Malcolm Byrne (Fianna Fail) | Oireachtas source

Cuirim fáilte roimh an Aire Stáit. This weekend marks the second anniversary of the largest ever cyberattack on a State institution or agency. As far as we know, it is the largest cyberattack ever in the State. The attack in question was, of course, on the HSE and resulted in up to 7,000 patient appointments being delayed or cancelled. As we now know, up to 100,000 letters have been sent to patients, with a significant number of them being informed of potential data breaches. When I raised in November 2021 a similar Commencement matter with then Minister of State, Deputy Feighan, regarding the cost and the actions to be taken, he informed me that, as a result of the cyberattack, €37.5 million had been spent in the first six months to address IT infrastructure. At the beginning of this year, the Committee of Public Accounts was told that the Department of Health had spent €1 million and the HSE had spent €53 million but that sum was scheduled to rise.

It is important that we know the cost and the reason it is important to invest in this infrastructure, but also the steps that have been taken to avoid similar attacks on the HSE or other State agencies under the Department of Health or on a wider government level. The number of cyberattacks on State institutions and agencies is increasing. Many of those involved in perpetrating the attacks do not care what their target is. As part of hybrid warfare, they will target vulnerabilities in the infrastructure. In many cases, there is state-sponsored or state-condoned attacks, mainly emanating from four countries, namely, Russia, China, North Korea and Iran. We know the attack on the HSE emanated from Russia. As I stated at the time, I am very concerned that although there were protests at the Russian embassy with regard to the attack, no stronger action was taken.I used the example of Albania, which has a much less developed infrastructure than Ireland. In September 2022, when Iranian authorities attacked Albania and there was a ransomware attack on a number of government agencies, Albania decided to cut all diplomatic ties with Iran. I am not suggesting we do that with Russia but a serious question needs to be asked about our cyber defences. We know that evidence from the European Union Agency for Cybersecurity and Microsoft is that in 2022 the proportion of state supported cyber attacks has increased from 20% to 40%, as a proportion of the overall attacks. A lot of this is because of Russia's attacks on Ukraine, but also increasingly on those who are allied or perceived as supporters of Ukraine. Our health service is a critical piece of infrastructure. We know about the damage done when it was attacked in the middle of a pandemic. We have, unfortunately, seen a global increase in these types of attack. I hope the Minister can outline to us today what actions have now been taken, the level of security now in place to ensure it does not happen again and to inform us of the costs and what other actions may need to be taken.