Hackers Breached HSE IT Systems All Of Eight Weeks Before Settling On May Attack


A report into the HSE cyberattack in May has found that hackers had access to the health service system for eight weeks before the malware was switched on.

An independent report, carried out by PriceWaterhouseCoopers has found that the attack has so far cost around €100m.

It finds that the initial infection came on March 18th when a worker opened a phishing email.  The malware was then detonated on May 14th.

The report shows that cyber security concerns were raised earlier in the month – but the significance of the threat was missed.

The HSE’s ‘frail’ system lacks the ability to prevent cyberattacks and warns that the health service did not have the expertise to protect the system.

Meanwhile, it finds that there were several “missed opportunities” to detect the hackers’ activity before the ransomware was detonated.

The HSE is operating on a frail IT estate that has lacked the investment over many years required to maintain a secure, resilient, modern IT infrastructure,”

It does not possess the required cybersecurity capabilities to protect the operation of the health services and the data they process, from the cyberattacks that all organisations face today.

It does not have sufficient subject matter expertise, resources or appropriate security tooling to detect, prevent or respond to a cyberattack of this scale.

There were several missed opportunities to detect malicious activity, prior to the detonation phase of the ransomware.”

It also finds that the HSE never carried out any contingency planning for cyberattacks or “any other scenario involving the complete loss of infrastructure, people, or facilities”.

The report sets out a number of recommendations that should be acted upon as a matter of urgency and warns that the health service is still vulnerable to further attacks.

The HSE remains vulnerable to cyberattacks similar to that experienced in the Incident, or cyberattacks that may have an even greater impact,” it said.

Recommendations in the report include the appointment of new roles such as the Chief Technology and Transformational Officer And Chief Information Security Officer.

The HSE is now working on a multi-year plan to build up resilience against any future attack.