Irish government says it will not pay ransom over 'significant' cyberattack on health system

Ireland’s health service shut down its IT systems Friday to protect them from a "significant" ransomware attack the government said was carried out by an international cybercrime gang.

The country's health service, called Health Service Executive (HSE), posted on Twitter Friday morning that it shut down its IT systems following the attack in order to assess the situation with its security partners.

Appointments and elective surgeries were canceled at several hospitals and Deputy Prime Minister Leo Varadkar said the disruption could last for days, the Associated Press reported Friday.

“There’s lots we don’t know but it appears to be a ransomware attack by international criminals. The problem could run through the weekend and into next week, unfortunately," Varadkar said according to the AP report.

The health service, which operates 48 hospitals throughout Ireland, said appointments for COVID-19 vaccinations were not affected. Varadkar said emergency services, ambulance services, GP systems and pharmacy systems also were unaffected but said there would be “major problems” for radiology services, radiation oncology, elective surgeries and obstetrics and gynecology appointments.

RELATED: 2020 offered a 'perfect storm' for cybercriminals with ransomware attacks costing the industry $21B

Cancellations in parts of the country included radiotherapy appointments, cardiac checks, X-rays, CT scans and the processing of non-emergency blood tests as some hospitals were hit harder than others.

RTE, Ireland's national television and radio broadcaster, reported Friday that Micheál Martin, the country’s Taoiseach (prime minister), said Ireland will not be paying any ransom to the cybercriminals who perpetrated the attack.

The health system said "a ransom has been sought and will not be paid in line with state policy."

The Minister of State for eGovernment Ossian Smyth said the cyberattack on HSE computer systems was "possibly the most significant cybercrime attack on the Irish State," RTE reported.

Following an initial assessment, the HSE determined that the ransomware "is a variant of the Conti virus that security providers had not seen before."

The HSE is working with the National Cyber Security Centre (NCSC) and other cybersecurity providers to restore its IT systems. The NCSC said the health system became aware of a significant ransomware attack on some of its systems overnight into Friday and the NCSC was informed of the issue and immediately activated its crisis response plan.

RELATED: Scripps Health says malware took down its computer networks as state regulators monitor the situation

The Irish health service expects to spend tens of millions of euros rebuilding its IT systems as a result of the cyberattack.

"What we have to do here is a very significant rebuild. This will be in the tens of millions in terms of impact on our systems, there's no doubt about it," HSE Chief Executive Paul Reid told national broadcaster RTE, Yahoo reported Monday.

Smyth, the e-government official, said he is not aware of any loss of data as a result of the cyberattack on the HSE's IT system and that HSE backup servers, which store backup data, have not been affected.

In the U.S., San Diego-based Scripps Health, which operates five hospitals in the region, has been offline for two weeks following a cyberattack on May 1 that has significantly disrupted care and forced medical personnel to use paper records.

Healthcare organizations have been plagued by an uptick in cyberattacks in the past year as cybercriminals take advantage of the COVID-19 pandemic and disrupt operations at hospitals across the country.