| dc.description.abstract | The present thesis proposes a case study analysis of an historical ransomware attack against the Irish national healthcare system in 2021, with the ultimate goal of evaluating whether the adoption of the NIS 2 Directive could prevent or mitigate similar cyber-attacks in the future. In particular, the study evolves around the question of to what extent do the cybersecurity measures delineated in Article 21 of the NIS 2 Directive enhance the preventive and mitigative actions to counter ransomware attacks targeting the national healthcare system within the EU context. First, attention is drawn to the normative significance of Article 21, emphasising how its provisions have adapted over time in response to the evolving landscape of cyber threats. Second, the focus shifts to the HSE scenario, with the goal of spotlighting the problem related to the widespread disregard of essential entities, such as healthcare facilities, in their adoption of appropriate and proportionate cybersecurity measures to prevent and mitigate ransomware attacks before the adoption of the NIS 2 Directive. The thesis will demonstrate the repercussions of the absence of adequate cybersecurity measures, encompassing both the absence of preventative elements that could have thwarted the hack and the lack of readiness to manage the aftermath of such an attack on cybersecurity and national security. Indeed, it is imperative to examine the interrelation of digital and physical damage when analysing the impact of the cyber-attack. Second, the objective is to juxtapose the cybersecurity regime implemented by the HSE during the incident with the preventive and mitigative measures envisioned in Article 21 of NIS 2 Directive. This comparative analysis seeks to ascertain whether the Directive possesses the requisite mechanisms to guide these critical entities toward a cohesive approach in countering ransomware attacks. | eng |