HIQA to spend €150,000 on cyber security review

HIQA is planning to spend at least €150,000 on a new security review aimed at preventing cyber-attacks on its systems and data.

The Authority is currently seeking a provider to undertake the work to ensure adequate security and safety standards are in place to protect private information.

The work is due to commence shortly and will take around 12 months to complete.

A spokesperson for the Authority said it was not the first time HIQA had conducted this type of security review, with similar reviews carried out in recent years.

“As part of our ongoing programme of security improvements we periodically undertake cyber security reviews to ensure that HIQA’s systems and data are protected to the highest standards,” the spokesperson told the Medical Independent.

“HIQA has not been the victim of a cyber-attack and our security perimeter has not been penetrated thus no system or data has been compromised or lost,” the spokesperson added.

As part of the review a “penetration test” of the organisation’s entire external “attack surface” will be conducted.

The review will include a report, which will be presented to HIQA’s executive management team and audit risk and governance committee “so they have assurance that security best practices are being followed and that data systems are protected”.

The report will include a security assessment of the types of tests performed and any details of vulnerabilities identified.

HIQA may also seek “advice and assistance with developing and implementing IT security policy best practices” and advice on “emerging security threats”.

A number of public bodies, including the HSE, have been targeted by cyber-attacks in recent times resulting in increased efforts by organisations in protecting systems and data.