Billy Kelleher (Cork North Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

232. To ask the Minister for Health the number of HSE personnel assigned to cyber security in each of the years 2012 to 2016, and to date in 2017, in tabular form. [23785/17]

Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

As this is a service matter, I have asked the HSE to respond directly to the Deputy on this matter.

Róisín Shortall (Dublin North West, Social Democrats)
Link to this: Individually | In context | Oireachtas source

233. To ask the Minister for Health the recommendations and requirements given to publicly funded hospitals on cyber security; the amount spent on cyber security by the HSE in each of the past ten years; and if he will make a statement on the matter. [23793/17]

Simon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

Within the HSE the Office of the Chief Information Officer has responsibility for information security, information governance and cyber prevention across the HSE including HSE acute hospitals and Community Health Organisations and regularly inform all business units users within the HSE on information security issues and best practice. Along with managing the HSE's own ICT estate and assets they also manage shared applications and services that exist in voluntary hospitals and other providers. These agencies in turn have responsibility for local ICT security and assets in relation to their own systems. The Office of the Chief Information Officer also manages the health networks that connect many health care facilities across the country. Other activities in terms of cyber security are ensuring that the infrastructure, including the data networks, file servers and personal computers are securely maintained with anti virus software and updates. In addition, other services provided include managing perimeter security devices such as firewalls, monitoring tools, anti-virus and mal-ware detection systems and software. Staff training and awareness is also a critical element in providing a defence against cyber attacks and is provided by the Office of the Chief Information Officer. In that regard it is difficult to quantify those costs elements that are security related from other management activities. As other cyber related costs are not routinely available I will instruct the HSE to provide a more comprehensive breakdown of figures in relation to cyber costs to the Deputy. In relation to anti virus software the HSE spend approximately €0.5m per annum.

As the Deputy is aware, the last week has brought home to us the importance of digital technology supports in the provision of modern health and social care services and the threats that cyber attacks can bring to undermining those services. The HSE first became aware on Friday last of a major cyber security threat in the form of a ‘ransomware’ attack on its infrastructure. The CIO's Office coordinated and organised a comprehensive response to the cyber attacks in the last week including developing the #ThinkB4Uclick information campaign across the health services. Similar attacks were threatening the national Health Services in the UK and many other countries. Such attacks pose a serious threat to the provision of health services and the priority at all times is to ensure that patient safety is not compromised, particularly in relation to the provision of clinical services. It is a critical priority to protect the confidentiality of patient data. In relation to the current cyber incident the HSE and the Department are working in close cooperation with the National Cyber Security Centre and with the Department of Communications, Climate Action and Environment.