HSE to spend €33m on cyber security response

In May 2021 at the height of the covid pandemic, the HSE was stunned by a massive cyber-attack perpetrated by Russian hackers which saw the personal details of more than 100,000 patients and staff leaked, and the HSE’s digital systems negated completely.

The hack was so profound that it has cost the HSE at least €144m to date, a fact which led to much recrimination given the executive had been warned repeatedly of the inadequacy and decrepitude of its digital systems in the years before the attack happened.

The HSE said the “vision” of its new extended detection service is that the health service could “have the capability to unify the cyber incident response” across its various entities, a state of affairs which would allow the HSE to have “centralised management and accountability” for handing future cyber events.

Regarding the second contract, the HSE said it already operates both endpoint and network detection and response systems as “integral” elements of its security defence measures, and is seeking via the new contract to combine the two into one.

The new contracts will improve the health service’s ability to detect and respond to cyber attacks along with its resilience regarding same, the HSE said, adding that the new infrastructure will allow for the delivery of its “wider eHealth strategy”.

Likewise the new system will “minimise the risk of data breaches and other security incidents” and will “enhance the organisation’s ability to protect sensitive data and comply with relevant regulations”, the HSE said.

The health service has been on high alert over the past two years at the possibility of a further cyber attack to match the devastating impact of the first.

Last June the HSE was hit by another such attack — with a product being used to automate the HSE’s recruitment processes the target — deemed to be criminal in nature and international in scale.

It is understood that no patient data was accessed during that attack however.