HSE cyber-attack webinar: Follow-up summary

In the aftermath of the ransomware attack on the Irish national health service,  SPHINX synergised with CUREX and PANACEA, sister EU-funded projects, to organise a webinar on Wednesday, 9 February 2022, presenting how their solutions could be used both to prevent such attacks and mitigate their impacts. The event’s context described the cyberattack on Irish healthcare as a wake-up call for the medical organisations in Europe to pay more focus on measures to improve their cyber resilience, as the cyber attack, which took place in May 2021, had a lasting impact during early 2022.

The webinar opened with a welcome from Dr Med Sabina Magalini, Senior Surgeon at Gemelli University Hospital and Coordinator of PANACEA, giving an overview of the drivers behind this joint event, highlighting the need to take action now on cybersecurity with the involvement of top management. Dr Reza Razavi, Senior Research Programme Officer for EU Policies, Communications Networks, Content and Technology (DG CONNECT), shared insights regarding the European Commission’s priorities on cybersecurity that include research and innovation to increase trust and security in the healthcare sector. Dr Rzavi also commented on the new cyber security strategy, which is aimed at boosting cooperation, knowledge and capacity sharing at the European level.

Peter Daly, COVID Project Manager and Helen Coughlan, Chief Technology Officer of the Health Executive Service (HSE) narrated how the ransomware attack unfolded, stressing the scale across Ireland with 54 hospitals and over 4000 workstations and servers, which were brought down by the attack, affecting public health services, from primary care, ambulance services to lab tests, among others. This session stressed the importance of balancing services and regulations, measures for critical situations, as well as continuously raising awareness of the risks across the organisation.

The following session was dedicated to the applicability of the tools developed by the 3 projects in the context of the HSE attack. Pasquale Mari, Deputy Coordinator of PANACEA, presented a joint catalogue on how CUREXPANACEA and SPHINX could have been used to prepare HSE staff and avoid the attack while mitigating its impacts. The catalogue was grouped around diverse functions, like data sharing and access controls, evaluation, validation, certification, knowledge collection and system monitoring, training and awareness, where the tools can be used in standalone or as combined solutions.  The three project coordinators then took the floor elaborating more ontheir specific solutions: Christos Xenakis, Professor at University of Piraeus (CUREX), Christos Ntanos, Senior Researcher, National Technical University of Athens (SPHINX) and Sabina Magalini (PANACEA), explained how the projects’ solutions can be used to avoid or minimise the impacts of similar attacks and ensure continued care within healthcare organisations as critical for patient wellbeing.

The final keynote was given by Maria Papaphilippou, Cybersecurity Officer at the European Union Agency for Cybersecurity (ENISA), who shared the Agency’s knowledge on cybersecurity in healthcare and highlighted dedicated reports and best-practice guidelines produced by the Agency. Her talk spotlighted the NIS directive, the network and information security directive, used to introduce the baseline cybersecurity requirements of essential services relying on information and communication technologies, as well as the Medical Devices Regulation (MDR), which defines the safety, security and IT security requirements, and introduces novelties relating to cybersecurity.

The webinar concluded with a panel discussion on the main takeaways and calls to action. First, the panellists shared their common perception that cybersecurity is only an IT issue but that it should be organisation-wide involving all relevant processes, procedures and policies. What is more, the projects Coordinators underlined the importance of increasing the number of dedicated training, organisational structures and investments in cybersecurity, as equal parts of the health sector defence against malicious cyber actors, thus enabling medical organisations to deploy the right resource, skills and competences. Finally, the project Coordinators steered the focus on the new solutions stemming from research and innovation actions.

The recorded webinar is available to watch on-demand at PANACEA’s official YouTube channel.