Cyber Assistance Scheme

By Ian Roe, Cyber Security Specialist at Department of the Environment, Climate and Communications

Covid-19 has and is challenging society to adapt and respond in order to mitigate the virus. Our Health and Social Care Services have and will continue to lead the way in driving the public health response to COVID-19. The Health Sector in Ireland has a range of measures in place to safeguard critical services. However, the possibility of cyber security incidents impacting patient care cannot be ruled out.

The National Cyber Security Centre (NCSC) is one of a number of entities who support stakeholders in the Health Sector.  The NCSC assist critical national infrastructure operators in responding to the technical and organisational aspects of cyber security incidents among a portfolio of services such as malware analysis and vulnerability notification.

The Cyber Assistance Scheme was established to harness the collective expertise of the cyber security industry in Ireland and while COVID-19 is first and foremost a medical and human challenge, the Cyber Security community has shown itself willing to contribute to the national response effort. 

The Health Sector Threat Landscape

The Health Sector, in common with other sectors, experienced an increase in phishing attempts at the onset of COVID-19. In the midst of this pandemic, stakeholders are adapting and evolving services to support the delivery of critical services.

Internationally, there have been a number of cyber security incidents affecting the Health Sector this year, including the ransomware attacks on the University Hospital Düsseldorf in Germany (more information) and the Brno University Hospital in the Czech Republic (more information).

In the case of the attack on the University Hospital Düsseldorf, the unavailability of IT systems due to the ransomware attack meant that the hospital was unable to accept emergency patients for a period of time; the patients had to be rerouted to other hospitals which in one case may have directly resulted in the death of a patient. The attack on the University Hospital Düsseldorf, unfortunately, illustrates the potential impact of cyber related incidents on the provision of patient care.

More recently, the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a joint advisory on an imminent ransomware threat to the US Healthcare and Public Health Sector (more information). The advisory related to healthcare organisations in the United States who it indicated are being targeted with Ransomware, most notably Ryuk and Conti. Although primarily focused on the US, Ryuk has previously targeted entitles across Europe. 

To assist in the national effort, the NCSC and Cyber Ireland engaged with stakeholders from the Health Sector to develop a targeted short term scheme to facilitate the rapid access by Healthcare providers to industry cyber security expertise, if they find themselves victims of a significant cyber security incident. 

The Cyber Assistance Scheme

The Cyber Assistance Scheme mirrors the objectives of similar initiatives launched within Europe and beyond with some local adaptations. It is based on a collaborative model involving stakeholders across government, industry and, most importantly, the Health Sector, who will remain the lead stakeholder throughout any notified incident. The scope of the scheme extends to Hospitals, laboratory facilities and Healthcare organisations with responsibility for the management of COVID-19. 

How it works

The Cyber Assistance Scheme will, if called upon, respond to cyber security incidents such as ransomware and denial of service attacks that impact the Healthcare providers’ ability to deliver critical services. The initial hours of a cyber security incident are often critical. An efficient and quick response is required to safeguard services, and it is in these early phases that the Cyber Assistance Scheme is intended to provide support although circumstances may differ in each specific case.

The NCSC in collaboration with our partner in this initiative, Cyber Ireland, launched the Cybe earlier this year asking the cyber security community to join the national effort by offering their expertise and skills on a no-fee basis in meeting this challenge.

Cyber Security experts from across the Health sector and the broader cyber security industry responded to the call and this is an illustration of how the cyber security community are prepared to collectively contribute when called on. The Cyber Assistance panel includes cyber security practitioners from a cross-section of roles such as Threat Response Analysts, SOC Managers, Lead Information Analysts and Incident Response Leads. 

While the panel is composed of individuals in many cases, it is important to recognise that a number of organisations through their social responsibility programs sponsored their employees to participate in this initiative. 

We should also highlight that the Health sector have measures in place and with the dedication of its employees can respond to and manage cyber security incidents now and into the future. 

Similarly, there are state bodies and entities, such as the NCSC, who can and do provide assistance to stakeholders on an ongoing basis in order to protect critical services.  At this unprecedented time, the Cyber Assistance Scheme is intended to supplement existing structures already in existence.

The cyber threat landscape is evolving and will continue to do so into the future. The need for vigilance is required which is shown by recent and ongoing events. By cooperating as a broad cyber security coalition in partnership with governmental authorities and Health services, we can work together to safeguard critical services for the benefit of all citizens.

If you have experience in responding to cyber security incidents, then please consider joining us in this initiative. You can reach us at [email protected],


Cyber Assistance Scheme

Cyber Ireland Icon

Call for Volunteers - Subject Matter Experts

Closing date for application to Phase 1 is July 31st 2020.

Ireland’s National Action Plan in response to COVID-19 set out the measures required to contain, delay and mitigate this virus. Our Health and Social Care Services have and will continue to lead the way in driving the public health approach response to COVID-19. While COVID-19 is first and foremost a medical and human challenge, we in the Cyber Security community can do our part in joining this national effort.

Internationally, there have been a number of incidents affecting Health Services since the beginning of this pandemic, including a Ransomware attack on Brno University Hospital in the Czech Republic and a Denial of Service attack on the U.S. Health and Human Services Department. While healthcare services in Ireland have a range of measures in place to prevent such incidents occurring here, the possibility cannot be ruled out.

On that basis, the NCSC is looking for Subject Matter Experts who are willing to volunteer their expertise and time to support the Health Sector in the case of a significant cyber security incident which impacts the Healthcare provider’s ability to deliver critical services. 

This process will work as follows; when we are notified of a cyber security incident in the Health Sector, we will, if called on, match a Subject Matter Expert from an approved panel with the impacted hospital, Healthcare provider or laboratory. You may be asked to attend on-site or remotely, working directly with the Healthcare provider by assisting in the management and response of the cyber security incident.

If you have experience in responding to cyber security incidents, then please consider contributing to this initiative.

How to volunteer?

  1. Please email [email protected] expressing your interest in joining the Subject Matter Expert panel. 
  2. We will send you a volunteer application pack which includes the terms of reference and registration form for the Cyber Assistance Scheme.
  3. Once your application has been confirmed, you’ll be one of the volunteers that may be contacted for incoming requests. The NCSC will pair the healthcare provider to the volunteer that matches best with their needs and will enable the healthcare provider to reach out to you directly.