Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
LAST UPDATE | 10 Dec 2021
A NEW REPORT into the HSE cyber attack in May shows that the hackers were in the health service’s computer systems for eight weeks before they initiated the attack.
The report, which was launched this afternoon, gives details on how the HSE were unprepared for a cyber attack, due to the weakness of their IT system and a lack of cybersecurity detection and monitoring.
The cyber attack has cost the HSE approximately €100 million, with half of the cost being incurred in 2021, while the remaining half will be a recurring fee in 2022.
The attack itself saw massive disruption across the country, with usual healthcare operations being curtailed due to IT outages.
Covid-19 measures like testing and contact tracing were hit, with daily case numbers and deaths due to the virus being inaccessible in the immediate aftermath.
Contingency plans were put in place by the health service reverting back to a paper-based system due to the inaccessibility of digital healthcare records.
Organisations like An Garda Síochána, the National Cyber Security Centre, Interpol and the Defence Forces were brought in to assist the HSE in dealing with the attack.
The attackers first sent a malicious email to a single workstation on 16 March, with the email then being opened on 18 March. A malicious Microsoft Office Excel file was downloaded, which allowed the hackers into the HSE’s IT system.
The hackers remained within the HSE IT system for eight weeks, gaining additional levels of access to the system and individual user accounts, before detonating the attack on 14 May.
While the HSE’s antivirus software did detect malicious activity on the workstation on March 31, it was set to monitor mode so was unable to block the activity.
On 13 May, one day before the attack, the HSE’s cybersecurity provider emailed the Security Operation’s team that there had been unhandled threats since 7 May on at least 16 systems. The Security Operations team then had the Server team restart the servers.
The following day the attack was carried out.
The ransomware attack was only detected at the point the attack was carried out, and the IT system was switched off to prevent further damage. Hackers used the Conti ransomware to disrupt the HSE in the attack.
The report identified that the legacy IT system used by the HSE was not resilient enough to cope with a cyber attack, with the system evolving over time and not taking into account resilience to cyber attacks.
Speaking on the RTÉ’s News at One, HSE CEO Paul Reid said that the design of the health service’s network is not strategic but that it came about through the amalgamation of health boards, hospital groups and Community Healthcare Organisastions (CHOs) into the current health service.
“If you look at our network, it’s certainly built over the history of the health service. From health boards to hospital groups, CHO’s and then the HSE establishment itself,” said Reid.
“It’s not a strategic design of a network and you certainly wouldn’t start in this way.
“It’s very fragmented, very siloed, solutions being delivered at each hospital or community area and many, many aspects of our legacy network in place.”
The report identifies the staff of the HSE as being resilient, working quickly to ensure that continuity of services were provided despite the attack.
In a statement on the publication of the report, HSE chairman Ciarán Devane said that the impact of the attack is still being felt by the health service.
“We commissioned this urgent review following the criminal attack on our IT systems which caused enormous disruption to health and social services in Ireland, and whose impact is still being felt every day,” said Devane.
“It is clear that our IT systems and cybersecurity preparedness need major transformation.”
According to Reid, the health service has initiated a number of actions to mitigate future cyber attacks, including new security controls and monitoring.
“We have initiated a range of immediate actions and we will now develop an implementation plan and business case for the investment to strengthen our resilience and responsiveness in this area,” said Reid.
These immediate actions include a 24-hour monitoring service for HSE IT systems, which is being carried out by an external provider as well as more multi-factor authentication for users.
Recommendations
Following the report, issued by PwC, the HSE have accepted a number of recommendations to improve their cybersecurity measure and to stop further attacks on the health service.
Among them are plans for the development of a new “significant” investment plan and the transformation of legacy IT to have cybersecurity built into the infrastructure.
New roles are also set to be created, with both a Chief Technology and Transformation Officer and a Chief Information Security Officer set to be appointed.
Additional cybersecurity crisis management plans are also being recommended by the report, to ensure that responses to further cyber attacks are managed properly.
There will also be more testing of the HSE’s cybersecurity defences through the use of ‘ethical hackers’, with simulated attacks being carried out on health service IT systems.
“The HSE has accepted the report’s findings and recommendations, and it contains many learnings for us and potentially other organisations. We are in the process of putting in place appropriate and sustainable structures and enhanced security measures,” said Devane.
According to the report, the investment needed to carry out the recommendations will need to be “very significant” on an immediate and sustained basis. However, there was no estimated cost included within the report.
The HSE has estimated that their IT operating budget for 2022 will increase to €140 million, up from €82 million in 2021. They also expect the capital budget to rise to €130 million, up from €120 million in 2021, which included €25 million for Covid-19 capital spending.
Reid said that the learnings taken from the HSE with the cyber attack would help other government agencies and bodies around the risks posed by cyber criminals and cyber attacks.
To embed this post, copy the code below on your site
He’s full of shi€e. He doesn’t care. If it’s no deal then we’ll have checks
@Eamonn O Connell: maybe he was talking about Czech’s as in people from that country???!!! They’ll just have Indians or “Great”British people instead……
Boris Johnson tells stories
There you go, fixed your headline. You’re welcome.
He still hasn’t come up with a realistic alternative to the agreement, and I think it’s clear he doesn’t want to.
@Keith O’Reilly: He was zero intention of proposing a viable solution.
Boris lying again, he’ll be gone by 31st October. If they leave customs union, then there must be checks on goods – or for anything else that may be hidden (drugs/people). That requires infrastructure to check/validate goods crossing the border.
@Brian Lilly: yes there will be checks for the reasons you have given whether there is the farcical backstop or not. We are being sold a pup by all sides only solution is a united Ireland every other thing will be worse for this island in both short and long run
@Sean Salmon: NI is a basket case economy, we can’t afford a United Ireland at this point in time. A border down the Irish Sea is the only viable solution, or remain.
@Sean Salmon: The Unionists will act gracefully and we won’t go back to the troubles, the killings, the missing, the British Soldiers. FFS. It’s not going to happen. Look at how we have been bowing and scraping to Baboon Johnson ~ it’s a beautiful dream but we can’t afford the counties wer have, housing, health care etc., Mise Eire is more of a dream than ever.
Lidl Trump
I’m confused. The UK voted leave so that they could take control of their borders. Now, it seems that they don’t want borders with the EU. As the UK is non-Schengen, the only open border it has with another EU country is Ireland. They only had one border to take control of and now they are against that
@Anne Marie Devlin: But almost nobody even gave a thought about N.I. during the vote and the government had no clue that people would actually win the vote to leave.
Borarse
We’re sorry Mr Johnson – not one of us believes ANYTHING you say, any more
Boris will say anything to get through the Conference. He does not know the meaning of Brazen.
You would think he has a choice in the matter. A no-deal brexit will mean border check points – everyone including Boris already acknowledged that over the last 3 yeras – and the UK will be in voilation of the Good Friday agreement.
Is it possible for the UK to leave the EU and decide not to enforce a border in Ireland? Can they simple tell the EU that if they want a boarder that they need to enforce it?
@sVRCsaSg: WTO rules will force a border.
Other countries will sue the UK for having a favourable trade route between the EU & the UK without checks when the same rules don’t apply to all other countries.
That’s what the deal was trying to avoid. Having the UK fall under the WTO rules.
@Bob Earner: ah ok. But can it not work in the reverse? That the EU could be sued for not enforcing a favourable trade route? Or is it part of the agreement with the EU that should a country leave they are responsible for this.
@Bob Earner: There is no WTO rule on borders. It’s something someone made up.
@sVRCsaSg: They can’t not have border checks, it’s absolute BS, it doesn’t make an iota of sense. Otherwise any goods/people can go into the UK from Ireland.
@Diarmuid Hunt: yes but it works the reverse also in that it makes no sense for the EU to not enforce that border as people and goods can flood in from the UK.
But they could also do what many parts of the US do where the borders aren’t so strong and have customs and enforcement within the country and deport those who entered illegally.
@Stephen Devlin: The WTO wouldn’t be “enforcing” anything, the point would be other countries could and would probably bring a dispute. The solution to the dispute would most likely be some form of Border checks.
@sVRCsaSg: If there’s a hard border there will be checks on both sides, don’t be listening to Boris’ bluster. Ireland, being part of the EU, in the event of a no deal Brexit will have to impose border checks, the UK will do the same on their side. Sometimes Boris can be cunning, this time it’s blatant BS.
@Diarmuid Hunt: yes but I’m wondering if they can simply choose not to enforce the border and would the EU then choose to enforce as your comment seems to suggest.
@sVRCsaSg: Even if the EU weren’t involved, if Ireland and UK ended up in a situation where we had no trade agreement a border would have to be imposed. Not quite sure of the legalities of them just not having border checks, but I’d put money on it that they in the case of no deal the UK will eventually have border checks.
@Diarmuid Hunt: yes but why would a border have to be imposed? I know you’re not sure of the legalities of it but that’s what I’m wondering.
That’s what happens when you let him write his own speeches. You have to assume he was drunk writing it, and hungover delivering it.
All he has proposed is moving the border ………. not a chance
Boris Johnson is going to leave the EU he doesn’t give a flying fu@k what we or the rest of Europe think, too much money to be made by his pay masters
Seems just EU wants checks so. That stick needs removing and Lieo and co need do so..
@Willy Mc Bride: it seems you’re believing Boris and his Tory chums’ bullshit.
@Willy Mc Bride: Ireland is the EU.
The good old EU will force Ireland to erect a border.
@rumug:
Ireland is the EU. It is the U.K’s intransigence that will force the border up. But you know this.
This is beyond parody. He claimed Britain led the World on everything – female emancipation, for example. There are a few people in New Zealand and South Australia who may disagree. The music they played was Baba O’Riley by the Who, the chorus of which goes “Teenage wasteland”. What are these people smoking?
“Caring Mayor of London” me Ass.Extremely expensive boss with his non starter garden bridge.How much longer will the British electorate be fooled by this garrulous clown, his sinister sidekick Cummings and their fellow right wing (Fascist) travellers.Get ready for Brexit,Get ready for going down the tubes.Boris and his friends will continue to Remain comfortable and rich!
As usual talking through his Arse
Saw the comments from priti Patel saying something about no more immigrants. I wonder what she’d be doing now if Britain enforced that when her parents came over???
No deal brexit is not no deal forever. The brits need the deal either now or in the future.
Borders aren’t real. They are man made. No one chooses the country they are born in, so separating people like that is idiotic. This Brexit craic will be sorted the sooner those in London and Brussels cop onto that.
@Simon Johnson: boarders reflect the areas where a people (often a nation but not always) have control over their own affairs. They’re petri dishes for different cultures and governance ideas. They’re the same thing as a house (which is also man made and separates people). You have the right to maintain your house as you please and a right to enjoy it peacefully and decide who to invite in.
@sVRCsaSg: ah but your house must comply to rules to be able to be built- for sensible reasons. Borders are the same
@Dave Harris: true, although I’d argue a lot of those regulations are too much. But yes borders are the same, the international community attempts to regulate if a state tries to expand it’s borders or threatens another nations ability to maintain their borders.
But it doesn’t mean that borders or houses don’t exist and don’t exist for good reasons.
But it raises a good question as to who controls your borders.
@sVRCsaSg: you don’t put a border through someones home. The nearest border we should have, is down the Irish sea. Will solve many problems.
@DaMoons: yes but people would also say you have to have a border around your home/nation/state to allow it to exist.
But yes it’s a balancing act and the lines aren’t so clear in this circumstance.
Instead of a border if he gets his way we will finish up getting two borders.. History repeating itself.
Boris Johnson was never going to put a proposal to the E U that could be accepted so he could go back to the parliament and blame the E U for the breakdown
I saw him in a shop in England years ago looking for calf nuts and he must have got them
We deploy our Defence Forces ha ha ha ha
have your say