The Irish Times view on the health service cyberattacks: urgent questions to be answered

Irish security experts have long expressed concerns about Ireland’s level of preparedness against cyberattacks

The Rotunda Maternity Hospital on Parnell Square, Dublin, was forced to cancel some appointments due to the cyber-attack on the HSE. Photograph: Colin Keegan/ Collins Dublin

The Rotunda Maternity Hospital on Parnell Square, Dublin, was forced to cancel some appointments due to the cyber-attack on the HSE. Photograph: Colin Keegan/ Collins Dublin

 

The debilitating ransomware cyberattacks on the information technology systems within the HSE and Department of Health, while dramatic and shocking, are far from unexpected. Since the start of the pandemic, attacks on healthcare systems worldwide have ramped up significantly. There was never any reason to believe Ireland would escape this alarming trend.

The risks for the healthcare sector had grown so significantly by last October that the FBI and two US government agencies issued an unusual joint alert warning of an “increased and imminent cybercrime threat to US hospitals and healthcare providers”. The alert pinpointed data theft and disruption of services as the likely intent – the apparent goal of the Irish attacks as well.

A study by IBM X-Force released at the start of this year found that healthcare cyberattacks more than doubled in 2020. Ransomware attacks constituted over a quarter (28 per cent) of healthcare cyberattacks. Experts believe that healthcare attacks have probably increased because the pandemic has placed severe pressure on healthcare organisations.

Because health information is among the most private and sensitive data associated with individuals, it is a particularly rich trove to target in a cyberattack. Both healthcare providers and patients will be anxious about its exposure. And any system breach that can halt or slow the delivery of healthcare is a crippling blow – especially right now, in overburdened healthcare systems struggling to catch up on a backlog of patient treatment needs while simultaneously managing Covid patients and running national test, trace and vaccination efforts.

This breach emphasises the need to conduct a thorough security assessment across all State organisations

While the full scope of the attacks is not yet clear, it’s readily apparent just how damaging these system breaches can be. The HSE has acknowledged that its core patient management and radiology systems are incapacitated. Urgent radiation treatments have been postponed. Maternity and other appointments have been cancelled and must be rescheduled. Even if the HSE and the Department of Health can reassemble records and restore system data from backups, they the further threat that the attackers will leak data publicly or on to the dark web’s data markets.

With so many aspects of healthcare managed digitally, organisations face significant challenges to prevent or limit the damage from cyberattacks. But the State faces many urgent questions now regarding its current prevention and mitigation strategies. For many years, Irish security experts have expressed concerns about Ireland’s level of preparedness against cyberattacks of all types. This breach emphasises the need to conduct a thorough security assessment across all State organisations, and make any needed investments in security systems and training.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.