Today's cyber hackers are "professionally run organisations with HR departments, away days, and bonuses", according to the Health Service Executive's head of cyber security, Neal Mullen.
It is five years since the HSE became the victim of the biggest cyber attack in the history of the State, when a phishing email from the Russian based Conti group to a HSE account triggered a system-wide shut down.
Mr Mullen took up the role of Chief Information Security Officer in 2024, after a report on the attack recommended an overhaul of the organisation's cyber security approach.
"My team has grown from less than 10 to 70 in the last couple of years," Mr Mullen told RTÉ's News at One programme.
"I'm very confident if we were to have a cyber attack on the same scale, the impact would be considerably smaller; the speed of our response would be faster; and the speed of our recovery would be considerably better."
But the threat of another attack remains greater than ever, and the attackers are becoming more sophisticated.
"These are professionally run organisations with HR departments, and away days, and objectives and bonuses… it's an industry, not a group of people sitting in basements with hoods up. It is that as well, but the larger ones are professionally run organisations," Mr Mullen said.
Consultant Oncologist Professor Seamus O'Reilly recalls the profound effect on cancer patients whose tests and treatment plans were suddenly inaccessible on that day.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
"Patients who had tests done overnight, scans for instance trying to assess how their cancer was responding to treatment, those scans were frozen in the system and completely unavailable."
He acknowledges the improvements in the HSE's cyber security systems since the attack but warns that the threat has also significantly increased.
"We remain vulnerable. This happened because of a phishing e-mail that came into the system.
"But with artificial intelligence, now the phishing e-mails that we will be getting are curated so they look like they are coming from someone we know. A lot of the criminality that led to the cyber attack, that is still out there."
The perpetrators of the 2021 attack demanded a ransom which the Government said would not be given.
A week later, the attackers suddenly gave a decryption key to unlock the system.
Cyber security expert Ronan Murphy of Smarttech 247 said the reason for the abrupt change of strategy from the attackers remains unclear.
"I believe the Irish Government were in contact with the Kremlin, they were illustrating the damage it was doing to Ireland and to our health service… but how they got their hands on the key isn't clear as of yet."
He said the attack is "still one of the most defining cyber incidents that Ireland has ever faced" and agrees the threat has intensified.
"Awareness is much higher, but also the sophistication of the adversary is also better, and their ability to use AI," he added.
Five years on from the attack, the fallout continues as the HSE deals with patients whose data was compromised, in what remains the biggest cyber crime incident in the history of the State.
