Ransomware attack leaves Irish radiology reeling after IT shutdown

2021 05 17 16 39 4509 Cybersecurity Visual 400

Radiologists across Ireland are battling hard to deliver services to patients after a ransomware attack led to the closure of many computer systems on Friday. The major disruption looks set to last for several days.

The Health Service Executive (HSE), the government agency responsible for the publicly funded healthcare system in Ireland, announced on 14 May that a "very sophisticated" ransomware attack had occurred and the HSE's IT systems had been shut as a "precautionary" measure.

"This has caused some disruption to our services. Most healthcare appointments will go ahead as planned, but x-ray appointments are severely affected," HSE stated. "Following an initial assessment, we know this is a variant of the Conti virus that our security providers had not seen before. A ransom has been sought and won't be paid in line with state policy."

The HSE said it is working with the National Cyber Security Centre and a range of cybersecurity providers, including McAfee, to rectify this issue.

"We are assessing the impact across all our systems and our focus is on protecting data and stopping the spread of this throughout all HSE systems. We will continue to work through this over the weekend," it said.

No functioning RIS or PACS

Dr. Adrian Brady, a consultant radiologist at Mercy University Hospital in Cork, described the situation at his own facility -- a 330-bed acute general hospital with over 1,000 staff and 19,000 inpatients and day patients, 25,000 outpatients, and 22,000 emergency department patients per year.

Dr. Adrian Brady.Dr. Adrian Brady.

"We can keep the bare minimum emergency service going for a few days, but it's a struggle, and very limited and limiting," he told AuntMinnieEurope.com late on 14 May. "All IT systems are off-network, so we have no functioning RIS or PACS. We can do some imaging, but can only view studies on modality-specific monitors -- e.g., view CTs on the screens in the CT scanning room. We can't disseminate studies, or issue formal reports."

Verbal and temporary reports only can be handled, and radiologists can only do studies up to the capacity of each modality's internal hard drive to store. No archiving is available, added Brady, who is first vice president of the European Society of Radiology.

He provided an update on the morning of 17 May.

"We're implementing a workaround for the moment, with dictation of reports for urgent cases onto a web-based system, which will be available within the hospital. However, this is very limited, reporting off modality monitors (e.g., viewing CT on monitors in the CT control room), with no access to old images or old reports, and requiring paper requests," Brady noted.

"Hopefully in a few days, as our systems are rebuilt from the ground up, we may be able to get back to normal. We can only accommodate a very limited amount of work with this temporary solution," he added.

'HUGE' impact in Dublin

The impact on radiology services has been "in a word, HUGE," Dr. Leo Lawler, consultant diagnostic and interventional radiologist and clinical director of radiology at the Mater Hospital in Dublin, told AuntMinnieEurope.com.

Dr. Leo Lawler.Dr. Leo Lawler.

"All normal workflow ceased. We are limited to looking at imaging on the scanners. We are figuring out various workarounds to issue and communicate reports using various apps and inhouse IT that is not connected to the internet," he said. "I did an emergency bleed case in interventional memorizing the angiographic images from the CT as I could not see the images while doing the case."

"Virtually all our IT systems that had any connection to the internet were shut down including our national PACS and other systems as well as email," Lawler added. "We have figured out business continuity, but it is slow, imprecise, and lacking correlation and comparison with other studies."

He said he is not hopeful that the situation will be resolved this week.

"We understand there are regular and constant threats, but to my knowledge, nothing like this has happened before. Our hospital, like others, was not specifically attacked but was shut down as part of the response," Lawler noted, adding that radiology really needs an in-house system of image and report communication that can be isolated from the internet and cloud and data centers.

Need for uniform response

Dr. Peter Kavanagh, dean of the Faculty of Radiologists at the Royal College of Surgeons (RCSI) in Ireland, wrote to all its members on the evening of 14 May about the impact that the cyberattack was having on service delivery. He said he wanted to ensure that radiology's response was standardized as far as possible.

"As a result of the cyberattack on HSE IT systems, radiology service delivery is significantly affected," Kavanagh wrote. "The National Integrated Medical Imaging System (NIMIS) platform is entirely nonoperational for the moment; non-NIMIS Agfa platforms are also down. All imaging modalities are operational in terms of image capture; this means that examinations can be viewed directly from the console monitor, from accessory consoles connected with the main console, or from slave monitors connected with the main console. This mandates on-site presence for the radiologist."

Dr. Peter Kavanagh. Image courtesy of the Faculty of Radiologists.Dr. Peter Kavanagh. Image courtesy of the Faculty of Radiologists.

All examinations completed can be stored on the computer of the scanners, he continued. Storage space will vary from three to four days' worth of normal activity volumes in CT to two to three weeks' worth of normal activity volumes in most other modalities. Equipment vendors have been asked for methods to increase temporary storage capacity.

Receiving requests for radiology examinations can be done verbally and/or by handwritten requests, and this can be decided locally and may vary by modality, according to Kavanagh.

"Obviously, the feasibility of redictating reports will depend on the volume of examinations performed during the current outage -- a very large volume will preclude later dictation and the scanned report will then have to be used as the finalized report on NIMIS; with a smaller volume, redictation will be more feasible. Advice on how to handle the backlog of reports once we're in the recovery phase will be issued by HSE at a later stage," he wrote.

To facilitate local communication, he suggested using WhatsApp, SMS texting groups, silo for intercommunication within radiology departments, and to create other groups which include referring clinicians.

"Because examinations can only be read from consoles and console-connected monitors on-site, there is a very significant additional burden for the on-call radiologist. Consider splitting weekend coverage or other forms of flexibility to give colleagues who are bearing the brunt of this some respite," Kavanagh noted, adding that for clinical pathways involving interhospital transfer of patients, relevant radiology examinations can be copied to CDs and transported by courier/taxi.

The recovery phase will present a number of challenges, including the migration of studies to NIMIS/non-NIMIS PACS and the management of reports, he conceded.

The situation is rapidly evolving, Kavanagh wrote, and it is not known when radiology systems will be back up and running. An optimistic estimate is early next week.

"Many of you will already have developed local solutions -- by all means feel free to continue to use them if, in your opinion, they represent the 'best fit' solution for what you are encountering. There is no obligation to replace them with any suggestions made in this message," he stated.

The HSE posted a new update on the cyberattack on the afternoon of 17 May.

Page 1 of 1247
Next Page