Last Updated on 05/02/2022 by Nidhi Khandelwal
The US Department of Health and Human Services (HHS) released a danger brief on Thursday that paints a bleak image of how Ireland’s health agency, the HSE, was overwhelmed and had 80 percent of its systems encrypted last year during the Conti ransomware attack.
After roughly 700 GB of data (including protected health information) was stolen from the HSE’s network and sent to attackers’ servers, this caused severe disruptions in healthcare services across Ireland and exposed the information of thousands of Irish people who received COVID-19 vaccines prior to the attack.
The impact of this attack on the HSE’s IT infrastructure was principally caused by a PwC independent post-event review [PDF] commissioned by the Board of the HSE in June 2021.
“At the time of the event, the HSE lacked a single accountable owner for cybersecurity at the senior executive or management level. There was no specialized committee in charge of cybersecurity and the activities needed to mitigate the HSE’s cyber risk exposure “According to the HHS Cybersecurity Program.
To top it off, the HSE has no security monitoring systems in place to assist in the investigation and response to security risks found throughout its IT environment.
This resulted in a lack of response to Conti operators’ criminal conduct, which was far from subtle, as endpoint antivirus solutions detected Cobalt Strike beacons planted on several HSE servers beginning May 7, 2021, and the notifications were disregarded.
Fortunately, the Conti ransomware group provided the HSE with a free decryptor to recover computers, along with a warning that if the HSE did not pay a $20 million ransom, the attackers would sell or publish the stolen material.
“We will provide you with a free decryption tool for your network. However, you should be aware that if you do not communicate with us and try to settle the situation, we will sell or disclose a large amount of private data “On the negotiation chat page, the Conti ransomware group stated.