The HSE had been warned about weaknesses in its IT system almost three years ago.
It follows the ransomware attack which has crippled the health service in recent days.
The problems identified included issues with “security controls” and “disaster recovery protocols” after internal audits which flagged the issues in HSE annual reports for two years in a row, according to The Irish Times.
The HSE is currently trying to deal with the impact of a cyberattack that has disrupted many services, while there are fears that patients’ personal data has already been published online.
Letterkenny University Hospital has been forced to cancel all operations this week and the A&E Department has been very slow all week.
The criminal gang responsible for the attack is looking for a ransom payment, but the Government has insisted it will not give in to their demands.
The HSE’s 2018 annual report says: “Internal audits have identified vulnerabilities in the area of security controls across parts of the domain including application password protocols and the management of secure access.
“Weaknesses have been acknowledged in some of the areas audited in disaster recovery protocols, particularly in relation to older and legacy systems.”
The report adds the Office of the Chief Information Officer “is committed to improving controls in respect to cyber security”.