Alan Dillon (Mayo, Fine Gael) | Oireachtas source

First, I thank Senator Byrne for raising this matter and I welcome the opportunity to address the current position on behalf of the Minister for Health, Deputy Donnelly. The Senator is, of course, referring to the criminal ransomware attack on the HSE in May 2021. The cost of the response and recovery from the cyberattack to the taxpayer in 2021 was to the tune of €102 million. It must be recognised that all organisations that operate online are operating in a threat landscape of cyberattack given the global, economic and geopolitical uncertainty that exists. Finance and health are two areas that are of particular interest to cybercriminals given the sensitivity and inherent value of data managed within these sectors.

The HSE has invested significantly in cyber remediation since the cyberattack in May 2021. The HSE manages and responses to thousands of cyberattacks annually and takes appropriate action to ensure awareness of current threats. The continuing threat will need to be mitigated by ongoing and sustained investment to strengthen cyber resilience and ensure a secure foundation of our technology, data and health information infrastructure.

Cybersecurity, therefore, is an important priority for the Government and it has allocated funding to the HSE to strengthen its cyber resilience. For example, a specific allocation of €55 million was provided as part of the national service plan in 2024 to enable the HSE to act on the recommendations of the independent post-incident report. The report was commissioned by the board of the HSE in the immediate aftermath of the cyberattack.

A commitment for further investment in the coming years is required to ensure the HSE continues to build the cyber resilience necessary to reduce the impact of further cyberattacks. A clear plan is in place for the work to be done in 2024 and progress is actively monitored by the Department of Health. The National Cyber Security Centre is also engaged directly with the HSE to support, advise and ensure compliance with appropriate national infrastructure security directives.

There are multiple ongoing programmes of work focused on addressing the issues highlighted by Senator Byrne in the wake of the attack, reducing risk, building cyber resilience, and building additional cybersecurity capability and capacity through the establishment of a dedicated cybersecurity function under the leadership of a chief information security officer within the HSE. The HSE continues to invest significantly in multi-layered cyber defences, including technology, processes and people in order to fend off cyberattacks. The investment that is being made building cyber resilience covers a wide range of actions, including staff training, process change, upgrades to technology and equipment and funding of a significantly enhanced cyber security operations centre. Some practical examples of these actions taken by the HSE include the following: ongoing training of staff, so they are aware of the risks associated with opening unsolicited emails and clicking on links that are not verified; simulated phishing and other cyberattacks and monitoring of the effectiveness of training programmes and communications with staff to deal with this type of attack; replacing and upgrading of legacy applications that had exposure to cyberattack; elimination of the Windows 7 estate, with active monitoring of those remaining devices that cannot be eliminated yet because they support applications that are still needed.The HSE has also introduced an important change in relation to the governance of cybersecurity across the organisation. Members of the HSE's executive management team form the oversight committee for the implementation of the recommendations of the post-incident report. Finally, the board of the HSE has established a subcommittee for transformation and technology with responsibility for

oversight of ICT and cybersecurity.

Again, I thank Senator Malcolm Byrne for raising this important matter and assure him and the House that it is being closely monitored by the Department of Health.