Select Page

Ransomware attack on the Irish Health Service Executive

CYBSAFE-SebDB Webinar-preblog-221011MS-36

26 May 2021

Last week, the Irish Health Service Executive (HSE) suffered a cyber attack which forced a temporary shutdown of its IT systems. This caused huge disruption across the service. Following the attack, patients’ personal and medical information was shared online and a ransom demand was made. Taoiseach (Irish PM) Michéal Martin has said the state will not give in to the cyber criminals’ demands.

It is every organization’s worst fear and the Irish Health Service Executive is certainly not the first to fall victim. The attack on the HSE came just days after UK Foreign Secretary Dominic Raab warned about the potential harm of ransomware attacks. The impact of this attack serves as a reminder of how serious they can be. After a year of proving its resilience under immense pressure, the HSE is now faced with sudden cancellation of outpatient visits and clinics. 

Unfortunately, this attack is not surprising and a growing number of organizations are being targeted. The public sector is a potential gold mine for cyber criminals. Medical records and personal information are valuable targets, enabling identity fraud and broader financial crime. In this case, the state of the HSE’s IT systems only made matters worse, with thousands of entry points giving criminals a large attack surface area. 

It is highly possible this attack started with one employee clicking on a corrupted link or email attachment. Individuals’ natural curiosity or self-doubt can be exploited by cyber criminals, enabling them to break through sound defences and security protocols. To prevent such incidents happening, people need more effective support to improve their awareness of cyber threats and reduce their cyber risk.

Following this attack, it’s crucial that all public sector organisations take steps to raise awareness of cyber threats. Moving  beyond one-off security training, an effective strategy will ensure employees are consistently supported to recognise cyber threats and reduce their cyber risk. After all, 90 per cent of data breaches can be attributed to human error. To prevent attacks in the future, we need to recognise this and empower people to improve their own behavior and habits online.

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

Maximizing security awareness engagement: How the pros do it

Maximizing security awareness engagement: How the pros do it

Ditch mandatory training, starting riiiight…now!Want to boost security awareness? Talk about something else entirelyGet serious about funThe top mic-drop insights from our Cybersecurity Awareness Month engagement webinar We know people whose organizations make a big deal of CAM are much more...