- 5 biggest Linux and open-source stories of 2024: From AI arguments to security close calls
- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- The State of Security in 2024: The Fortra Experts Take a Look
HSE Cyber-Attack Costs Ireland $83m So Far
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).
The figures come from a letter from HSE chief information officer Fran Thompson sent to Aontú leader Peadar Tóibín last Friday.
The missive, viewed by The Irish Times, comes months after the Department of Health suggested in February the attack could end up costing up to €100m ($104m).
Now, Thompson confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) until October of this year.
“Ireland has a very capable national cybersecurity center and a well-oiled CSIRT team that engages the public/private sector,” said Andrew Barratt, vice president at Coalfire.
“If the cost does continue to escalate to €100m, we have to look at that in perspective and its equivalent to everyone in the Republic of Ireland having been defrauded by €20.”
According to The Irish Times, Tóibín said the costs were “enormous,” and asked for the government to complete a comprehensive assessment of the impact caused by the breach.
The cyber-attack, believed to have been conducted by Russia-based state actors, was reportedly caused by a malicious Microsoft Excel file delivered via a phishing email.
According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later.
A total of roughly 100,000 people had their personal data stolen during the cyber-attack.
“Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices,” commented Dave Gerry, chief operating officer at Bugcrowd.
According to the executive, ensuring critical applications, devices and systems are secure should remain the main priority for healthcare security professionals.
“Bad actors understand the critical nature of the systems supporting healthcare organizations and the human impact behind it, leading to an increased likelihood of ransom payments,” Gerry added.
The news comes a couple of months after a study by Obrela Security Industries suggested more than four-fifths of UK healthcare firms suffered a ransomware attack in the last year.