Niall Collins (Limerick County, Fianna Fail) | Oireachtas source

I thank the Senator for raising this matter, and I welcome the opportunity to outline the current position. He is referring to the criminal ransomware attack on the HSE in May 2021. The cost of the response and recovery from the cyberattack was €50,909,769. In 2022, the cost incurred was €38,796,638. This is a total cost for those two years of €89,706,407. It must be recognised that all organisations that operate online are operating in a threat landscape of cyberattack, given the global economic and geopolitical uncertainty. Finance and health are two areas of particular interest to cyber criminals, given the sensitivity and inherent value of the data managed within these sectors. This continuing threat will need to be mitigated by ongoing and sustained investment to strengthen cyber resilience and to ensure a secure foundation on which to build our technology, data and health information. Cybersecurity is, therefore, an important priority for the Government, which has allocated funding to the HSE to strengthen its cyber resilience. A further allocation of €54.88 million was provided as part of the service plan for 2023, to enable the HSE to act on the recommendation of the independent post-incident report. That report was commissioned by the board of the HSE in the immediate aftermath of the cyberattack.

A commitment to further investment in the coming years is also required to ensure the HSE continues to build the cyber resilience necessary to reduce the impact of further cyberattacks. A clear plan is in place for work to be done in 2023 and progress is actively monitored by the Department of Health. The national cybersecurity centre is also engaged directly with the HSE to support, advise and ensure compliance with the appropriate national infrastructure security directives. The investment being made to build cyber resilience covers a wide range of actions including staff training, process change, upgrade of technology and equipment, and funding of a significantly enhanced cybersecurity operations centre. Some practical examples of actions taken by the HSE include the ongoing training of staff, so that they are aware of the risks associated with opening unsolicited email and clicking on links that are not verified. There are also simulated phishing attacks and monitoring of the effectiveness of training programmes and communications with staff to deal with this type of attack. The HSE is replacing and upgrading legacy applications that had exposure to cyberattack. The Windows 7 estate is being reduced from more than 30,000 devices to fewer than 600 currently, with active monitoring of the remaining devices, which cannot yet be eliminated because they support applications that are still needed. The remaining Windows 7 estate will be eliminated. Older applications are being taken offline completely or access is only provided to users as and when required. There is investment in the replacement and upgrade of underlying ICT technical infrastructure, including servers, firewalls, networks and ed-user devices. Services and applications have been migrated to the cloud, and there is significantly enhanced active monitoring of threats by a cybersecurity operations centre, tagging and classification of threats and associated interventions to deal with these threats. Finally, a prioritised list of actions and interventions is in development for the future based on the recommendations of the independent post-incident report.