The HSE Chief Information Security Officer (CISO) has said that the health service lacks the same level of cyber threat awareness that he experienced in the private sector.
Mr Neal Mullen was appointed as CISO in October 2024.
Before his appointment, Mr Mullen held senior cybersecurity and resilience roles with organisations including KPMG, Bertelsmann, and Dunnes Stores.
Speaking at the Cyber Security for Healthcare Conference, held in Dundalk Institute of Technology earlier this month, Mr Mullen said during his time in retail, there was intense awareness of cybercriminal groups such as FIN7 and FIN8, who actively targeted the sector.
“We were obsessed with them,” he told the meeting. “Every day, we spoke about them at board level. Our management team spoke about them. Since I came to healthcare, we don’t seem to have that same realisation about who is interested in us.”
Following the major ransomware attack on Marks & Spencer in April, Mr Mullen said he asked relevant vendors whether the tools the HSE had in place could defend against the same tactics and techniques used in that breach.
Mr Mullen indicated the response he received from HSE vendors has not been encouraging.
“We are closer to the answer, but it’s not the answer you would want,” he told attendees.
However, when questioned on this issue by the Medical Independent, a HSE spokesperson said: “Initial findings suggest that current detection and prevention measures are positioned to identify and respond to comparable threats.”
The spokesperson noted that the HSE has recently endorsed Ireland’s National Cyber Security Plan, which is designed to strengthen cybersecurity resilience, improve operational preparedness, and support readiness for the upcoming EU NIS2 directive.
Leave a Reply
You must be logged in to post a comment.