Hospitals 'on their knees' after HSE cyberattack, EU told
The cybersecurity specialist at the Department of Communications Ian Roe said: 'If you don’t have communication, if you don’t have email, if you can’t talk to your employees, you can’t talk to your suppliers and you can’t talk to the authorities, that’s a difficult place to be in.'
A top Irish civil servant has told a major EU cyber security conference that some hospitals in Ireland were “on their knees” after being hit by the cyberattack on the HSE in 2021.
Ian Roe said that what “defines” a country’s cyber security capabilities is how it responds to an incident and urged other states to develop their “contingency planning” in case of such attacks.
The cybersecurity specialist at the Department of Communications said the HSE disconnected their computer system from the world in March 2021 and staff had to rely on pen and paper. But he warned assembled EU experts and agencies that authorities need to check “do you have enough paper” if their systems are crippled, adding that these are the type of problems that will emerge.
Mr Roe told the EU Cybersecurity Conference in Brussels that “communication is absolutely key” between all the relevant parties during a severe cyberattack but that if electronic communications are all down that was “difficult”.
The conference, organised by ENISA, the EU Cybersecurity Agency, was told by the European Parliament Vice President Dita Charanzova that the parliament “has rejected hundreds of cyberattacks, from Russia, China, and also North Korean and Iran”. She said the approaching European Parliament elections in June “will become a target for disinformation and cyber interference”.
Nato cyber chief James Appathurai said people should examine what Ukraine was doing in this area, which has learned to build the capacity to have an “air gap” between the cyber network and its critical infrastructure. “While we are connecting everything, they learn to disconnect things,” he said.
He said the West was under cyberattack from Russia and China “all the time” and said the International Energy Agency reported a doubling of cyberattacks on utilities between 2020 and 2022.
Mr Roe explained to attendees that the HSE had 130,000 employees, 54 acute hospitals, and 4,000 locations when there was an attack on the system. “There was 54 acute hospitals, but not all were affected equally,” he said.
He said it all started with “one click” on a file in a malicious email, which allowed the criminal hackers to access and encrypt the system and move through the various hospitals and health centres. He said HSE bosses decided to “disconnect the national healthcare network from the outside world”.
Mr Roe said: “In a cyber incident communication is absolutely key. If you don’t have communication, if you don’t have email, if you can’t talk to your employees, you can’t talk to your suppliers and you can’t talk to the authorities, that’s a difficult place to be in.”
He advised his counterparts that they need to do some “contingency planning” for such an eventuality hitting them.
He said: “You may say I will revert to pen and paper, but do you have enough paper? These are the things that do crop up.”
The Belgian State Secretary for Digitalisation, Mathieu Michel, said cyber defence could not be limited to the national level and that there was a need for a “cyber shield” at an EU level in order to protect critical infrastructure and data.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
