Last week, the Irish Health Service Executive (HSE) suffered a cyber attack which forced a temporary shutdown of its IT systems. This caused huge disruption across the service. Following the attack, patients’ personal and medical information was shared online and a ransom demand was made. Taoiseach (Irish PM) Michéal Martin has said the state will not give in to the cyber criminals’ demands.
It is every organisation’s worst fear and the Irish Health Service Executive is certainly not the first to fall victim. The attack on the HSE came just days after UK Foreign Secretary Dominic Raab warned about the potential harm of ransomware attacks. The impact of this attack serves as a reminder of how serious they can be. After a year of proving its resilience under immense pressure, the HSE is now faced with sudden cancellation of outpatient visits and clinics.
Unfortunately, this attack is not surprising and a growing number of organisations are being targeted. The public sector is a potential gold mine for cyber criminals. Medical records and personal information are valuable targets, enabling identity fraud and broader financial crime. In this case, the state of the HSE’s IT systems only made matters worse, with thousands of entry points giving criminals a large attack surface area.
It is highly possible this attack started with one employee clicking on a corrupted link or email attachment. Individuals’ natural curiosity or self-doubt can be exploited by cyber criminals, enabling them to break through sound defences and security protocols. To prevent such incidents happening, people need more effective support to improve their awareness of cyber threats and reduce their cyber risk.
Following this attack, it’s crucial that all public sector organisations take steps to raise awareness of cyber threats. Moving beyond one-off security training, an effective strategy will ensure employees are consistently supported to recognise cyber threats and reduce their cyber risk. After all, 90 per cent of data breaches can be attributed to human error. To prevent attacks in the future, we need to recognise this and empower people to improve their own behaviour and habits online.