The HSE needs to show a “high level of ambition” in preparation for any future cyberattacks, heard an internal meeting.
In May, the HSE audit and risk committee discussed the Executive’s first corporate risk register (CRR) for the year. Members noted there were 10 ‘open risks’ on the CRR, of which four were rated as ‘high’ and six as ‘medium’.
Members discussed cybersecurity, which is included on the CRR. The meeting heard about the importance of “training in cybersecurity” and members “encouraged a high level of ambition to ensure readiness for any
future cyberattack”.
The HSE’s CRR for the first quarter of 2025 was approved by the senior leadership team (SLT) in late April.
The 10 open risks included the health regions, where the risk was that the implementation of regional reforms “will be delayed and benefits not realised”.
Details surrounding the potential impact of a cyberattack were redacted on the copy of the CRR released to the Medical Independent (MI).
On the redaction of the risk ratings for cybersecurity, the HSE spokesperson said it does not provide detailed information on its systems or infrastructure as this serves to “potentially identify aspects of our infrastructure and security platforms which could facilitate attacks”.
The HSE said it recognises the importance of adopting a proactive approach to the management of risk to support both the achievement of its objectives and compliance with governance requirements.
“The HSE’s CRR records the HSE’s principal risks and relates to corporate risks across health and social care services,” the HSE spokesperson told MI. “These risks have been identified by the HSE’s SLT and are reviewed as part of the quarterly review process.”
The HSE was subject to a major cyberattack in
May 2021.
Leave a Reply
You must be logged in to post a comment.