The HSE is “particularly struggling” to recruit nearly 200 cybersecurity officers due to a lack of applicants.
A year after the major cyber attack on the HSE, which cost the state around 100 million euros, the demand for IT experts has exploded.
An independent review of the attack by PwC found that the HSE was running on a weak computer system with insufficient cyber expertise or resources.
A key recommendation was the need to hire more IT staff. However, vacancies are increasingly difficult to fill.
An HSE spokesperson told the Irish Daily Mail that since the start of 2021, 490 new IT positions have been approved and funded. A total of 300 new IT professionals were recruited during this period, but the remaining 190 positions are vacant. He added: “The remaining positions include a wide range of IT specialties, including staff to work on cybersecurity issues.”
In a separate statement, the HSE said it faced “similar challenges to other organizations where recruiting top cybersecurity talent is a particularly difficult task in a tight job market where demand effortlessly exceeds the offer”.
PwC’s review of last year’s cyberattack noted that a chief technology and transformation officer, as well as a chief information security officer, are needed on a priority basis.
The HSE said these roles are being filled on an interim basis with permanent appointments likely to take several months.
The health department added that it is also upgrading the skills of existing staff members, using graduate admissions and internships as well as entering into cybersecurity partnerships.
National cybersecurity group Cyber Ireland said its report shows that 83% of companies will grow their cybersecurity teams over the next 12 months, but 60% of them have personnel-related issues. Dr Eoin Byrne, from Cyber Ireland, said: “This is something we need to address in collaboration with industry, academia and government to ensure we have a pipeline of cybersecurity talent. and that we are not dependent on attracting foreign talent.”
HSE chief Paul Reid said the health service had launched a number of actions to mitigate future cyberattacks, including new security checks and monitoring.
These immediate actions include a 24-hour monitoring service for HSE information systems, which is provided by an external service provider.
In March, IT experts warned of a credible cyberattack on Ireland after Russia invaded Ukraine.
Two weeks after its takeover attempt, the number of reported digital attacks worldwide jumped 25%.