A report into the cyber attack on the HSE shows the malware went undetected in the system for around 8 weeks.
The investigation by PWC highlights a number of weaknesses within the organisation's ICT structure.
The initial infection that led to the 14th of May attack was made on the 18 of March this year. An email was opened by one worker, allowing the malware to run in the background of the HSE systems for approximately 8 weeks, undetected.
The report shows that cyber security concerns were raised earlier in the month - but the significance of the threat was missed.
The current overall cost of this attack is €100 million - with a significant portion of that figure going towards the investment that is needed for the future protection of the network.
Recommendations in the report include the appointment of new roles such as the Chief Technology and Transformational Officer And Chief Information Security Officer.
The HSE is now working on a multi-year plan to build up resilience against any future attack.