St James’s Hospital in Dublin has “continuously” sought more funding to mitigate cybersecurity risks. However, it had received “limited” support from the HSE to date, outlined its statement of internal control for 2023.
The hospital continued to “monitor the area closely within its own operations”, according to the statement signed by the board in November 2024.
St James’s, which has an electronic patient record system, is the largest acute academic teaching hospital in Ireland. A spokesperson told the Medical Independent: “St James’s Hospital is continuously evaluating and improving its cyber risk mitigation strategies to the fullest extent possible, given the available funding and resources. As an Operator of Essential Services, we are required to assess our preparedness against the European Commission’s network and information systems (NIS) 1 controls, which we continue to use to prioritise activities, until such time as the NIS2 controls are formally agreed.
“The funding requests to the HSE in relation to cyber span multiple technologies and workstreams. To date we have received once-off funding to cover some of our asks, such as the adoption of cloud technology and upgrades to a number of legacy systems. We have not been subject to any recent attacks involving more common ransomware or data breaches.”
‘Common ransomware’ refers to types of malicious software that typically encrypts files and lock users out of their systems.
The hospital’s statement of internal control for 2020 (signed in November 2021) reported that the HSE cyberattack had impacted the hospital, in particular the finance system which is a national system directly linked to the HSE.
“The hospital was able to avail of continuity arrangements through offsite processing, and while this exercise was quite slow in spells, all existing controls in the system were still operational.”
Leave a Reply
You must be logged in to post a comment.