Cyber Incident Victim: Coombe Women and Infants University Hospital
Date:
Dec 2021
Location:
Ireland
Summary
A ransomware attack disrupted IT systems at Coombe Women and Infants University Hospital, prompting a precautionary lockdown of all systems while operations continued normally. The incident affected radiology and patient management systems, requiring patients to bring physical appointment cards due to the unavailability of the Healthlink messaging network. Ireland's Health Service Executive confirmed the attack was isolated to the hospital and did not compromise the national healthcare network. This followed a separate, larger ransomware incident impacting Ireland's health system months earlier, which exploited phishing vulnerabilities and low cybersecurity maturity. Meanwhile, a Texas ENT practice reported a ransomware-related breach involving unauthorized access to files containing patient data, including names, birthdates, and limited Social Security numbers, though its electronic medical records remained uncompromised.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Coombe Women and Infants University Hospital in Dublin experienced an apparent ransomware attack in late 2021, with disruptions first reported publicly on December 10. The hospital implemented immediate precautionary measures, including a full lockdown of all IT systems, while continuing normal clinical operations. Patients were instructed to bring physical appointment cards due to the unavailability of the Healthlink secure messaging network, which typically handled electronic communications. Initial system impacts included the radiology department and certain patient management systems, though specific clinical workflows remained functional. The Health Service Executive (HSE), Ireland's national healthcare system, provided direct support to contain the incident, with HSE Chief Executive Paul Reid confirming the attack appeared isolated to The Coombe and did not compromise broader national health infrastructure. No ransomware variant or specific attacker was identified in public statements, and the hospital did not disclose whether data exfiltration occurred.
This incident followed a larger, unrelated Conti ransomware attack on Ireland's HSE in May 2021, which originated from a March 16 phishing email containing a malicious Excel attachment. Attackers maintained unauthorized access to HSE systems from March 18 until deploying ransomware on May 14, causing four months of widespread healthcare service disruptions. A subsequent PwC report commissioned by HSE attributed the breach to systemic cybersecurity deficiencies, including critically low maturity against NIST standards and inadequate phishing defenses. In December 2021, coinciding with The Coombe's incident, HSE was analyzing newly recovered data stolen during the May attack to identify affected patients, facilitated by collaboration between Irish and U.S. law enforcement. The Coombe's cyberattack highlighted persistent vulnerabilities in healthcare infrastructure despite heightened awareness following the national HSE breach.