back to article Hospitals cancel outpatient appointments as Irish health service struck by ransomware

Ireland's nationalised health service has shut down its IT systems following a "human-operated" Conti ransomware attack, causing a Dublin hospital to cancel outpatient appointments. The country's Health Service Executive closed its systems down as a precaution, local reports from the Irish public service broadcaster RTÉ said, …

  1. John Riddoch

    That's a change...

    This was only a "quite sophisticated" attack, as opposed to the "highly sophisticated" attacks most organisations are targeted with.

    1. Mike 137 Silver badge

      Re: That's a change...

      'opposed to the "highly sophisticated" attacks'

      Oh, you mean the ones that emerge on investigation every time to have been total push-overs?

  2. Anonymous Coward
    Anonymous Coward

    This is very serious

    This appears to have been a deliberate and targeted attack on the Health System of an EU nation.

    1. Richard Jones 1

      Re: This is very serious

      So no doubt Brussels and what passes for its leader, Ursula What-ever, will give the problem a stern talking to and suggest that it is barred from the EU,

      1. lglethal Silver badge

        Re: This is very serious

        Yes because England did so much more when the NHS was hit.

        Yes, yes! I remember the bombing attacks in Russia against those ner'do'wells... Oh wait, No i dont. What about the sanctions? Nope none of those either... Hmmm. Arrests? Nope... Diplomatic pressure? Nope...

        Good to see Britian taking back control of its own ability to do nothing...

        Something about people in glass houses having short memories?

      2. Alan Bourke

        Re: This is very serious

        Oh yes we should kick diplomatic ass like the UK did after the 2017 NHS attack, i.e. do the square root of f**k all.

    2. fidodogbreath

      Re: This is very serious

      "We are deeply concerned that this attack was not conducted in compliance with published EU ransomware standards. The regulations specifically require RSA encryption at 1024-bit or higher, not Diffie-Hellman. Also, the regulation clearly specifies that payment demands must be in Bitcoin or Ethereum, not Doge, and the demand notice must be posted in French, German, and English in addition to the local EU country's primary language."

  3. Pascal Monett Silver badge
    Thumb Down


    I think this calls for a DDoHS : Direct Denial of Hospital Service - to be administered with a 9mm. Maybe even a Beretta.

  4. anthonyhegedus Silver badge


    When are we going to issue sanctions against countries that harbour these criminals? And of course countries that sponsor them or even are them.

    The situation has got so serious that the only solutions are incredibly uncomfortable: increased security costs, decreased convenience, even vetting employees.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sanctions?

      Is it time to fight fire with fire?

      We need to formally amend the Computer Misuse Act and or replace it with a law that not only has teeth, but clear and defined provisions for legitimate cyber-security researchers so they can operate without fear of prosecution if their intent is in the interests of HM Government.

      Just to make it really airtight, have it made retroactive to the start of the original CMA 1990 so pending cases can be reviewed as needed.

      For that matter blocking traffic from unfriendly countries is actually a viable way to prevent some attacks and should be seriously considered.

      1. katrinab Silver badge

        Re: Sanctions?

        Cut off the money supply. Individual bitcoins are traceable. Make use of this fact. Deal with any bitcoin exchanges that accept these bitcoins in an appropriate manner.

      2. Ken G Silver badge

        Re: Sanctions?

        How does a UK Law (which would breach the European Convention on Human Rights and Article 40.3 of the Constitution) help the Health Service Executive?

      3. Alan Brown Silver badge

        Re: Sanctions?

        "For that matter blocking traffic from unfriendly countries"

        doesn't achieve much as the actual criminals merely dodge around the blocks using proxies and/or mules outside the affected areas

    2. Version 1.0 Silver badge

      Re: Sanctions?

      If we decide to "target" the countries that the attacks appear to come from then we'll just see the attacks move to other countries.

      It would be far more effective to start building secure networking to stop the attacks from working. Just throwing bricks more of less in the general direction that we think the attacks are coming from will do very little except to boost postings on social media. If your roof is leaking you can't fix it by firing a gun at the hole.

      1. Doctor Syntax Silver badge

        Re: Sanctions?

        "we'll just see the attacks move to other countries"

        If sanctions include blocking traffic then there's an immediate preventative element. But a longer term element would be deterrence. If condoning or even being over-casual about enforcement were to lead to life becoming difficult for the offending country then it would become difficult or risky to make such moves.

        1. Alan Brown Silver badge

          Re: Sanctions?

          > If sanctions include blocking traffic then there's an immediate preventative element

          "The Internet sees censorship as damage and routes around it"

          These kinds of attacks can be perpetrated by an attacker using a dialup modem to a compromised box outside of the "blocked" area - and besides it's virtually impossible to block an entire country (Russia has tried on several occasions to do it the other way around, blocking all inbound traffic to create a russia-only internet - and failed every time - see comment about dialup modems)

    3. Twanky

      Re: Sanctions?

      The situation has got so serious that the only solutions are incredibly uncomfortable: increased security costs, decreased convenience, even vetting employees.

      It was always so serious:

      Increased security costs? The costs of failure to secure IT are higher. If you're increasing security spending in response to attacks you have not been spending enough (on the right things).

      Decreased convenience? Yes, if using IT properly is less convenient (and efficient) than paper then why the hell use it? Is it more 'convenient' to have to clear up the mess when IT goes wrong or allows confidential information to be stolen?

      Vetting employees? Yes, checking whether the prospective employee is ignorant* is a good idea. Being selective about who you employ (or retain) is sensible.

      * Ignorant in this context is intended to include CIOs who think that security is not part of their remit. (Me? Bitter? Not much.)

      Building a national health system (or any other service that is worth building) on shonky IT is a disaster waiting to happen.

      1. Anomalous Cowshed

        Re: Sanctions?

        A thousand upvotes for you would be too little, unfortunately I am only allowed 1

    4. 2Fat2Bald

      Re: Sanctions?

      Well, they were criminals and not state actors. So by that logic in 2005 we should have taken sanctions against the UK after the 7/7 bombings.

      I don't know what you can do against the Russian state. We don't trade that much with them, so even ignoring the question of scale economic sanctions aren't going to be effective and the military option would be a exciting yet mortifyingly brief exercise in futility. Diplomatic grumbling is probably the most we can do.

      1. Alan Brown Silver badge

        Re: Sanctions?

        If you _REALLY_ wanted to hurt Russia and make a point, you'd stop their external oil/gas sales for a while

        Oh? Who do they sell their gas to? Ah....

  5. Mike 137 Silver badge

    "...Conti malware deploys through the (ab)use of Cobalt Strike"

    Cobalt Strike. So the target failed a stringent pen test then.

    Perhaps they're relying on the wrong tools for their own testing (supposing they do any).

    I'm increasingly annoyed by the almost universal assumption of "adequate security" that never gets properly tested except by the bad guys.

    You get the security you put sufficient and appropriate effort into.

    1. gr00001000

      Red team tools

      Red team tools have been turned on targets for profit worldwide. No pent-test, just using pen-test tools to breach any target, any company, any system.

  6. Miss Config

    Reg Webcast ?

    Serious question :

    The Reg has a webcast about ransomware on May 26 :

    will everybody who attends this webcast learn how to avoid at least this particular kind of ransomware attack ?

  7. Doctor Syntax Silver badge

    It might be a good move for Health Services (and similar organisations) to instruct the local offices to run an overnight job to print out next days' appointments and explain why. The explanation might at least concentrate minds and the print-out should avoid cancellations for the next day and give the clean-up a day's start.

    Of course going back to something as old-fashioned as paper might offend those who thought it would be a good idea not to have fax, pagers or the like as backup.

    1. Anonymous Coward
      Anonymous Coward

      Most departments are meant to have business continuity plans in place to keep running when this happens. Many do not test it.

      It's typically because senior managers do not mandate it and more importantly SUPPORT testing of it.

    2. Anonymous Coward
      Anonymous Coward

      Hospital visit: the list of appointments is the easy part.

      MD sees patient, compares status with IT based records. Orders tests (x-ray or lab) through same system.

      Lab gets order to their IT system, analyses samples on instruments that are in turn dependent on a computer system (+ middleware, naturally)

      Lab sends result by way of middleware to patient records system.

      Medicines prescribed through IT system.

      Surgery? The blood bank can naturally match blood without the special blood type analysis system and have a pre-printed supply of backup-labels for blood bags. Much more work and potentially less accurate (there are actually well over a hundred blood types...) and thus introduces patient risk. Collect blood from a donor without the computer system to compare records and previous results? I suspect that a specialist will have to individually approve each collection for it to be legal (and would be understandably reluctant to do so).

      Yes, there is paper based backups for all/most of this, but they really do not scale and have problems (please copy hundreds of numbers and test codes down with no errors, comparing each to a list of reference values and making sure to flag any that are outside normal range or differs more than a certain amount from the last such test on that patient).

      A small hospital lab performs on the order of a thousand lab tests per day. Add X-ray, microbiology, ultrasound...

      To be able to operate fully without IT systems would require a total redesign of hospital workflows.

  8. Anonymous Coward
    Anonymous Coward

    I wonder if....

    ...That due to COVID their policy of "1 device, 1 person" to help with remote working they'll be able to point the finger at the ingress point. Apparently users were contacted by text message at 7am saying something along the lines of "Don't switch your laptop on".

  9. dol

    What sort of complete c**t does this to a national health system during a global pandemic. I sincerely hope that one day they are lying on an A&E trolley slowing bleeding out because that hospital has been hit by cyberscum.

    1. Alumoi Silver badge

      Someone like the company that threatened to sue the Italian doctors who 3D printed the ventilator valves during 2020?

    2. gr00001000


      A CRIMINAL!!!!!!!!!!

  10. JanCeuleers


    Something can only be nationalised if it was previously private.

  11. Alan Bourke


    We don't have a nationalised system, in the NHS sense at least. We have a two-tier public\private system where free access to the latter is based on a medical card, obtainable by those with medical or finanical need, or who know a local politician.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like