Sir, – You report that at a press briefing the chief executive of the HSE Paul Reid was asked about weaknesses found in the HSE's computer systems which were flagged in its annual reports in 2018 and 2019 ("Pandemic affected efforts to improve HSE's cybersecurity", News, May 21st).
Mr Reid responded that the investigations which found the vulnerabilities were initiated by the HSE, that he was glad the HSE did identify cybersecurity as a risk, and that he was pleased it was identified on its risk register.
Mr Reid is easily pleased.
The HSE and related agencies hold and are guardians of some of the most sensitive personal data imaginable. It would be extraordinary if it did not identify cybersecurity as a risk and if it did not go through the box-ticking exercise of including it on its risk register.
:fill(white):background_color(white)/static.themebuilder.aws.arc.pub/irishtimes/1647534191476.png)
The critical question is what the HSE did about cybersecurity having pleased its CEO by identifying it as a risk.
At the last count in March, the HSE had in excess of 2,000 personnel in executive and senior management positions. Who among these was responsible for actually doing something about the cybersecurity risks identified by the HSE’s internal processes? – Yours, etc,
PAT O’BRIEN,
Rathmines,
Dublin 6.