The HSE’s decision last Friday (May 12th) was to shut down all external access to its IT Network was taken with the primary focus of protecting clinical services and ensuring minimum disruption to patients and service users.
The HSE is now reviewing its response and processes thoroughly to better understand the threat posed since last Friday and to ensure that lessons can be learned from the events of the past few days. So far this review has revealed that the threat posed through the number of “attack attempts” was significant. Initial results indicate that one major hospital had over 5,000 cyber-attack attempts between Friday (12th) and Saturday (13th). Over the weekend the HSE discovered a number of key sites that had the “wannacry” toolkit on machines. However, the work done by the team prevented this toolkit converting into the ransom ware and causing the designed level of disruption.
The HSE has already commenced the technical activity to re-connect the external access to the network including email services. The HSE will continue to scan all queued traffic to the network to protect against any infected e-mails that may remain unopened in the system.
All clinical information systems were re-booted on Tuesday May 16th to ensure they are fully up to date with software that protects them from the most recent cyber threats.
The Chief Information Officer for the HSE, Mr Richard Corbridge noted: “The heightened vigilance and ramped up security measures implemented by the HSE’s Office of the CIO over last weekend prevented the “ wannacry” virus from having the same kind of effect seen throughout the world over the last few days. While the threat has abated for now, the team remains on a high state of alert for additional ‘attack attempts’ on the HSE network.”