HSE Cyber Security Head: Attackers are «Professionally Run Organisations» Five Years After Major Breach

Neal Mullen, the Health Service Executive's (HSE) head of cyber security, states that today's cyber hackers are «professionally run organisations with HR departments, away days, and bonuses.» This comes five years after the HSE suffered the largest cyber attack in Irish State history, triggered by a phishing email from the Russian-based Conti group, which led to a system-wide shutdown.

Mullen, who became Chief Information Security Officer in 2024 following a report recommending an overhaul of cyber security, notes his team has grown from under 10 to 70 members. He is confident that a similar-scale attack now would have a considerably smaller impact, with faster response and recovery times. However, the threat remains greater than ever, with attackers becoming more sophisticated, leveraging AI for curated phishing emails.

Consultant Oncologist Professor Seamus O'Reilly recalled the profound impact on cancer patients whose test results and treatment plans became inaccessible. While acknowledging improvements, he warned of continued vulnerability. Ronan Murphy, a cyber security expert from Smarttech 247, called the 2021 attack «one of the most defining cyber incidents Ireland has ever faced.» The attackers provided a decryption key a week after demanding a ransom, a move whose reason remains unclear, though Murphy believes the Irish Government contacted the Kremlin. The HSE continues to manage fallout from compromised patient data.