An independent report on a cyber attack on the Irish health service in May found that the consequences could have been even worse than they were. The ransomware blocked staff in their computer systems and severely disrupted healthcare in the country.
But the report said it would have been worse if the data had been destroyed or the Covid-19 vaccination systems or specific medical devices had been affected.
He added that the attack had a “much bigger” impact than initially expected. The report, from PricewaterhouseCoopers (PWC), commissioned by the director of health, found that the systems remain vulnerable to even more serious attacks in the future. Irish technology systems were “fragile” and many opportunities to identify red signals were missed, cybersecurity experts found.
The attackers demanded payment to restore access to the computer systems and it took four months for the service to fully recover.
On March 18, an Irish Health Service Executive (HSE) opened a spreadsheet that was emailed to him two days earlier. But the file was compromised with malware.
The criminal gang behind the e-mail spent the next two months making their way through the networks. There have been multiple warning signs that they are at work, but no investigation has been launched, and this has meant that a crucial opportunity to intervene has been missed, according to the report.
Then, at 01:00 BST, on Friday, May 14, the criminals unleashed their ransomware. The impact was devastating. Pen and paper More than 80% of the IT infrastructure has been affected, with the loss of key information and diagnoses of the patient, causing serious impacts on the health service and the provision of care.
The HSE employs around 130,000 people to provide health and social care for five million Irish citizens. But all the computer systems were faulty. Doctors, nurses, and other workers have lost access to patient information systems, clinical care, and laboratories. Emails dropped, and staff had to resort to pencil and paper.
Laboratory test data had to be handwritten and entered manually, which meant a higher risk of errors. The medical care of thousands of people has been disrupted. A family doctor received a phone call from a consulting surgeon questioning the location of a patient who was about to undergo surgery when that person had already been operated on, according to the report.