DYNAMIC PURCHASING SYSTEM FOR UNIFIED CYBER INCIDENT RESPONSE SERVICE

Description

The HSE is issuing this Request to Participate (“RTP”) in a Dynamic Purchasing System (hereafter ‘the DPS’) for the provision of Unified Cyber Incident Response service. The HSE is the Contracting Authority for this public procurement competition on its own behalf and on behalf of all organisations funded by the HSE. On 14 May 2021, the HSE was subjected to a serious criminal cyberattack (the “Incident”), through the infiltration of IT systems using Conti Ransomware. Over 80 percent of IT infrastructure impacted leading to unavailability of key patient information and diagnostics. To rapidly enhance the security operations and strengthen the cyber defence posture post the Incident, a number of security services were stood up on an emergency basis. HSE are now in the journey towards standardising these capabilities and associated services. The Post Incident Review (PIR) that was carried out following the incident has highlighted the need for integrating existing siloed incident response processes into a unified cyber incident response capability. The vision of this service is to effectively and consistently have the capability to unify the cyber incident response across multiple HSE organisational constructs.