Ransomware attack disrupts Irish health services

Voiced by Amazon Polly

IT systems shut down and some medical appointments cancelled after attempt to access data

Irish ambulances
The attack has affected national and local systems that provide core services, but not Covid-19 vaccinations or ambulance services. Photograph: Brian Lawless/PA

Rory Carroll Ireland correspondent@rorycarroll72Fri 14 May 2021 12.02 BST

Ireland’s state health services provider has shut all its IT systems and cancelled some medical appointments after what it described as a “significant ransomware attack” overnight caused widespread disruption.

Paul Reid, the Health Service Executive chief executive, told RTÉ there had been a “human-operated” attempt to access data stored on central servers for a presumed ransom. “There has been no ransom demand at this stage. The key thing is to contain the issue. We are in the containment phase.”

Reid said the HSE was working with police, the defence forces and third-party cybersecurity experts to respond to what he termed an “internationally operated criminal operation”. He apologised to patients and the public for the disruption.

The attack has affected national and local systems that provide core services, but not Covid-19 vaccinations or ambulance services.Quick Guide

What is ransomware?


Several hospitals cancelled outpatient visits or urged patients with appointments not to attend. The Rotunda, a Dublin maternity hospital, said it was experiencing a “critical emergency” and cancelled all outpatients visits except for women who were more than 35 weeks pregnant.

The oncology department at Cork university hospital was reportedly paralysed. The child and family agency Tusla said its IT systems, including email, internal systems and the portal through which child protection referrals are made, were not working.

Earlier this week hackers crippled the Colonial petrochemical pipeline that stretches from Texas to New York, causing fuel shortages and states of emergency to be declared in four states. The company reportedly paid a $5m ransom fee. A group of cybercriminals called Darkside claimed responsibility for the attack.

Fergal Malone, the master of the Rotunda, said the hospital discovered unusual activity in its IT systems at about 2am and later detected what appeared to be a ransomware virus. “We use a common system throughout the HSE in terms of registering patients and it seems that must have been the entry point or source,” he told RTÉ. “It means we have had to shut down all our computer systems.”

All patients were safe and the hospital had contingency plans to operate using a paper-based system, he said. “We have systems in place to revert back to old-fashioned record-keeping.” Lifesaving equipment was not affected. “Patients will come in in labour over the weekend and we will be well able to look after them.”