The State’s cybersecurity body and the HSE took part in a European-wide simulated attack on health services this week — just over a year on from the start of the devastating real-life attack on HSE systems.
The National Cyber Security Centre (NCSC), together with the HSE and a number of hospitals and pharmacy companies, joined a large-scale simulation organised by the European Cyber Security Agency (ENISA).
Some 29 countries and more than 800 cybersecurity experts took part in the Cyber Europe event.
“The exercise tested participants’ response to a simulated major cyberattack on health services and infrastructures in Europe,” the Department of Communications said in a statement.
“Taking place over two days, the exercise assessed participants’ ability to respond to disinformation campaigns and cyberattacks targeting European hospital networks.
The exercise involved a simulated scenario whereby a cyber-attack escalated into an EU-wide cyber crisis, with the threat of personal medical data being released.
The Irish organisations which participated were the NCSC, the Department of Health, the HSE, Mater Hospital, St James’s Hospital, the National Ambulance Service, the Irish Blood Transfusion Service and St Vincent's Healthcare Group.
“The scenario developed by ENISA was realistic, but also complex and challenging," said NCSC head of engagement Joseph Stephens.
Having dealt with a real-life cyber incident affecting the health sector, during the HSE ransomware attack in 2021, the NCSC was well placed to deploy a lot of the lessons learned.
“The scenario, which involved serious attacks across the entire EU, also allowed us to exercise and coordinate with our partners through EU Cyber Crisis Networks, leaving us better prepared to collaborate during any real-life situations.”
The department said a detailed analysis will now take place to identify “any gaps or scope for further capacity-building”.
It said the findings will serve as a basis for future guidance and to “reinforce the resilience” of the healthcare sector against cyberattacks in the EU.
Europol, the EU police agency, and the European Medicine Agency also took part in the exercise.
“The complexity of our challenges is now proportionate to the complexity of our connected world," said ENISA executive director Juhan Lepassaar.
"This is why I strongly believe we need to gather all the intelligence we have in the EU to share our expertise and knowledge.
“Strengthening our cybersecurity resilience is the only way forward if we want to protect our health services and infrastructures and ultimately the health of all EU citizens.”