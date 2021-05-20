



HSE internal audits had identified a number of cyber security issues related to application password protocols and secure access management. The Irish Health Service (HSE) executive was warned of a number of cyber security vulnerabilities by internal audits in 2018 and 2019. Its 2018 annual report said internal audits identified “weaknesses in the area of ​​security controls in parts of the domain, including application password protocols and secure access management”. The HSE suffered a serious cyber attack last week, which forced the health service to shut down its IT systems and caused widespread healthcare disruption across the country. Yesterday (May 20), the Financial Times reported that hackers had leaked personal data online, demanding a ransom of $ 20 million. While the HSE has said it will take “many weeks” to assess the full impact of the attack and restore IT systems, previous annual reports indicate that a number of vulnerabilities in security systems were noted. The 2018 report said vulnerabilities were identified in some of the areas audited in disaster recovery protocols, particularly in relation to outdated and legacy systems. The 2019 report identified the same issues and said the Office of the Chief Information Officer was committed to improving controls related to cyber security. Speaking to RT Today’s Today with Claire Byrne, Daragh Ó Briain, managing director of the infectious enterprise Castlebridge, said it would be more worrying if security issues were not noted in previous reports, as this would indicate “a point of big blind “in terms of looking at cyber security risks. He added that what is important are the actions taken to mitigate such risks. The 2019 report described a number of programs that were in the process of managing vulnerabilities, including an update to Windows 7, which stopped receiving critical updates and fixes from Microsoft in January 2020. At the time, the HSE confirmed that the health service still had 46,000 Windows 7 devices on its network of 58,000 computers. Other update plans outlined in the 2019 report included migrating to a single digital identity for staff, which had begun and distribution would continue through 2020 and 2021. According to The Irish Times, an HSE spokesman said a multi-year spending program on each of the measures the HSE listed in its annual reports aimed at managing vulnerabilities “is in progress”. In a statement yesterday, the HSE said it expects to begin to see “some early signs of recovery at some sites in the coming days”.

