Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Ransomware
Irish Ransomware Attack Recovery Cost Estimate: $600 MillionDirector of HSE, Nation's Healthcare System, Describes the Costs
The recovery costs for the May ransomware attack on Health Service Executive, Ireland's publicly funded healthcare system, is likely to total $600 million, says Paul Reid, HSE's director general.
See Also: OnDemand | Don't Be Held Hostage: Detect and Intercept Pre-Ransomware Activity and Ransom Notes
Reid provided the estimate at a Wednesday hearing of a health committee of the country's legislative body, Oireachtas.
The hearing was held to get updates on the May 14 suspected Conti ransomware attack on Ireland's state-run health services provider, which severely affected its maternity hospitals across the country.
At the hearing, Reid noted the immediate cost of recovery totaled $120 million. But further investments in replacing and upgrading the affected systems, and other expenses, would bring the total cost to an estimated $600 million. He predicted it would take months for HSE to fully recover from the attack.
Among the many expenses was the cost of hiring technical experts, Reid said. “We have also engaged international expertise. There are costs we will incur in the future, and we need to put in place a security operation center to monitor our network on a more comprehensive basis."
The Irish Times reported that at the hearing, lawmakers learned that so far, HSE has decrypted 75% of the affected servers.
The ransomware attack was first spotted on the IT networks of a Dublin maternity hospital. The attack, which has been attributed to Conti ransomware, led to hackers encrypting HSE servers and demanding $19 million in exchange for decryption.
After the hack, HSE temporarily shut down all its IT systems serving healthcare facilities throughout Ireland to prevent the spread of the malware, and this forced clinicians to use paper-based processes. This also caused delays in reporting laboratory results and difficulties making appointments at maternity and oncology departments throughout the country, HSE COO Anne O'Connor told national broadcaster RTE.
MalwareHunterTeam, a security research team that has been tracking the Conti gang's ransomware activities since the May attack, tweeted several redacted images as proof that hackers had accessed communications between HSE employees and patients. BleepingComputer reported that an unnamed researcher had shared a screenshot with the publication showing hackers stole 700GB of personal data of HSE patients, including personal documents, phone numbers, contacts, payroll and bank statements.
Despite threats from the Conti group to leak the hacked stolen data, HSE declined to pay the ransom and passed on information about the threat to Ireland's National Cyber Security Center.
A week after the attack, the Conti gang provided a decryptor, which Irish officials began to test. It remains unclear, however, whether the restoration of HSE servers entailed using the keys provided by the threat actors (see: Ransomware Gang Provides Irish Health System With Decryptor).
Call for United Effort
Efforts to battle ransomware globally have intensified following the HSE attack and high-profile U.S. ransomware attacks against Colonial Pipeline Co. and meat processor JBS.
On Wednesday, the European Commission proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware (see: EU Proposes Joint Cybersecurity Unit).
At the recently concluded G-7 summit, European leaders announced measures to counter ransomware attacks. And at the NATO summit last week, allies agreed that the organization's Article 5 provision - which states that an attack on one member nation is an attack on all - could now be applied to cyberthreats (see: NATO Endorses Cybersecurity Defense Policy).