A report into the HSE cyberattack earlier this year has found that hackers had access to the health service system for eight weeks before the malware was switched on.
An independent report, carried out by PriceWaterhouseCoopers (PWC) has found that the cost of the attack up to now is around €100m.
It finds that the initial infection came on March 18th when a worker opened a phishing email.
The malware was then detonated on May 14th.
The report shows that cyber security concerns were raised earlier in the month - but the significance of the threat was missed.
Here’s the timeline pic.twitter.com/ttQFf4SyCP
— Jess Kelly 👩🏻💻 (@jesskellynt) December 10, 2021
The report finds that the HSE’s ‘frail’ system lacks the ability to prevent cyberattacks and warns that the health service did not have the expertise to protect the system.
Meanwhile, it finds that there were several “missed opportunities” to detect the hackers’ activity before the ransomware was detonated.
“The HSE is operating on a frail IT estate that has lacked the investment over many years required to maintain a secure, resilient, modern IT infrastructure,” it reads.
“It does not possess the required cybersecurity capabilities to protect the operation of the health services and the data they process, from the cyberattacks that all organisations face today.
“It does not have sufficient subject matter expertise, resources or appropriate security tooling to detect, prevent or respond to a cyberattack of this scale.
“There were several missed opportunities to detect malicious activity, prior to the detonation phase of the ransomware.”
A report into the May14th HSE cyber attack has been published.
The initial infection was made on the 18th of March this year. An email was opened by one worker, allowing the malware to run in the background of the HSE systems for approximately 8 weeks, undetected.@NewstalkFM
— Jess Kelly 👩🏻💻 (@jesskellynt) December 10, 2021
It also finds that the HSE never carried out any contingency planning for cyberattacks or “any other scenario involving the complete loss of infrastructure, people, or facilities”.
The report sets out a number of recommendations that should be acted upon as a matter of urgency and warns that the health service is still vulnerable to further attacks.
“The HSE remains vulnerable to cyberattacks similar to that experienced in the Incident, or cyberattacks that may have an even greater impact,” it said.
In a statement, HSE Chairman Ciarán Devane said the report makes it clear that the HSE’s IT systems and cybersecurity preparedness are in need of “major transformation”.
“The HSE has accepted the report’s findings and recommendations, and it contains many learnings for us and potentially other organisations,” he said.
“We are in the process of putting in place appropriate and sustainable structures and enhanced security measures.”
Recommendations in the report include the appointment of new roles such as the Chief Technology and Transformational Officer And Chief Information Security Officer.
The HSE is now working on a multi-year plan to build up resilience against any future attack.
Additional reporting from Newstalk Tech Correspondent Jess Kelly
