Irish Health Service offers compensation for 2021 Conti ransomware attack

Victims of the 2021 ransomware attack on Ireland's Health Service Executive (HSE) are set to receive compensation. The attack, carried out by the Russia-linked Conti ransomware group, exposed sensitive patient data and crippled the nation's health IT infrastructure for weeks, as reported by Graham Cluley for Bitdefender.

The Conti attack began when a user downloaded a malicious Microsoft Excel file exploiting unpatched vulnerabilities and outdated antivirus software. This led to the shutdown of the HSE's entire IT system, forcing hospitals to revert to manual record-keeping and causing widespread appointment cancellations. Sensitive patient information was exfiltrated and threatened with publication by Conti, which demanded a $19,999,000 ransom. A subsequent PwC report highlighted the HSE's inadequate security posture, including unpatched computers and a fragile IT infrastructure. The HSE is now offering €750 to each of the over 90,000 individuals whose data was compromised, plus an additional €650 for legal costs.

This offer represents a significant development, marking the first acknowledgment by the HSE of its responsibility to compensate victims. While the HSE claims no evidence of data misuse has been found, the potential total payout could exceed €100 million, underscoring the substantial financial and reputational costs of major cyberattacks on critical infrastructure.

Source: Graham Cluley, Bitdefender