- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Massive Ransomware Attack Could Cost Irish Health Exec €100m
A major ransomware attack on the Irish health service last year could end up costing as much as €100m ($112m), according to a new report.
The Department of Health revealed the figure in response to a parliamentary question tabled by Peadar Tóibín, leader of the Aontú party, according to RTE.
Interim CIO for the Health Service Executive (HSE), Fran Thompson, revealed that around €12.7m has already been spent on IT infrastructure, €5.5m on cyber and strategic partner support, €15.3m on vendor support for applications and €8.4m on Microsoft 365.
That amounts to nearly €42m ($47m) so far, but the costs are expected to go much higher.
“The HSE forecasts that the overall cost could be in the region of €100m and further to this, the implementation of the recommendations of the PwC report into Conti will require a separate investment case which is being commissioned by the HSE,” the statement reportedly continued.
Ireland’s HSE, which is similar in some respects to the UK’s publicly funded National Health Service (NHS), provides health and social care services to everyone in the country.
However, it was struck by a major ransomware attack in early 2021. Although the Conti group initially demanded a $20m ransom, it later backed down after a public outcry and provided the decryption key for free.
However, the impact was still severe, taking the executive months to restore and decrypt all of its systems.
The PwC report highlighted numerous security failings at the HSE, such as AV software set only to “monitor” mode so it did not block malicious commands. Initial access was achieved in March, so the threat actors were effectively able to achieve persistence for eight weeks before they deployed the ransomware payload.
The mooted costs of the attack bring it close to the financial impact of WannaCry on the NHS. A report concluded the UK’s health service had paid £92m ($123m), mainly in IT overtime (£72m). Lost output accounted for the rest of the costs (£19m).