HSE 'sitting duck' for cyberattacks

Health data is 'No 1' target as information sold on Dark Web

'The Executive had already taken precautionary measures to protect its IT systems following the highly sophisticated attack on the NHS in the UK' (stock photo)

Mark O'Regan

The HSE could be a 'sitting duck' for a cyberattack unless it radically beefs up security to protect highly sensitive data which may be sold by criminals on the Dark Web.

It comes as a case of ransomware that has hit more than 120,000 computer systems in 99 countries worldwide was discovered in Wexford yesterday.

Experts isolated an infection at a voluntary organisation partially funded by the HSE and prevented it from spreading. The HSE is providing technical support but the infected system is not linked to its own IT network.

Read more:

The Executive had already taken precautionary measures to protect its IT systems following the highly sophisticated attack on the NHS in the UK.

It took the measure to cut its network off from external traffic yesterday to protect it from contagion.

UK hospitals, the Russian government, German railways and large companies such as FedEx were among those affected by the 'ransomware' assault that rapidly spread across the globe.

The HSE said there were approximately 1,500 devices believed to be vulnerable to threat. Anti-virus updates were being installed where necessary, but it was expected that this process and relevant testing would take a number of days. Taoiseach Enda Kenny described the global cyberattack as a very serious matter which was being monitored very closely by the authorities here.

Speaking to the Sunday Independent, cybersecurity expert Stephen Burke, CEO of Cyber Risk Aware, said ransomware was being quickly spread by a wave of "phishing" emails. These carry bogus attachments which infect computers once they are clicked on by unsuspecting users.

"Medical data is the most sought after by cybercriminals - it has the highest value in the Dark Web which is where this data is sold.

"Data is the new cash. It can lead to fake charity email scams being sent that target parents of sick children, encouraging them to make donations to false charities."

Mr Burke described those involved as "sick people" and pointed out that misuse of medical data could be used fraudulently in social welfare and other areas.

He said it was "not a question of if" the HSE was targeted but "a question of when".

Read more:

Due to the sensitive data held by the health authorities, they were in the "upper echelons" of state agencies at risk of attack.

"The HSE have firewalls in place that prevent certain things from getting through into the network.

"They have an email system that has a filter which tries to prevent spam from getting through. They may also have an anti-virus deployed to try and prevent malicious software from being installed on a machine. The problem with all those defences is that they're behind the times," said Mr Burke.

Technical defences alone would not adequately secure sensitive data held by State agencies, he added.

"These attacks are predominately targeting people - not systems directly. The criminals understand that humans are the weakest link, and that all it takes is for one person to click on an email attachment for them to get in."

Cybercriminals, he warned, were continuously adapting their techniques in order to penetrate even the most robust security systems.

They were also pooling resources and specialist expertise to target specific Government departments. "They have commercialised their operations."

He said different groups were pooling knowledge from specialists in different parts of cybercrime.

He also stressed it was crucial staff were "continuously" put through cybersecurity drills to ensure they had a "heightened sense of awareness of what's involved".

Read more:

"This raises accountability and responsibility so staff will think twice before opening attachments on emails."

He also stressed the importance of having an "incident response plan that is tested".

"You need to have the right people to make the vital decisions in the middle of a fire-fight."

Last Friday's rapid cyberattack saw large numbers of computers in 99 countries locked by the virus, which demands payment of a ransom for the files to be released. A form of so-called ransomware, the WannaCry virus, is based on hacking tools thought to have been developed by the US National Security Agency.