When healthcare becomes sick: Recovering from ransomware

This teaching case describes the ransomware attack on Ireland’s national health provider, the Health Service Executive (HSE), and how it recovered. The attack disrupted critical healthcare services across more than 50 hospitals and, in retrospect, highlighted significant cybersecurity vulnerabilities. The case provides an in-depth analysis of the events leading up to the attack, the immediate organizational and technical impacts, and the subsequent response and recovery efforts. It explores issues such as incident response, risk management, business continuity, and the broader implications for public health organizations. It provides insights into the complexities of managing cyber threats in a healthcare context and the importance of robust cybersecurity preparedness. This case is designed for both undergraduate and postgraduate students in courses related to information security, cybersecurity management, and information systems. Students will be encouraged to evaluate the HSE’s preparedness, response strategies, and long-term recovery plans, and to develop recommendations for enhancing cybersecurity resilience in similar organizations.