Opinion: Cyber attack exposes vulnerabilities

The cyber attack on the Health Service Executive’s IT systems last week was one of the most cold-hearted acts of recent times.

What type of person or people would target a country’s health system at a time of pandemic when everyone is working so hard to take pressure off our healthcare workers to ensure hospital beds are free for those who most need them?

The areas most affected by this attack are radiology, diagnostics, oncology, maternity and patient administrations services, we’re being told. But the HSE has some 2,000 patient facing systems and 80,000 devices – all of which had to be shut down last Friday morning when the attack came to light. With 14,000 outpatient appointments in acute hospitals every day, that’s a lot of people affected. Although credit to the staff at the Cavan Monaghan Hospital Group, who managed to keep most of those appointments as scheduled.

There has been a wider impact too – with laboratory systems down, general practitioners are being asked not to send samples to labs unless urgent. The only small mercy is the Covid vaccination programme is largely unaffected as it is operated on a separate system.

The people behind this attack have caused untold chaos in our public health system and it’s expected to take weeks to fully repair the damage caused and restore data.

How can they live with themselves? There are people today whose diagnosis and treatments are being delayed because of this attack – people with life-threatening illnesses and this cyber attack and subsequent delays are reducing their chances. It’s disgusting.

Make no mistake – the people responsible for this are among the best in the world at what they do – to be able to take down a country’s health service in this way. It begs the question: If something like this can happen to a government department or agency, which has some of the best IT security systems and protections in place and the top experts at its disposal; what hope is there for the rest of us?

The business world largely operates online – everything is online now from payroll and banking to data and information transfer to the operating systems of all types of industry.

People can pay their bills online, book their flights online, apply for their passports online, turn their heating on from their phones. Their lives are online – on their phones in their pockets.

It just goes to show how vulnerable we are. While the digital era has opened up endless possibilities, there are risks too.

Could one’s bank accounts be emptied in a millisecond and their money disappear in a cyber trail that’s impossible to follow? Could someone’s identity be stolen just as easily?

The attack this week reminds us all – as business people and as consumers – to back up all our information and systems and to review our security. Are your anti-virus software and firewalls up to date? Have you encrypted sensitive information? When is the last time you changed your passwords?

It’s an exercise worth doing. Meanwhile, as health workers are due to be paid tomorrow and systems remain down, it should serve all a stark reminder of the importance of being as vigilant online as you would in the real world. Afterall, you wouldn’t leave your wallet open and unattended in a public place! Meanwhile, the government is in a difficult position. Should they, like many private companies do, weigh up the ransom demand with the cost of the fallout and pay up?

Minister for eGovernment, Ossian Smyth, has said that no ransom will be paid and the cyber attack will be treated as a GDPR incident.

It’s the right call. It might be worth it in monetary terms but what signal would paying send out? They simply cannot pay it or it would be the end of the government and would only encourage further attacks. Surely, those behind the attack would have known that.

“This criminal gang were targeting different elements and were spending time investing, aiming for a body that they know was under stress at that moment when they were focusing on the pandemic and that resources were allocated away from security. It was a targeted criminal attack of the worst kind,” said Minister Smyth.

Indeed it was. But it begs another question – what was the motivation for this attack if not monetary?

It’s difficult to know but, once systems have been restored, there must be a great emphasis on cyber security across the public sector.