At first the attack on Ireland’s public-health system fell into a depressingly familiar pattern. In March 2021, hackers duped an employee into clicking on an innocuous-looking spreadsheet, giving them access to its network. On May 14, they rendered most of the 70,000-device system inoperable by encrypting reams of its data. Then they demanded $20 million—which would have been one of the biggest ransomware payouts ever—to reverse the action.
Because the hackers compromised systems that 54 hospitals and about 4,000 other locations needed to operate equipment such as radiation therapy machines and keep track of which drugs to administer to which patients, the immediate impact was terrifying. As doctors and nurses scrambled to improvise ways to keep sick patients from dying, Ireland’s government took a hard line. “We’re very clear we will not be paying any ransom or engaging in any of that sort of stuff,” then-Prime Minister Micheal Martin said in a televised appearance the day the computers began seizing up.
