Security News > 2022 > February > On the Irish Health Services Executive Hack
The HSE did not have a Chief Information Security Officer or a "single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.
Under-resourced Information Security Managers were not performing their business as usual role but were working on evaluating security controls for the COVID-19 vaccination system.
Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated.
There was no security monitoring capability that was able to effectively detect, investigate and respond to security alerts across HSE's IT environment or the wider National Healthcare Network.
The initial breach came after a HSE staff member interacted with a malicious Microsoft Office Excel file attached to a phishing email; numerous subsequent alerts were not effectively investigated.
PwC's crisp list of recommendations in the wake of the incident as well as detail on the business impact of the HSE ransomware attack may prove highly useful guidance on best practice for IT professionals looking to set up a security programme and get it funded.
News URL
https://www.schneier.com/blog/archives/2022/02/on-the-irish-health-services-executive-hack.html