The HSE has signed-off on a national cybersecurity plan to help improve information technology security across the organisation, a spokesperson has confirmed.
The spokesperson told the Medical Independent that the document is “a multi-year comprehensive plan designed to improve the HSE cyber posture and preparedness across three key areas”.
These areas include remediating any open findings and/or recommendations from recent audits and assessments; preparing for compliance with the Network and Information Security 2 EU Directive; and delivering several strategic cybersecurity and cyber resilience initiatives.
“There has been a steady increase in health-related cyberattacks across Europe in recent years. The HSE manages and responds to thousands of cyber threats annually and takes appropriate action to ensure awareness of current threats. The HSE continues to invest significantly in multi-layered cyber defences, including technology, processes, and people, to fend off cyberattacks,” the HSE spokesperson added.
The HSE’s corporate risk register, as of late 2024, included the risk of a “major service impacting cyberattack”. However, information on the risk rating was redacted by the HSE in its release via Freedom of Information.
The HSE is still preparing to comply with an EU Directive on cybersecurity amid a failure by Government to enact legislation to meet European deadlines. The Directive aims to enhance cybersecurity in certain, critical sector organisations across all 27 EU Member States.
The EU deadline for transposition of the Directive was 17 October 2024. However, the general scheme of the National Cyber Security Bill was only published in August 2024.
The Bill will provide for the establishment of a national cybersecurity centre. It will mean “essential entities” like the HSE must adopt measures to monitor and manage cybersecurity risks and ensure incident response plans are in place.
Leave a Reply
You must be logged in to post a comment.