executive (HSE)
Date:: 14-May-21
Status:: Resolved
Decision Maker:: Taoiseach Michel Martin
Position:: Taoiseach
Published:: 2021

Source Information

Original Query

Ireland Health Service Executive (HSE) final report on Conti ransomware attack recovery costs

View Original Source

Timeline

Information Published

2021

Incident Occurred

14-May-21 (1592 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats