Strengthening our cyber future - Key takeaways from the HSE CISO Conference 2026

This article presents some key takeaways from the HSE annual Chief Information Security Officer (CISO) Conference to advance cyber resilience.

50 members of the HSE Cyber Security Office attended the event at the Spencer Jotel in Dublin. The days dedicated to connection, collaboration, knowledge management and charting the next phase of our cyber resilience journey.

Enabling our Strategy of “Protecting the Patient Journey from Referral to Recovery”

In a world where the pace of change continues to accelerate, taking time to align as one team has never been more important. This year’s event brought together colleagues from across Governance, Risk, Architecture, Computer Security Incident Response Team (CSIRT), Threat and Vulnerability Management (TVM), Supply Chain Risk Management (SCRM), Cyber Resilience, Project Management Office (PMO), Customer Satisfaction (CSAT), and the Business Information Security Office (BISO) network, each playing a critical role in protecting Ireland’s health services.

A day built around people, purpose and progress

The agenda reflected the breadth and depth of our mission:

• Team presentations showcased the extraordinary progress made across the CISO Office, from maturing our training and awareness, the implementation of enhanced governance and risk frameworks to strengthening incident response, advancing TVM, and embedding resilience across the patient journey.
• Solution labs challenged us to think differently about knowledge management and collaboration, two areas essential to scaling our capability nationally.
• Team building sessions reminded us that resilience isn’t just technical, it’s cultural. Strong relationships and shared understanding are the foundations of how we respond under pressure.

What stood out most was the sense of unity. Despite the scale and complexity of our work, the commitment to supporting one another, and supporting the health system, was evident in every conversation.

Our journey with the National Cyber Security Programme

The conference also reaffirmed the collective progress we are making through the National Cyber Security Programme (NCSP), which has now transitioned into year two.

2025 was a year of significant uplift:

• Stood up new capabilities in our response, from cyber incident response to managing the outcome form successful cyber breaches, with cyber resilience.
• We strengthened our governance, risk, training, and detection capabilities.
• We mobilised major tenders that will transform our threat detection, incident response, and vulnerability management posture.

But the journey is far from over. 2026 is about scaling, embedding, and sustaining. Ensuring that cyber resilience becomes part of how the HSE operates every day, in every region, across every service. The work ahead is ambitious, however it is also achievable because of the people in the room. The expertise, passion, and shared purpose across the CISO Office is what will carry us through the next phase of the NCSP and beyond.

Protecting the Patient Journey Together

At the heart of everything we do is a simple truth: cyber security is patient safety. From referral to recovery, our role is to ensure that Ireland’s health services remain safe, resilient, and trusted, even in the face of disruption.