HomeUpdateThis US health service was hit by a ransomware attack that exposed...

This US health service was hit by a ransomware attack that exposed sensitive data

-

Last Updated on 05/02/2022 by Nidhi Khandelwal

The US Department of Health and Human Services (HHS) released a danger brief on Thursday that paints a bleak image of how Ireland’s health agency, the HSE, was overwhelmed and had 80 percent of its systems encrypted last year during the Conti ransomware attack.

This US health service was hit by a ransomware attack that exposed sensitive data 1

After roughly 700 GB of data (including protected health information) was stolen from the HSE’s network and sent to attackers’ servers, this caused severe disruptions in healthcare services across Ireland and exposed the information of thousands of Irish people who received COVID-19 vaccines prior to the attack.

The impact of this attack on the HSE’s IT infrastructure was principally caused by a PwC independent post-event review [PDF] commissioned by the Board of the HSE in June 2021.

“At the time of the event, the HSE lacked a single accountable owner for cybersecurity at the senior executive or management level. There was no specialized committee in charge of cybersecurity and the activities needed to mitigate the HSE’s cyber risk exposure “According to the HHS Cybersecurity Program.

To top it off, the HSE has no security monitoring systems in place to assist in the investigation and response to security risks found throughout its IT environment.

This US health service was hit by a ransomware attack that exposed sensitive data 2

This resulted in a lack of response to Conti operators’ criminal conduct, which was far from subtle, as endpoint antivirus solutions detected Cobalt Strike beacons planted on several HSE servers beginning May 7, 2021, and the notifications were disregarded.

Fortunately, the Conti ransomware group provided the HSE with a free decryptor to recover computers, along with a warning that if the HSE did not pay a $20 million ransom, the attackers would sell or publish the stolen material.

“We will provide you with a free decryption tool for your network. However, you should be aware that if you do not communicate with us and try to settle the situation, we will sell or disclose a large amount of private data “On the negotiation chat page, the Conti ransomware group stated.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...