HSE declares "major incident" after global cyber attack

The UK, Russia, Spain and Portugal were among those hit

HSE declares "major incident" after global cyber attack

A map compiled by British company Malware Tech displays the geographical distribution of the WannaCry ransomware cyber-attack as seen on a computer screen | Image: Alex Milan Tracy/SIPA USA/PA Images

The Health Service Executive (HSE) says it has declared a precautionary "major incident" after a global cyber attack on almost 100 countries.

It is believed to be the biggest attack of its kind ever recorded.

The Government says there are no reports of any Irish companies caught up in the attack.

But Britain's National Health Service (NHS) says it is bracing for a weekend of chaos after the cyber attack forced hospitals to close wards, turn away patients and delay treatments across the country.

At least 30 health service organisations in England and Scotland were affected by the hack attack, while others shut down servers as a precautionary measure to avoid contagion.

While in a statement, the HSE says: "In light of the cyber-attacks today on the information technology systems in both NHS and NHS Scotland, the HSE's Leadership convened a special meeting this evening in order to consider the situation.

"On foot of that meeting it was decided that, as a protective measure, the HSE's Office of the Chief Information Officer (CIO) would remove all external access to the HSE's Network to protect the integrity of clinical IT systems throughout our Health System.

"A precautionary "major incident" has been raised and the HSE will treat this as a "major incident" during this time and until further information is known."

The HSE says it will continue to monitor the situation closely, and stay in touch with both NHS England and NHS Scotland to gather intelligence and offer assistance if necessary.

Communications Minister Denis Naughten says it is an unprecedented attack.

"We're working quite closely with our European counterparts and An Garda Síochána.

"I've spoken already with An Tánaiste and with the Minister for Health as well.

"What's happening at the moment this is right across the globe - we haven't seen anything of this scale before".

Global attack

Russia appeared to be the hardest hit nation, with its interior and emergencies ministries and biggest bank, Sberbank, saying they were targeted.

The interior ministry said on its website around 1,000 computers had been infected but it had localised the virus.

Spain, Ukraine and India were also severely affected, according to researchers from the Kaspersky Lab.

By the group's count, the malware struck at least 74 countries. However, researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, also citing Taiwan among the top targets.

Spain's Telefonica, a global broadband and telecommunications company, was among the companies hit.

Portugal Telecom and Telefonica Argentina both said they were also targeted.

International shipper FedEx Corp said some of its Windows computers were also infected.

"We are implementing remediation steps as quickly as possible," it said in a statement.

The attack is a ransomeware or cryptolocker type event, a relatively common low level form of cyber attack usually aimed at extorting relatively small sums of money.

The Department of Communications say this event is of "a very large scale" with several thousand victims globally.

Ransomeware or 'cryptoware' is the term applied to a type of malicious software (or malware) that infects a computer, and encrypts the hard drive, rendering the information on it unreadable.

The malware then instructs the victim to pay a sum of money to an account, at which point a code will be issued which decrypts the hard drive.

"These attacks have become a substantial nuisance, affecting users of all types, domestic, commercial and Government, all over the world", the department adds.

The malware seems to be targeting a vulnerability that was identified previously, in software used to run Microsoft Windows SMB Server.

The National Cyber Security Centre (NCSC) is monitoring the situation and cooperating with the HSE and with the Garda Cyber Crime Bureau.

The NCSC has also been in contact with similar bodies in other EU countries, including the UK.

Additional reporting: IRN