[ad_1]
Ireland’s health care system was effectively shut down on Friday, and experts suggest Europe had it coming.
The cyberattack affected most of the country’s health services, including coronavirus testing, maternal care services, cancer care, COVID-19 tracking and routine referrals for secondary care. One government minister called it the “most significant cybercrime on the Irish state,” according to the Irish Times.
The attack follows similar attacks on health care services elsewhere in Europe, including the U.K., Finland and France, and comes the same week as an attack on an oil pipeline in the U.S. that prompted widespread gas shortages across the country.
But cybersecurity experts said the worst is yet to come for Europe’s critical services.
“It’s getting worse, and it’s getting worse quicker,” said Mikko Hyppönen, the chief research officer at F-Secure, a Finnish cybersecurity company. While it is unclear what specific vulnerabilities were exploited in Ireland’s case, Hyppönen said health care systems are particularly vulnerable to such attacks.
“The root cause of the biggest outages of medical systems are the use of legacy systems. There is generally a lack of budget to replace old machines by new ones. The old ones are too slow to run new operating systems, so they keep on running old versions,” he added.
Cyberattacks on health care systems have risen significantly since the pandemic began last year. One trend is criminals taking over servers, stealing personal data, and then charging money to allow officials to get back in and threatening to sell the data online — a kind of attack known as ransomware. Group-IB, a cybersecurity firm, said ransomware attacks grew by 150 percent in 2020.
In October, a hacker blackmailed tens of thousands of Finnish patients after their therapy notes were stolen from a counselling center. In France, two hospital groups were hit the same week in February. A Russian criminal gang was suspected when dozens of U.S. hospitals were attacked last year.
“The attack on the Irish health system is yet another indication of how ransomware operators are always on the move – improving, automating and becoming more effective at targeting larger and larger organisations,” says Paul Donegan, country manager for Ireland for cybersecurity company Palo Alto Networks.
There appear to be few easy fixes. An overhaul of cyber networks is expensive and it takes time.
Lukasz Olejnik, an independent cybersecurity researcher and consultant, said: “Investigation and precautionary measures may be disruptive.”
“Even if the direct impact of the infection turns out to be minimal, systems are disrupted nonetheless,” he added.
But an overhaul is exactly what the EU is trying to mandate. The European Commission in December proposed an update of its cybersecurity rules, known as the Network and Information Security directive, that would require many industries, including health care, to beef up their cyber defences or face millions in fines.
But the bill is months, if not years, away from getting finalized, even as attacks themselves become increasingly sophisticated and more audacious.
Hyppönen, at F-Secure, said it will take more attacks like the Irish one for people to respond to the threat.
“The biggest difference comes when companies and organizations see what happens with their own eyes. We need disasters to happen around us for organisations to make a real change,” he said.
Leonie Cater and Vincent Manancourt contributed reporting.
Want more analysis from POLITICO? POLITICO Pro is our premium intelligence service for professionals. From financial services to trade, technology, cybersecurity and more, Pro delivers real time intelligence, deep insight and breaking scoops you need to keep one step ahead. Email [email protected]co.eu to request a complimentary trial.
[ad_2]
Source link
