The Irish health service has temporarily shut down its IT systems after it was targeted by a “significant ransomware attack”.
The Health Service Executive (HSE) announced it had taken the precaution of shutting off all its systems to protect them from the attack and to allow it to assess the situation with its security experts.
The HSE confirmed that Covid vaccination appointments were still going ahead as planned as they run on a separate system, and that its ambulance services were also operating as normal.
“We apologise for inconvenience caused to patients and to the public, and will give further information as it becomes available,” it said.
Paul Reid, HSE chief executive, told RTÉ’s Morning Ireland radio show, said the attack was “very sophisticated” and that it had affected all of the organisation’s local and national IT systems.
“We became aware of it during the night and we obviously acted on it right away,” he said. “The immediate priority is to contain it, but it is a human-operated ransomware attack where they would seek to get access to data and seek a ransom for it.”
Equipment in intensive care units and other machines used in hospitals was unaffected by the attack, which has targeted the service’s IT systems, as they run on local infrastructure.
The HSE was working with the gardaí, Defence Forces and the National Security cyber team to try and fully understand the level of threat and attempt to contain it, he said.
Ransomware is malicious software designed to infect systems and demand a ransom to release sensitive personal or financial information, and is often distributed through phishing emails and downloaded files that exploit weaknesses in a device’s security to access a person’s data.
Mr Reid said there had been no ransom demand at present, and urged people to attend their planned appointments unless they were contacted advising them not to come.
The Rotunda maternity hospital in Dublin said it had cancelled many routine appointments because of the serious IT issues, advising patients to attend only if there were 36 weeks pregnant or later or if they had urgent concerns.
Cyber attacks on hospitals and health care providers have increased in recent years, exacerbated by the outdated computer systems many are still using, leaving them vulnerable to hacking.
A woman died after the German hospital she was being treated in was targeted by hackers in September last year, in what was believed to be the first death linked to a cyber attack on a hospital.
The Düsseldorf University Hospital’s IT systems failed following a cyber attack on a vulnerability in “widely used commercial add-on software,” forcing doctors to transfer emergency patients to other hospitals.
The unnamed woman died after being diverted to a hospital 20 miles away in Wuppertal, meaning doctors had been unable to start treating her for an hour, according to a report from the Associated Press.
A major ransomware attack hit 48 NHS trusts in England and Scotland in May 2017, which could have been prevented if “basic IT security” measures had been taken, an independent investigation found.
The head of the National Audit Office (NAO) warned the health service and Department of Health to “get their act together” shortly after the crisis, which saw machines at a third of health trusts across England infected by malware, or risk suffering a more sophisticated and damaging future attack.
A ransomware attack earlier this week on the US Colonial Pipeline caused fuel shortages in the country. The pipeline resumed operation on Thursday.