The Conti Ransomware Attack on Healthcare in Ireland: Exploring the

impacts of a Cybersecurity Breach from a Nursing Perspective

cjni.net/journal/

by Margaret Moran Stritch RGN, BSN

Michael Winterburn MSc, BSc, NCFM

& Frank Houghton PhD, MPHe, MA, MSc, MA, BA(Hons)

Corresponding author: Frank.Houghton@LIT.ie

Citation: Moran Stritch, M., Winterburn, M., & Houghton, F. (2021). The Conti Ransomware Attack on Healthcare
in Ireland: Exploring the impacts of a Cybersecurity Breach from a Nursing Perspective. Canadian Journal of
Nursing Informatics, 16(3-4). https://cjni.net/journal/?p=9383

Abstract
Ireland’s state health service, the HSE, was recently the subject of an aggressive ransomware cyber attack
which paralysed almost the entire state healthcare sector. This article explores the probable ‘Playbook’ of the
attack and examines the practical impact of the attack on patient safety and nursing roles and procedures. The
Conti Ransomware Attack, as it is known, is just one of the latest in an increasing number of attacks on health
systems globally. The wider implications of this attack are briefly discussed, as well as actions to prevent and
respond to such attacks in the future.

Introduction
On the 14th of May 2021 the state healthcare service in Ireland, the Health Services Executive (HSE), was
crippled by the ‘Conti’ ransomware attack. Unlike the recent Continental Pipeline ransomware attack (Shear et
al., 2021), Ireland refused to pay the US$20 million ransom and a month later many of its systems are still not
operational. The CEO of the HSE has discussed the “catastrophic” impact of the attack in media, and it is
estimated that repairing and upgrading the Irish health system’s IT infrastructure will cost at least €100 million
(Cullen, 2021).

The need for nursing to fundamentally reframe its relationship with digital technology has been recently noted by
a number of authors (Catton & Iro, 2021; Booth et al., 2021). At the same time Nahm et al. (2019) have
discussed the lack of a focus on cybersecurity in nursing informatics and they, and other authors, have warned of

1/10
the dangers in this expanding field (Stockwell, 2018; Billingsley and McKee, 2016). The lack of a focus on
cybersecurity and ransomware in particular in the health services generally is surprising. The history of
ransomware is intimately linked to healthcare. The first recorded case of this phenomenon was the 1989 AIDS
Trojan (also known as PC Cyborg) in which Dr J.L. Popp, an evolutionary biologist, sent 20,000 infected diskettes
labelled “AIDS Information – Introductory Diskettes” to those attending a WHO conference on AIDS. After 90
reboots the Trojan software activated to hide directories and encrypt file names. To regain access a fee of $189
had to be paid to PC Cyborg Corp at a post office box in Panama (Waddell, 2016).

Historically individuals were frequently the targets of ransomware attacks. However, more recently hospitals and
health systems are increasingly the subject of such attacks (Millard, 2017; Argaw et al, 2020). Perhaps one of the
most well-known examples of a ransomware attack was an assault on Hollywood Presbyterian Medical Center in
Los Angeles, California in 2016 (Yandron, 2016). The Medical Center paid US$17,000 in bitcoin to obtain a
decryption key to regain access to their files. Although the amount in question is relatively insignificant, the
impact of reputational damage, ten days of lost service, and a significant IT infrastructure upgrade were
significant and cost a factor many times that of the ransom fee (Tully et al., 2020). The following year a global
ransomware attack, WannaCry, reputedly infected over 200,000 systems in over 150 countries. This attack
directly impacted over 50 hospitals in the UK’s National Health Service (NHS), with many more hospitals closing
their systems as a precautionary measure.

Other high profile cyberattacks include the 2015 theft of 80 million records from Anthem, a US health insurance
company (Abelson & Goldstein, 2016), as well as an attack in 2016 in which 1.28 million records from the
Australian Red Cross Blood Service were stolen and then posted on line. The information released included
highly sensitive data, including information on at-risk sexual behaviour (Coyne, 2016). More recent attacks
include the 2020 attack on Brno University Hospital in Czechia (Porter, 2020), and an attempted attack in the
same year by the PentaGuard group against hospitals in Romania (ZDNet, 2020). Further technical details on
the Conti attack on Ireland’s HSE are detailed in Table 1.

Table 1: Conti Ransomware Technical Details

2/10
 Whilst many details of the recent HSE cyber-attack (14/05/21) are not available yet, it is being called the Conti
Ransomware attack. Conti Ransomware has had a number of Common Vulnerabilities and Exposures (CVE)
identified. It is thought that CONTI which first appeared in December 2019 is based on older malware called
RYUK (dates back to August 2017) and adds to that attack the exfiltration of the victims files from the local
network to be possibly published on the dark web to further extort and embarrass the victim.

Hospital and other healthcare facilities are being targeted by RYUK and CONTI ransomware which is
attributed to the CryptoTech cyber-crime group (author) and may be considered Ransomware as a Service
(Raas) which other organisations e.g. Wizard Spider (distributor) use to launch cyber-attacks on victims e.g.
the HSE. The victim is intended to pay a ransom in Bitcoins that is then shared between the author and
distributor. Both organisations are said to be located in Russia or the Ukraine (Meland et al., 2020; Computer
Fraud & Security, 2020; Shankar, 2021; Heller, 2021).

The attack on the HSE likely took a number of steps which either began with an Internet facing application e.g.
a phishing email which contained an attached document or link to a cloud hosted document or a compromised
USB flash drive being inserted into a computer on the network. As the victim clicks on a file or link a Trojan
malware called Trickbot is executed. This connects the victim’s computer to a Command and Control server
(C&C) of the attacker that manages a number of compromised computers in a ‘BotNet’. Another possible
attack vector exploits a vulnerability in unpatched FortiGate firewalls.

The Trickbot malware may access user passwords including the domain administrator account (if used by that
specific user), banking info and cookies on the victim’s computer. The malware will send out beacon messages
occasionally to the C&C server to let it know it is still active. These communications may be embedded in
legitimate DNS traffic so are not identified by monitoring software or firewalls as being security events. The
victim’s computer has become a Zombie on the Botnet and may be used to send out new Phishing emails
using the victim’s address book. The Trickbot malware may install other malware such as Cobalt Strike,
Zerlogin or Mimikatz which then begin to move ‘laterally’ throughout the victim’s network using the
compromised domain administrator account at which point the RYUK/CONTI ransomware is download and
installed.

CONTI will seek out user files used whether on the local computer, servers, network shares or even cloud
based storage and encrypt them (256 AES encryption). It will amend the files with the .CONTI extension. It will
also seek to compromise the domain controller server and other key services in the network using
administrator accounts. CONTI may send user’s files to the attacker’s servers on the Internet to be published
on the dark web or used to place further pressure on the victim to pay the ransom.

Lastly a CONTI_README.txt ransom note will be left on the desktop giving the victim instructions on how to
proceed to decrypt their encrypted files.
(FortiGuard SE Team, 2019; Martin et al., 2017; Mitre, 2021)

It is important for all health service staff to understand that evidence suggests that since the beginning of the
global COVID-19 pandemic cybercrime attacks on health services have increased (He et al;., 2020; Williams et
al., 2020). There are a number of factors that have increased the vulnerabilities of health services to such
attacks. These include stressed and over-worked healthcare staff, as well as a rapid transfer to online offsite
provision of many services (Williams et al., 2020).

It must also be acknowledged that the healthcare industry is unusually susceptible to cybercrime and
cyberattacks (Argaw et al., 2019; Luna et al., 2016; Kruse et al., 2017; She et al., 2020). Undoubtedly, part of the
reason is lack of funding for both IT resources and IT security experts. As Millard (2017) notes the WannaCry
attack which impacted the UK’s NHS so badly was in part enabled by the UK Government’s ‘decision to forgo a
£5.5 million ($7 million) annual security-support arrangement with Microsoft’. Millard goes on to state that such a
would-be saving ‘proved to be a painfully counterproductive exercise in short-term austerity’ (Millard 2017, p. 19).
Spending on IT systems or personnel in healthcare is low compared with other sectors of the economy. It is
generally estimated to be only a quarter of that of other sectors and pay for healthcare IT personnel similarly
struggles to match the going rate for talented staff. Many IT systems in healthcare are both out of date and
unsupported. However, it should be noted that cost is only one of many limiting factors. Upgrading hospital IT
systems has also been noted to be particularly challenging because such settings are ‘extraordinarily technology-
saturated, complex organizations with high end point complexity, internal politics, and regulatory pressures’
(Jalali & Kaiser, 2018, p. e1).

3/10
The caring culture within the health services has itself been noted as an issue in combating cybercrime. The
primary orientation of the health services is focused on patient care and information sharing. Thus the focus on
cybersecurity is often second to such concerns. The complex nature of governance in healthcare has also been
noted as an important impediment to improved cybersecurity in healthcare. In many jurisdictions healthcare is
administered by networks of providers and clear leadership and standards on this crucial issue are often absent.

The wider implications of the Conti cyberattack in Ireland are extremely significant. Most obvious is the effective
closure of many services. However, patient safety has also been compromised. Table 2 contains a series of
vignettes exploring the impact of the Conti ransomware attack based on the lead author’s experiences of working
as a theatre nurse in a busy regional HSE hospital. Almost all computer systems in the HSE were impacted. This
ranged from staff emails, to imaging and lab test results to blood bank electronic monitoring and ordering.

It is important to remember that this system wide disruption happened hard on the heels of major disruption to
services for approximately a year resulting from the COVID-19 pandemic. Both factors have significantly
impacted a service that has been struggling for decades with extended waiting lists, and overcrowded Accident &
Emergency services, with patients being treated on trolleys in hospital corridors a standard feature (Tussing &
Wren, 2006).

Table 2: Vignettes & Reflection from a Nursing Perspective

4/10
The following are five brief vignettes detailing some examples of how the Conti ransomware attack impacted
nursing followed by a short reflection:

1. Lab Results (including pregnancy tests, bloodwork, COVID swab results)

The cyberattack meant diminished access to lab results all over the hospital. For example, lab results to
access COVID swab tests were not available on the computer, so we had to phone the onsite hospital lab
directly and ask to confirm a patient ‘s COVID status using patient numbers and names. This was a particular
issue for non-emergency surgical patients because if we cannot confirm COVID status the patient is treated as
a suspected COVID-positive case which requires an enhanced safety and sanitisation protocol, delaying
surgeries and increasing the amount of time needed for each procedure.

2. Emergency surgery patients (i.e. trauma, ruptured abdominal aortic aneurysm, etc.)

There was no time to do any COVID testing or to check results manually as they required an immediate
surgical intervention. Therefore we had to treat all emergency surgeries as if they were COVID positive
which means we needed extra PPE, extra time to clear theatres pre-op and do a thorough cleaning post-op.
In these cases imaging services such as X-rays, MRI results etc. were limited or completely unavailable
creating more uncertainty and risk diagnostically.

3. Imaging

The cyberattack had a very negative impact on patient care in particular for patients who were undergoing
either or endovascular surgery. In these surgeries the ability to screen where there are blood vessels,
blockages etc. is a necessity but was limited, or could not be conducted.

4. Handwriting of assessments and labels

The operating theatre uses a system of addressographs/patient identification wristbands which would have the
patient’s details (name, ID, date of birth). These would normally be printed from a computer on admission.
Due to the cyberattack, staff had to change to manual transcription of the information. We had to rely on
previously printed sheets in their charts to try to ensure correct patient identification. This impacts patient
safety as fluids and general wear and tear on the wristband meant that at times they were unreadable. Nurses
were therefore depending on the patient to be able to verify their information which some could not do due to
cognitive issues, communication difficulties or shock. Also, in ensuring correct patient identification, nurses
had to rely on their own ability to read other healthcare professionals’ handwriting.

5. Blood transfusions

The HSE use a computerised blood track system called “Blood Track TX” which involves the use of a PDA
(Personal Digital Assistant) handheld scanner. This completely electronic system has been in use for several
years. It allows blood samples to be collected and labelled appropriately as well as blood products to be
checked and transfused safely and efficiently by a single registered nurse. The system is in use in all hospital
departments including operating theatres. In the years before the introduction of Blood Track TX, blood
products were checked by two registered nurses and signed for manually by both nurses. The patient’s vital
signs throughout the transfusion were also recorded manually in writing. The PDA system eliminates this
somewhat cumbersome process by avoiding the need for two professionals to check the products and the
extra work of manually documenting vital signs. The electronic system is speedy and efficient and would be
the only familiar approach especially for newer graduates.

From my experience, prior to the recent cyberattack, I have only used the manual system once in my third year
student clinical placement. I was instructed to use it at the time by my preceptor because she felt it would be
beneficial for me to “see the old-fashioned way” of blood product transfusions. Unfortunately the recent
cyberattack in Ireland has meant that we need to return to the “old-fashioned” manual way which means we
need to spend more time training newer staff members in this approach and it is much more time-consuming
as a result. Even though technology is constantly updating the nursing profession, in a way the cyberattack
has reminded us that there are traditional nursing protocols and skills that we should be aware of and
proficient in.

Reflection

If anything, the cyberattack has united staff of all ages, as we are all under the same pressure. It served as a
reminder of how healthcare has progressed through technology and made our jobs easier. I appreciate it more

5/10
 now but realise I cannot become complacent. It’s been interesting to see how nurses who were trained before
me and are further along in their careers are the ones who are the most expert in the “old school” approaches
and are doing a lot more instruction as a result.

The potential adverse health impacts caused by the threatened or actual release of sensitive health data stolen
in the cyberattack are significant. There can be no doubt that the personal and professional lives of many
individuals will be negatively impacted into the future, whether it be as a result of stress, blackmail, extortion,
identity theft, fraud, or public censure from the publication of stolen data.

Wider implications of the cyberattack also include a loss of public confidence in both the HSE and health
information systems generally. The deliberate online publication of 520 sensitive health records has already been
confirmed by the HSE (Gallagher, 2021). The anguish caused to these and other patients into the future is
significant. Patients and potential patients into the future may be less willing to seek treatment and support,
particularly around more stigmatised issues such as sexually transmitted infections, mental health services and
intimate partner violence. Such concerns may also impact uptake of reproductive health and termination
services.

Cybersecurity is absolutely integral to patient safety (Coventry and Branley, 2018). Patient safety is also
undoubtedly compromised following such attacks as easy access to information on comorbidities, allergies, and
existing prescriptions is also routinely lost. However, it is important to remember that heath service providers that
are the victims of such cyberattacks may themselves consequently be subject to patient-led legal action,
statutory criminal proceedings for lack of due diligence, in addition to an array of compensation payments and
regulatory fines. The reputational damage to health providers may also have significant and long-lasting financial
implications. When assessing the financial impact and cost of such attacks and improvements in IT systems and
personnel, it is vital to also acknowledge the opportunity cost of such incidents and developments. Undoubtedly
money spent on cybersecurity is, in reality, money that is lost to direct health service provision.

It is also possible that the growing frequency of such attacks may hinder the development of connected health
systems, which are vital for meaningful electronic health records (EHRs) (Billingsley, 2016). Such attacks may
also impact the development of a host of wireless smart devices to promote and monitor health, often referred to
as the internet of medical things (Pal et al., 2020). It should be noted that we have already witnessed the
withdrawal of the first diabetes device because of vulnerability to cyberattack (Klonnoff & Han, 2019). In 2019 the
U.S. Food and Drug Administration (FDA) announced that certain insulin pumps were being recalled because of
potential cybersecurity risks. Such cyberattacks have been termed ‘medjacking’ (Armstrong et al., 2015).

Although the cybercriminal group responsible for the Conti attack on the HSE appear to have released the key to
unlock their system, health services in Ireland remain in disarray a month later. As evidenced in the vignettes
above the impact on nursing practice has been significant. Patient safety has been significantly undermined, and
staff workloads and stress levels have increased dramatically. The wider and long-term implications are also very
significant. There is of course the very real impact of delayed diagnoses and treatment, as well as increasing
waiting lists, and the potential for increased patient hesitancy into the future given concerns over confidentiality.
Such attacks damage public confidence and will ultimately divert scarce resources into IT security at the
expense of other areas. Such concerns may also limit the development of smart wireless health products. We
can also anticipate criminal use of stolen sensitive patient information. Unconfirmed reports of attempts to exploit
this information have already emerged (Burns, 2021). Into the future it is vital that cybersecurity is seen through
the lens of patient safety. All staff in the health services must actively engage with this issue and strive to
understand how to both prevent and respond to breaches in cybersecurity. Key points in the process of improving
cybersecurity are outlined in Table 3.

Table 3: Action Plan to Prevent & Respond to Cyberattacks (based on the National Institute of
Standards and Technology (NIST), U.S Department of Commerce, Cybersecurity Framework),
2021

6/10
 NIST 5
Core
Elements Example Category Example Implementation

Identify Risk Management Develop an organisational plan to manage cybersecurity risk to

systems, assets and data:
write security policies
design mitigation strategy
conduct risk assessments
improve cybersecurity in the areas identified as being at risk

Protect User Education Provide staff training on best practise especially in relation to
phishing emails, web browsing and USB flash drive usage.

Network Security Defend the network though firewalls, anti-malware defences etc.

Harden all network infrastructure and servers.

Backups (3-2-1 rule as a minimum)

Local administrator accounts must be complex and unique.

Micro segment the network.

Control/stop USB flash drive usage.

Maintenance Update/patch all anti-malware software and operating systems.

Identity Management Implement:

the principle of least privilege for user accounts
complex password policy
multi-factor authentication
password renewal policy
secure remote user policy (e.g. VPN, Zero trust)

Detect Monitoring Network Continuous monitoring of network traffic through intrusion detection
Events and prevention processes.

Identify cybersecurity events.

Respond Response Plan Develop and implement a plan of activities to act on detected
cybersecurity events:
communicate between cybersecurity team, management and
end users
implement mitigation strategy

Recover Recovery Plan Develop and implement appropriate activities to rehabilitate the
Improvements, network:
Communications Restore from backups
Improve the cybersecurity posture
Communicate with stakeholders
Don’t pay ransomware

References
Abelson & Goldstein (2015, Feb. 5) Anthem Hacking Points to Security Vulnerability of Health Care Industry. New
York Times. https://www.nytimes.com/2015/02/06/business/experts-suspect-lax-security-left-anthem-vulnerable-
to-hackers.html

Argaw. S.T., Bempong, N.E., Eshaya-Chauvin, B., & Flahault, A. (2019) The state of research on cyberattacks
against hospitals and available best practice recommendations: a scoping review. BMC Medical Informatics and
Decision Making, 19(1), 10. doi:10.1186/s12911-018-0724-5

7/10
Argaw, S.T., Troncoso-Pastoriza, J.R., Lacey. D., et al. (2020) Cybersecurity of Hospitals: discussing the
challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1), 146.
doi:10.1186/s12911-020-01161-7

Armstrong, D.G., Kleidermacher, D.N., Klonoff, D.C., & Slepian, M.J. (2015) Cybersecurity Regulation of
Wireless Devices for Performance and Assurance in the Age of “Medjacking”. Journal of Diabetes Science and
Technology, 10(2), 435-438. doi:10.1177/1932296815602100

Billingsley, L. & McKee, S.A. (2016) Cybersecurity in the Clinical Setting: Nurses’ Role in the Expanding “Internet
of Things”. The Journal of Continuing Education in Nursing, 47(8) . https://doi.org/10.3928/00220124-20160715-
03

Booth, R., Strudwick, G., McBride, S., O’Connor, S., & Solano Lopez, A.L. (2021) How the nursing profession
should adapt for a digital future. BMJ, 373:n1190. Doi:10.1136/bmj.n1190

Burns, S. (2021, May 21) Gardaí urge victims to report cybercrime but cannot confirm link to HSE hack. The Irish
Times, https://www.irishtimes.com/news/health/garda%C3%AD-urge-victims-to-report-cybercrime-but-cannot-
confirm-link-to-hse-hack-1.4571742

Catton, H., & Iro, E. (2021) How to reposition the nursing profession for a post-covid age. BMJ, 373:n1105.

Computer Fraud & Security (2020) Major ransomware campaign targets healthcare facilities in US. Computer
Fraud & Security, 11, 1-3.

Coventry, L., & Branley, D. (2018) Cybersecurity in healthcare: A narrative review of trends, threats and ways
forward. Maturitas, 113, 48-52. doi: 10.1016/j.maturitas.2018.04.008

Coyne, A. (2016, Oct 28) Australia’s biggest data breach sees 1.3m records leaked. ITNews.
https://www.itnews.com.au/news/australias-biggest-data-breach-sees-13m-records-leaked-440305

Cullen, P. (2021, May 27) Cyberattack: HSE faces final bill of at least €100m. The Irish Times.
https://www.irishtimes.com/news/health/cyberattack-will-cost-hse-at-least-100-million-to-restore-and-upgrade-
network-1.4577076

Fiscutean, A. (2020, July 27) A history of ransomware: The motives and methods behind these evolving attacks.
CSO Online. https://www.csoonline.com/article/3566886/a-history-of-ransomware-the-motives-and-methods-
behind-these-evolving-attacks.html

FortiGuard SE Team (2019, Sept. 25) TrickBot or Treat – Knocking on the Door and Trying to Enter. Fortinet.
https://www.fortinet.com/blog/threat-research/trickbot-or-treat-threat-analysis

Gallagher, C. (2021, May 28) HSE confirms data of 520 patients published online. The Irish Times.
https://www.irishtimes.com/news/crime-and-law/hse-confirms-data-of-520-patients-published-online-
1.4578136#:~:text=The%20Health%20Service%20Executive%20has,Financial%20Times%20nine%20days%20ago.

He. Y., Aliyu, A., Evans, M., & Luo, C. (2021) Health Care Cybersecurity Challenges and Solutions Under the
Climate of COVID-19: Scoping. Journal of Medical Internet Research, 23(4), e21747. doi:10.2196/21747

Heller, M. (2021, Feb 16) A Conti ransomware attack day-by-day. Sophos News. https://news.sophos.com/en-
us/2021/02/16/conti-ransomware-attack-day-by-day/

Jalali, M.S., & Kaiser, J.P. (2018) Cybersecurity in Hospitals: A Systematic, Organizational Perspective. Journal
of Medical Internet Research, 20(5), e10059. doi: 10.2196/10059.

Klonoff, D., & Han, J. (2019) The First Recall of a Diabetes Device Because of Cybersecurity Risks. Journal of
Diabetes Science and Technology, 13(5), 817-820. doi:10.1177/1932296819865655

Kruse, C.S., Frederick, B., Jacobson, T., & Monticone, D.K. (2017) Cybersecurity in healthcare: A systematic
review of modern threats and trends. Technology and Health Care, 25, 1–10. DOI 10.3233/THC-161263.

8/10
Luna, R., Rhine, E., Myhra, M., Sullivan, R., & Kruse, C.S. (2016) Cyber threats to health information systems: A
systematic review. Technology and Health Care, 24(1):1-9. doi: 10.3233/THC-151102.

Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017) Cybersecurity and healthcare: how safe are we?
BMJ, 358, j3179. doi: 10.1136/bmj.j3179.

Meland, P.H., Bayoumy, Y.F.F., & Sindre, G. (2020) The Ransomware-as-a-Service economy within the darknet.
Computers & Security, 92, 101762.

Millard, W.B. (2017) Where Bits and Bytes Meet Flesh and Blood. Annals of Emergency Medicine, 70(3), 17A-
21A. doi:10.1016/j.annemergmed.2017.07.008

Mitre. (2021) Exploit Public-Facing Application. Mitre. https://attack.mitre.org/techniques/T1190/

Nahm, E.S., Poe, S., Lacey, D., Lardner, M., Van De Castle, B., & Powell, K. (2019) Cybersecurity Essentials for
Nursing Informaticists. CIN: Computers, Informatics, Nursing, 37(8), 389-393 doi:
10.1097/CIN.0000000000000570

National Cyber Security Centre. (2021) Ransomware Attack on Health Sector – UPDATE 2021-05-16. Ireland:
National Cyber Security Centre, Department of the Environment, Climate & Communications.
https://www.ncsc.gov.ie/pdfs/HSE_Conti_140521_UPDATE.pdf

NIST. (2021) Cybersecurity Framework. National Institute of Standards and Technology.

https://www.nist.gov/cyberframework/framework

Pal, S., Hitchens, M., Rabehaja, T., & Mukhopadhyay, S. (2020) Security Requirements for the Internet of Things:
A Systematic Approach. Sensors (Basel), 20(20), 5897. doi:10.3390/s20205897

Porter, S. (2020, Mar. 19) Cyberattack on Czech hospital forces tech shutdown during coronavirus outbreak.
HealthCareITNews. https://www.healthcareitnews.com/news/emea/cyberattack-czech-hospital-forces-tech-
shutdown-during-coronavirus-outbreak

Shankar, P. (2021, Apr. 16) All about Ryuk. Cyber Security Works.
https://cybersecurityworks.com/blog/ransomware/all-about-ryuk.html

She, A.H., Zarour, M., Alenezi, M., et al. (2020) Healthcare Data Breaches: Insights and Implications. Healthcare
(Basel), 8(2), 133. doi:10.3390/healthcare8020133

Shear, M.D., Nicole Perlroth, N., & Krauss, C. (2021, May 13) Colonial Pipeline Paid Roughly $5 Million in
Ransom to Hackers. The New York Times. https://www.nytimes.com/2021/05/13/us/politics/biden-colonial-
pipeline-ransomware.html

Stockwell, S. (2018) What Nurses Need to Know About Cybersecurity. AJN American Journal of Nursing,
118(12), 17-18. doi: 10.1097/01.NAJ.0000549682.13264.dc

Tully, J., Selzer, J., Phillips, J.P., O’Connor, P., & Dameff, C. (2020) Healthcare Challenges in the Era of
Cybersecurity. Health Security, 18(3), 228-231. doi: 10.1089/hs.2019.0123.

Tussing, A.D. & Wren, M.A. (2006) How Ireland Cares: The Case for Health Care Reform. Dublin: New Island.

Waddell, K. (2016, May 10) The Computer Virus That Haunted Early AIDS Researchers. The Atlantic.
https://www.theatlantic.com/technology/archive/2016/05/the-computer-virus-that-haunted-early-aids-
researchers/481965/

Williams, C.M., Chaturvedi, R., Chakravarthy, K. (2020) Cybersecurity Risks in a Pandemic. Journal of Medical
Internet Research, 22(9): e23692. doi: 10.2196/23692.

Yandron, D. (2016, Feb 17) Los Angeles hospital paid $17,000 in bitcoin to ransomware hackers. The Guardian.
https://www.theguardian.com/technology/2016/feb/17/los-angeles-hospital-hacked-ransom-bitcoin-hollywood-
presbyterian-medical-center

9/10
ZDNet (2020, May 15) Hackers preparing to launch ransomware attacks against hospitals arrested in Romania.
ZDNet. https://www.zdnet.com/article/hackers-preparing-to-launch-ransomware-attacks-against-hospitals-
arrested-in-romania/

Biographies

Margaret Moran Stritch RGN, BSN

Margaret Jean Moran Stritch graduated with a BSN from the National University of Ireland – Galway (NUIG) in
2017 and works as a surgical theatre nurse at University Hospital Limerick. She is currently completing
postgraduate studies in perioperative nursing at the University of Limerick (UL), Ireland.

Margaretstritch@gmail.com

Michael Winterburn MSc, BSc, NCFM

Mike is an experienced lecturer with a demonstrated history of working in the higher education sector. He has a
strong education professional focus on computer networks, security & server virtualisation, with research
interests in Cloud and Fog/Edge network security. He is also skilled in working with development nonprofit
organisations (in Nepal around leprosy & social stigma), e-Learning, analytical skills, and lecturing.

Michael.Winterburn@LIT.ie

Frank Houghton PhD, MPHe, MA, MSc, MA, BA(Hons)

Frank is Director of the Social Sciences ConneXions Institute at Limerick Institute of Technology in Ireland. He
has worked in Public Health in the Health Services in both Ireland and New Zealand. He was formerly Chair of
the Dept. of Public Health at Eastern Washington University in Spokane, WA.

Frank.Houghton@LIT.ie

10/10