LONG delays are expected for patients attending services across UL Hospitals Group this Friday as a result of a serious ransomware attack on HSE IT systems but the operation of the Clare vaccination centre at Treacys West County Hotel remains unaffected.
On Friday, the HSE temporarily shut down its system following what it labelled a “significant ransomware attack” which they became aware of overnight. The situation is currently under assessment by security partners of the HSE.
Ransomware is a form of malicious software (malware) that encrypts a victim’s files. The cyber attacker then demands a ransom from the victim to restore access to the data upon payment. No ransom demand has been made as of yet.
Emergency services across hospitals in the UL Hospitals Group continue to operate on Friday. Patients with an outpatient appointment or a scheduled procedure across our six hospitals are advised to attend for their appointments/procedures unless they are directly contacted by the hospital and advised otherwise.
As a result of difficulties experienced with the phone lines at UHL, a temporary reception phone number has been set up (061482119).
A crisis response plan was activated by the National Cyber Security Centre (NCSC) when it was informed of the issue. A spokesperson for the NCSC said they are “intensively engaging with the HSE and deploying its resources to fully support the HSE in identifying the affected systems and to bring all systems back online”.
Efforts are being made to identify the technical details of the malware used in the incident. The NCSC is also engaging with EU and other international partners to share information on this incident and to ensure that the HSE has immediate access to international cyber supports.
Minister for Environment, Climate and Communications, Eamon Ryan (GP) and Minister of State for Public Procurement and eGovernment Ossian Smyth (GP) were briefed by the NCSC earlier this morning and were briefed again at midday.
A spokesperson for UL Hospitals Group told The Clare Echo that emergency services and unscheduled care will continue to operate across their six sites which includes the injury unit at Ennis Hospital and also the emergency department at University Hospital Limerick and the Early Pregnancy Assessment Unit/Maternity Emergency Unit at University Maternity Hospital Limerick. “We apologise for any inconvenience caused to patients and to the public and will give further information as it becomes available. We are appealing to members of the public to bear with us as we switch to manual back-up systems”.
“In implementing our contingency plans, we are largely operating manual back-up systems. Patients attending our services today can expect delays until such time as patient information, diagnostic reporting and other affected IT systems are secure and operational. Patients attending for scheduled care (outpatient clinics and elective surgery) are advised to attend as scheduled (unless contacted directly by us and advised otherwise) but also to expect delays,” the spokesperson added.
Vaccination centre in the Mid-West are unaffected by the ransomware attack. Persons with a vaccination appointment are asked to attend at the West County Hotel, the Radisson Blu Hotel, and Abbey Court Hotel, Nenagh as scheduled.
Chief Executive of the HSE, Paul Reid said the matter was “a major incident”.
In October of last year, the confidential treatment records of tens of thousands of psychotherapy patients in Finland were hacked and some leaked online. Many patients reported receiving emails with a demand for €200 (£181) in bitcoin to prevent the contents of their discussions with therapists being made public. Security experts reported that a 10-gigabyte data file containing private notes between at least 2,000 patients and their therapists had appeared on websites on the “dark web”. The hack, which targeted some of society’s most vulnerable – including children caused widespread shock in the Nordic country of 5.5 million people.
