Hackers accessed the HSE system eight weeks before the attack
Cyber attackers who hacked into the Health Service Executive computer system had gained access to the system eight weeks before it detonated the malware.
A report from PwC revealed that there were several “missed opportunities” after opening a phishing email allowing the attacker to gain access to the system, which caused devastating disruption to the services of health.
He revealed that the HSE was running on a fragile IT system and did not have cyber expertise or appropriate resources.
A forensic examination of the hacker’s activity showed that relatively well-known techniques and software were used to carry out the attack.
The attacker first entered the system when a phishing email was opened on a computer on March 1.
Over the next eight weeks, he compromised a significant number of servers and accessed a number of accounts with high procedural levels.
Meanwhile, a number of hospitals have reported malicious activity, but the significance of the activity has been ignored.
The conti ransomware exploded in the early hours of May 14.
The HSE has shut down all of its computer systems and a “war room” has been set up in a building on Molesworth Street in Dublin and a “physical situation center” has been set up at Citywest.
PwC said the HSE was operating on a fragile IT infrastructure that had lacked investment for many years to maintain a secure infrastructure and lacked the cybersecurity required to protect the functioning of healthcare services.
He also said he lacked the expertise and resources to detect, prevent or respond to a cyber attack of this magnitude.
He recommended the creation of two new key roles – a technology and transformation manager and an information security manager – as well as 24/7 oversight.
He said: “The HSE does not have a single owner responsible for cybersecurity at the senior or executive level to provide leadership and direction.
“This is highly unusual for an organization of the size and complexity of HSE that relies on technology to perform critical operations and manage large amounts of sensitive data.”
The report found that the HSE only had 15 full-time equivalent employees in cybersecurity roles, and “they lacked the expertise and experience to perform the tasks expected of them.”
HSE Managing Director Paul Reid said: “We have launched a series of immediate actions and we will now develop an implementation plan and business case for the investment to strengthen our resilience and responsiveness. in this domain “.
In a statement, the HSE said it has implemented a number of high-level security solutions to address the issues raised in the report.
These include a range of new cybersecurity controls, surveillance measures and threat intelligence based on the best advice from international experts.
Speaking on RTÉ’s News at One, HSE chief Paul Reid said that 50 incidents treated as potential cyber attacks are identified in the HSE system each week.
Mr Reid said he acknowledged that the May cyberattack was not “identified at the level it should have been”.
Speaking on RTÉ’s News at One, Mr Reid said: “In reality, we go through our network, it is probably, most definitely, the largest network in the state – the HSE network.
– RTÉ News (@rtenews) December 10, 2021
“It’s a very fragmented network and we would definitely see about 50 incidents over the course of a week that would be identified and treated as potential cyber attacks.
“But obviously in this one, the importance of it has not been addressed at the level it should have been, or identified at the level it should have been, and we openly acknowledge that and that is our release of the report today. “
He added that the HSE had not waited for its release and had taken “a series of immediate actions” to strengthen network security and surveillance.