HSE cyber security deemed ‘frail’ and ‘outdated’ just days before Coombe Hospital attack

The report, commissioned by the HSE, was conducted by PWC and published on December 3rd, just days before a cyber attack on a Dublin maternity hospital.

Today, The Coombe Women & Infants University Hospital confirmed that they were the target of a hacking which took place overnight.

In a statement, the hospital said that they are working with the HSE to resolve the issue and have locked down all their IT systems as a precaution.

“We wish to reassure all of those accessing our services that these services are continuing as normal," The Coombe said in a statement.

“We have locked down all our IT systems on a precautionary basis and are working closely with the HSE to resolve this matter. “

The PWC investigation revealed: “The national health service is operating on a frail IT estate with an architecture that has evolved rather than be designed for resilience and security,” recommending that the HSE need to create a system that is “resilient and future-fit.”

The review found that the infrastructure in place does not have the required cybersecurity capabilities to protect the large operation that is the health service and the data they process “from the cyber attacks that all organisations face today.”

“It does not have sufficient subject matter expertise, resources or appropriate security tooling to detect, prevent or respond to a cyber attack of this scale,” it was reported.

Further to this, the review found that the HSE does not have any cybersecurity in place that can detect and prevent ransomware attacks, such as the one that occurred earlier this year.

It was also found that the computer on which the attacker “gained their initial foothold” did not have antivirus updates for over a year.

“The low level of cybersecurity maturity, combined with the frailty of the IT estate, enabled the attacker in this Incident to achieve their objectives with relative ease,” the report reads.

It also told of how easy it would have been for the attacker to infiltrate the network without detection.

“The attacker was able to use well-known and simple attack techniques to move around the National Health Network, extract data and deploy ransomware software over large parts of the estate, without detection.”

When it came to the software being used by the HSE, it was found that the HSE has over 30,000 outdated Windows 7 systems running on workstations, despite Windows 7 being deemed ‘end of-life’ by Microsoft almost two years ago in January 2020.

They were advised to upgrade computers to Windows 10 in a bid to address known vulnerabilities and support issues with their current operating system.

The review advised that the HSE implement 11 immediate actions including appointing an interim senior leader for cyber security, establishing an executive level cyber security committee and a board committee.

They were also advised to plan a multi-year cyber security transformation programme.

Following, The Coombe attack, the HSE said several systems in the hospital were impacted and as a result The Coombe has been disconnected from the National Health Network.

"We are aware of a ransomware attack on IT systems at The Coombe. This has impacted several systems in the hospital," a spokesperson said.

"HSE teams are working with colleagues in The Coombe. At this point we have not seen evidence of an impact external to the Coombe Hospital but we are continuing, with external support, to assess whether there is any broader impact. "

An Garda Síochána are also aware of the incident and are liaising with the National Cyber Security Centre (NCSC) and The Coombe Hospital.