Cybersecurity

Question 1

What is cybersecurity?

Answer 1

Cybersecurity is an essential component of data protection in healthcare.

Question 2

What does cybersecurity involve?

Answer 2

Safeguarding digital systems and data against breaches or attacks.

Question 3

Why are healthcare organizations prime targets for cyberattacks?

Answer 3

Due to the sensitive and valuable nature of medical data.

Question 4

What can cybersecurity breaches disrupt in healthcare?

Answer 4

Lab operations, delay diagnoses, and harm patients.

Question 5

Name a common cybersecurity threat.

Answer 5

Ransomware.

Question 6

What was the HSE Cyberattack in 2021?

Answer 6

An unprecedented ransomware cyber attack on May 14, 2021.

Question 7

What ransomware was used in the HSE Cyberattack?

Answer 7

Conti ransomware.

Question 8

What was the financial demand made during the HSE Cyberattack?

Answer 8

$20 million.

Question 9

How much data was stolen during the HSE Cyberattack?

Answer 9

700 Gigabytes.

Question 10

What percentage of laboratory services were running after the HSE Cyberattack?

Answer 10

10%.

Question 11

What are best practices for cybersecurity? List any two.

Answer 11

• Use strong passwords and multi-factor authentication.
• Encrypt sensitive data.

Question 12

Fill in the blank: Cybersecurity breaches can disrupt lab operations, delay ______, and harm patients.

Answer 12

diagnoses

Question 13

True or False: Phishing emails are a common cybersecurity threat.

Answer 13

True

Question 14

What immediate impacts did the HSE Cyberattack have on healthcare institutions?

Answer 14

• Loss of access to patient information systems.
• Clinical care systems.
• Laboratory systems.

Question 15

What should be done if suspicious activity is detected?

Answer 15

Report suspicious activity immediately.

Question 16

How many computers were shut down across the HSE during the cyberattack?

Answer 16

85,000.

Question 17

What was the disruption caused by the HSE Cyberattack to appointments and treatments?

Answer 17

Appointments and treatments were delayed.

Question 18

What percentage of outpatient appointments were affected by the HSE Cyberattack?

Answer 18

12,000 outpatient appointments affected.

Question 19

What process was activated in response to the 2021 cyber attack on HSE?

Answer 19

Activation of Critical Incident Process

This process is essential for managing significant incidents impacting operations.

Question 20

List the first step taken in response to the cyber attack.

Answer 20

Shut down IT systems and disconnected the National Health Network (NHN) from the internet

This was a crucial step to contain the attack.

Question 21

Which organizations were involved in the response to the cyber attack?

Answer 21

• Garda National Cyber Crime Bureau
• Interpol
• National Cyber Security Centre (NCSC)

These organizations provided support and expertise in cyber security.

Question 22

What methods of communication were used during the cyber attack?

Answer 22

• Phonecalls
• Faxes
• Handwritten reports
• Handwritten requests

Communication methods had to adapt due to the IT system shutdown.

Question 23

What challenges did staff face during the attack?

Answer 23

• Strain due to manual processes
• Use of pen and paper for patient treatment
• Backlogs in clinical and administrative tasks
• Timing coincided with the COVID-19 pandemic

These challenges compounded the difficulties faced by healthcare staff.

Question 24

What were the objectives of the cyber attack on HSE?

Answer 24

• Disrupt health services
• Steal data
• Demand ransom for stolen data and decryption

Understanding these objectives helps in assessing the impact of such attacks.

Question 25

Did the Irish Government and HSE pay the ransom demanded during the attack?

Answer 25

No ## Footnote Declining to pay ransom is a common stance to discourage further attacks.

Question 26

How long did the recovery from the cyber attack take?

Answer 26

Over four months ## Footnote This duration reflects the complexity of restoring services after a significant cyber incident.

Question 27

What was one of the key findings from the post-incident review?

Answer 27

Need for significant improvements in HSE’s technological infrastructure ## Footnote This finding emphasizes the importance of robust technology in healthcare.

Question 28

How many tactical and strategic steps were recommended in the post-incident review?

Answer 28

245 ## Footnote These steps aim to enhance the overall resilience and security of HSE.

Question 29

What focus areas were identified for improvement in the post-incident review?

Answer 29

* ICT and cybersecurity * Clinical and operational resilience * Project management ## Footnote Addressing these areas is critical for preventing future incidents.

Question 30

What does the cyber security statement of strategic intent focus on?

Answer 30

Implementing the Post Incident Review (PIR) recommendations from the 2021 cyberattack

Question 31

What is outlined in the cyber security statement regarding the HSE’s programme?

Answer 31

The vision and guiding principles for the next three years

Question 32

What type of approach does the HSE aim for in strengthening its cyber capability?

Answer 32

A coordinated and holistic approach

Question 33

What does the HSE's cyber strategy respond to?

Answer 33

The everchanging cyber environment

Question 34

What are the key strategic imperatives for HSE's cyber security?

Answer 34

Investments in: * Cyber technology * Security culture * Secure business practices * Staff behaviours at home and work

Question 35

What has been set as the target maturity level for HSE cyber security?

Answer 35

To build a more secure future for the Irish healthcare system

Question 36

What is the cornerstone of the health information system?

Answer 36

Data

Question 37

What does good quality interconnected data require?

Answer 37

A secure cyber assured environment

Question 38

What is effective data management about according to the HSE?

Answer 38

Ensuring the confidentiality, integrity, and availability of patient data

Question 39

What must the HSE comply with regarding data management?

Answer 39

All applicable data protection, privacy, and security legislation and regulations

Question 40

What culture does the HSE aim to foster?

Answer 40

A culture of honesty, compassion, transparency, and accountability

Question 41

What does the Data Protection Policy set out for the HSE?

Answer 41

Requirements on the protection of personal data and measures to protect the rights of data subjects

Question 42

How should personal data be treated according to the HSE?

Answer 42

With strict confidentiality and only for its intended purpose

Question 43

What must be ensured when using anonymized data?

Answer 43

Identifiable data must be removed

Question 44

What rights must be balanced with public interest?

Answer 44

The right to privacy of individuals

Question 45

What action can the HSE take against individuals breaching policy conditions?

Answer 45

Take appropriate action as deemed necessary

Question 46

What may happen to HSE staff who breach the policy?

Answer 46

Subject to disciplinary action as provided by HSE disciplinary procedure

Question 47

What accountability may arise from reckless behaviour or failure to report a breach?

Answer 47

The person responsible may be held accountable