Sign up now for ease of access to The Medical Independent, Ireland’s most frequently published medical newspaper, delivering award-winning news and investigative reporting.

  • receive the eCopy two days prior to the printed edition.
  • can partake in our online MCQs.
  • can enter our online sports quiz.


Medicalindependent.ie is Ireland's only investigative medical news website for doctors, healthcare professionals and anyone with an interest in health issues.

Established in 2010, along with its sister publication The Medical Independent, our stated aim is to investigate and analyse the major issues affecting healthcare and the medical profession in Ireland. The Medical Independent has won a number of awards for its investigative journalism, and its stories are frequently picked up by national digital, broadcast and print media. The Medical Independent is published by GreenCross Publishing.

Address: Top Floor, 111 Rathmines Road Lr, Dublin 6

Tel: 353 (01) 441 0024

GreenCross Publishing is owned by Graham Cooke.

IT systems and cybersecurity preparedness ‘need major transformation’ – HSE Chair

By Catherine Reilly - 10th Dec 2021 | 101 views

Stethoscope with financial statement

The HSE’s IT systems and cybersecurity preparedness “need major transformation”, according to the HSE board Chair Mr Ciarán Devane

Mr Devane was speaking upon the publication today of a HSE-commissioned independent review into the cyberattack in May. The review found there was a lack of structures and processes in place to deal with the incident. Mr Devane commented that there were important lessons in the review for the HSE and other public and private sector organisations in Ireland and internationally.

The review was commissioned by the HSE board in conjunction with the CEO and the executive management team. It was prepared by PwC.

It makes a detailed series of findings in relation to the circumstances leading up to the attack and the attack itself, including the level of preparedness for and the quality of the response to the incident. According to the HSE, it has already made urgent changes to protect the organisation against a similar future attack.  It has embarked on implementing recommendations in the report and has begun “engagements with the Department of Health with a view to agreeing a multi-year ICT and cybersecurity transformation programme”.

Mr Devane said: “We commissioned this urgent review following the criminal attack on our IT systems which caused enormous disruption to health and social services in Ireland, and whose impact is still being felt every day.  It is clear that our IT systems and cybersecurity preparedness need major transformation. This report highlights the speed with which the sophistication of cyber-criminals has grown, and there are important lessons in this report for public and private sector organisations in Ireland and beyond.”

The review found that there was a lack of structures and processes in place to deal with the incident. However, the HSE was in a position to draw from prior learnings and processes used in dealing with crisis situations, such as during the Covid pandemic, to help manage the situation.

According to Mr Devane: “The HSE has accepted the report’s findings and recommendations, and it contains many learnings for us and potentially other organisations.  We are in the process of putting in place appropriate and sustainable structures and enhanced security measures.”

The CEO of the HSE Mr Paul Reid said: “We were anxious to commission this report so that we had an independent, thorough and transparent assessment of how this cyber-attack happened and to set out the strategic and tactical actions needed. The report sets this out in quite a lot of detail. We have initiated a range of immediate actions and we will now develop an implementation plan and business case for the investment to strengthen our resilience and responsiveness in this area.”

The HSE has implemented “a number of high-level security solutions” to address issues raised in the report. These include a range of new cyber-security controls, monitoring and threat intelligence measures based on best international expert advice.

On 14 May 2021, the HSE was subjected to a serious criminal cyberattack, through the infiltration of IT systems using Conti ransomware.  With over 80 per cent of IT infrastructure impacted and the loss of key patient information and diagnostics, this resulted in severe impacts on the health service and the provision of care. The HSE employed the assistance of An Garda Síochána, the National Cyber Security Centre, Interpol and the Irish Defence Forces.

Key recommendations include appointment of a Chief Technology and Transformation Officer; development of a significant investment plan; appointment of a Chief Information Security Officer and resourcing of a skilled cyber function; and development of a cyber-security transformation programme.

Further information is available at the below links.

Executive Summary –  https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-executive-summary.pdf

Full Report – https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf

Leave a Reply

Latest
Latest Issue
medical news
The Medical Independent 19th May 2022

You need to be logged in to access this content. Please login or sign up using the links below.

Most Read