Last Friday, 14th May 2021, the Irish HSE (the Irish Health Service) was hit by a ransomware attack across multiple hospitals and government health agencies.
Prior to this the Department of Health (Ireland, NOT UK) computer network was infected with remote access software (“Cobalt Strike”) and a ransomware encryptor (“Conti”) well established on most hospital systems which worked in advance to remove or destroy viable backups or copies of data.
The initial transmission vector was found to be via the use of Cobalt Strike to work laterally through systems silently over a number of days and that the attack was seemingly targeted on the health service rather than this being an accident.
Obviously the UK DoH is preparing guidance in light of the fact the NHS is likely to become a prime target very soon again, but it may be worthwhile private providers look to shore up their own ransomware detection if they are not doing so already.
HSE Ireland Ransomware Attack HSE_Conti_140521_UPDATE.pdf (379.5 KB)