HSE official says health an ‘easy target’ for cyber attacks

‘One country lost 60 per cent of its GP records. That’s terrifying,’ says tech chief

It would be "relatively easy" for a cyber attack to "cripple" entire sectors of State infrastructure, and more attacks are coming, according to the chief information officer with the Health Service Executive.

Richard Corbridge, addressing a group of 100 business leaders on Thursday in relation to cybersecurity and the digital future of healthcare, said attacks like the one that struck the HSE last weekend will recur.

“There will be more cyber threats,” he said. “There will be more issues. My own gut feeling is that health is now a target across the world because we can’t really afford to lose data. One country lost 60 per cent of its GP records. That’s kind of terrifying.

“We’ve got to deal with this by explaining to people how relatively easy it is to cripple whole parts of countries.

“We took the decision to protect our clinical systems way above [the issue of] keeping people on email. But cyber threats are now here to stay. Unfortunately health has now become a relatively easy target, which is a sad state of affairs.”

The National Cyber Security Centre in the Department of Communications is the State agency charged with network and information security. A senior official there said yesterday that progress was being made in shoring up key infrastructure, but it was uncertain how the State would fare in the event of a sophisticated attack.

“In terms of the very high-end, targeted attacks on critical infrastructure, which are very rare but do happen, we don’t know,” he said. “We know the major operators in very security-sensitive, heavily connected areas spend an awful lot of time and money on this, particularly in aviation and energy, [but] we don’t know much more than that.”

Heavy recruiting

On resources, he said more are coming and that the National Cyber Security Centre is currently “recruiting very heavily” but that the State is starting from a low base.

“We’re unusual in that we don’t have a national security authority, like a secret service-type thing,” he said. “We also don’t have a GCHQ [the UK’s cyber intelligence agency] equivalent. So, we don’t have a springboard to start from. We don’t have a legislative base yet either. We need legislation.”

Some legislation, which mainly deals with data protection, is on the way and will give more teeth to the centre, and the Government is also working to implement the network and information systems directive, which is the first piece of EU-wide legislation on cyber security.

“It covers critical national infrastructure,” he said. “There’s a list the directive sets out of the sectors we have to look at, such as energy, transport, drinking water supply, financial markets and banking.

“Those sectors will have to take measures, which will be set out in secondary legislation, to secure their infrastructure. In many cases, it will just be what they’re doing already. In some cases, there will be bigger changes.

“This gives the public confidence that the services they rely on for their economic and social activities will work. They’re not an absolute solution. We’re not saying nothing can ever happen if you do these things, but it gives a degree of confidence.”