Ireland's health service hit by MOVEit cyber attack

By Jo Makosinski | Published: 16-Jun-2023

Details of 20 people involved in recruitment processes believed to have been stolen

The Health Service Executive (HSE) in Ireland has been impacted by a fresh cyber attack.

The organisation has become the latest victim of the MOVEit supply chain cyber attack launched against document transfer service, MOVEit.

The attack was launched by ransomware gang Clop, who were able to infiltrate MOVEit by exploiting a zero-day vulnerability that allowed the group to hack into the company networks and steal data.

In a statement the HSE said it is likely that information relating to no more than 20 individuals involved in recruitment processes was accessed.

The data includes names, addresses, mobile numbers, places on the panel, and more general information on the posts being recruited.

In a statement the HSE said: “We became aware on Thursday, 8 June that an external partner (EY) working with us on a project to automate part of our recruitment process was alerted to a cyber attack on the technology product, MoveIT, which they were using to support this work. 

“This attack was criminal in nature and international in scale.

 “HSE teams together with EY have worked closely over the last number of hours to determine the impact on HSE data. 

“The HSE is in contact with relevant authorities and is informing the Data Protection Commission. 

“Contact will be made shortly with those individuals whose data was accessed.”

HSE chief executive, Bernard Gloster, added: “Any breach is regrettable, but unfortunately a feature of international criminal activity in recent years. 

“A number of significant facts are important here, including no patient data was involved; the attack was not in the HSE ICT environment; there is no evidence as of yet of this data appearing on the dark web which is being monitored by EY; and the exposure for the HSE appears to be quite small. 

NHS organisations should follow the remediation steps laid out by NHS Digital, and moving forward they should evaluate their entire technology stack to identify and plug any potential security gaps

“We are actively keeping the matter under review.”

The attack comes a year after thousands of patients and staff were told their personal information had been stolen and copied during a ransomware attack which resulted in the HSE having to close down its IT services, causing widespread delays and the cancellation of appointments at hospitals across the country.

Commenting on the news, Adam Low, chief technology officer at software company, Zivver, said: “We witnessed the repercussions of the MoveIT zero day vulnerability unfold in a matter of days, and it demonstrated how quickly a security hole can turn into an attack in the wild.

“The subsequent ransomware campaign impacted broadcasters, airlines, and major retailers and now we are seeing the first exploits in the healthcare sector following the HSE disclosure.

“We need to be extra vigilant about the risk of attacks in the public sector given the nature of the threat group involved, how widely used the file transfer software is, and the early warning from NHS Digital. 

“Now is the time to shore up defences across all entry points along the supply chain.

“NHS organisations should follow the remediation steps laid out by NHS Digital, and moving forward they should evaluate their entire technology stack to identify and plug any potential security gaps.”

Trending Articles

You may also like