The National Cyber Security Centre (NCSC), the Health Service Executive (HSE) and a number of hospitals and pharmaceutical providers have participated in a large-scale European cyber exercise. Cyber Europe 2022, organised by the European Cyber Security Agency (ENISA), saw participation from 29 countries and over 800 cyber security experts. The exercise tested participants’ response to a simulated major cyber-attack on health services and infrastructures in Europe.
Taking place over two days the exercise assessed participants’ ability to respond to disinformation campaigns and cyber-attacks targeting European hospital networks, which have risen in recent times. The exercise involved a simulated scenario whereby a cyber-attack escalated into an EU-wide cyber crisis, with the threat of personal medical data being released.
Commenting on the Cyber Exercise, the NCSC’s Head of Engagement, Joseph Stephens, said, “the scenario developed by ENISA was realistic, but also complex and challenging. Having dealt with a real-life cyber incident affecting the health sector – during the HSE ransomware attack in 2021 – the NCSC was well placed to deploy a lot of the lessons learned. The scenario, which involved serious attacks across the entire EU, also allowed us to exercise and coordinate with our partners through EU Cyber Crisis Networks, leaving us better prepared to collaborate during any real-life situations.”
A detailed analysis will now take place, following the exercise, to identify any gaps or scope for further capacity-building. The After Action Report findings will serve as a basis for future guidance and further enhancements – to reinforce the resilience of the healthcare sector against cyber-attacks in the EU.
The Irish organisations that participated in this ‘Cyber Europe’ exercise were the: National Cyber Security Centre (NCSC); Department of Health; Health Service Executive (HSE); Mater Misericordiae University Hospital; St James’s Hospital; National Ambulance Service; Irish Blood Transfusion Service (IBTS); St Vincent’s Healthcare Group; and Marken.