In May this year, Ireland’s public healthcare IT systems were shut down across the country as a result of a ransomware attack. This led to many hospital visits having to be canceled. Now a new report made by PWC shows that the attack must be due to something as mundane as spam, writes The Register.
On March 16, 2021, an employee clicked and opened a maliciously crafted Microsoft Excel file in an email that could have enabled the attack. According to PWC’s report, the medical staff had already discovered before the attack that someone had intruded on the network without it resulting in a closer security investigation.
Four days before the attack, a hospital asked its cyber security provider if they should be concerned about Cobalt Strike warnings. They then received the answer that because their antivirus program addressed the threat, the risk was low. The hospital then did no further investigation.
Another hospital chose instead to conduct an investigation and reset the password, changed the settings for the firewall and more, and reported the suspected activity to those responsible within the health authority. They must then have misjudged from which hospital the suspicious activity came from.
The conclusion that PWC draws is that there were good opportunities to prevent the ransomware attack.
Also read: Payroll management service in Australia hacked – tens of thousands of personal data leaked
– .
