A project related to the monitoring of HIQA’s IT systems was fast-tracked by the Authority as a result of the recent HSE cyberattack. Last year, HIQA’s external security consultants, BDO, completed a review of cyber security provisions at the Authority. The security review identified items which needed to be improved or strengthened in respect of the systems utilised by HIQA. The main finding of the review related to the replacement of the existing IT system PRISM. This is HIQA’s main IT system used to record and manage inspection and monitoring activities in regard to health and social care services.
A spokesperson for the Authority told the Medical Independent: “The underlying technology used on this system is going out of support by the technology provider, hence HIQA is replacing the system.” As a result of the ongoing management of HIQA’s security, it identified and prioritised requirements to proactively monitor its systems. When asked about the impact of the cyberattack on HIQA’s IT policy, the spokesperson said: “This project was fast-tracked in quarter two, 2021, and [a] 24/7 external security monitoring solution on our systems was implemented. A modern cyber security awareness training platform was also subsequently rolled out to our staff.”
After the BDO security review in 2020, HIQA undertook cost estimates required to cover its “critical” IT security needs. Subsequently a request for additional funding of €250,000 was made to the Department of Health. “This funding was approved in early 2021, which allowed us to proceed with identified security initiatives,” according to the spokesperson.