Fears HSE could come under fresh attack during recovery process

Criminals have encrypted some data but the extent of the problem is not yet known

A long queue of people outside Croke Park for Covid-19 vaccination on Monday afternoon. Photograph: Colin Keegan/Collins

A long queue of people outside Croke Park for Covid-19 vaccination on Monday afternoon. Photograph: Colin Keegan/Collins


Disruption caused by the cyberattack on Health Service Executive computer systems is very likely to continue “well into this week”, it has said.

Those behind the attack have succeeded in encrypting some data but the extent of the damage is not yet clear, according to the HSE.

With some staff expressing fears the attack could hit the payment of salaries, the HSE said it has worked through Monday on the issue and expects no disruption to payroll.

Work continued on Monday on assessing the impact of the cyberattack and beginning to restore IT systems.

“There are serious concerns about the implications for patient care arising from the very limited access to diagnostics, lab services and historical patient records,” the HSE said in an update on Monday evening.

It said the Defence Forces were providing support in the deployment of computers and operationally.

The HSE said it was in the assessment phase of its response for many areas and in an “early recovery” phase for others.

It said St James’s and the Mater hospitals in Dublin had made good progress in assessing their IT systems.

The restoration of diagnostic imaging, laboratory systems and radiation oncology is being prioritised.

It is clear data on some servers has been encrypted, according to the HSE, “but the full extent of this is unknown at this point”.

Many devices used in the health service run on older Windows operating systems. A HSE spokesman said an initial investigation showed this had “no relevance” to the breach of security that occurred.

Solution ‘some way off’

Sources say “they are making the progress they were expecting to make”, though a solution is regarded as some way off. As a first step, IT staff have established the foundations on which computer systems may be rebuilt and are beginning this process.

However, there are fears the HSE’s system could come under a fresh attack while this process is under way, with further disruptive effect.

Even though emergency services are operating, the throughput of patients has slowed dramatically due to the lack of access to computerised records.

Some hospitals have ended up with crowded emergency departments but empty beds in wards because of delays in referring incoming patients caused by the lack of electronic records.

Temporary fixes have been found in some locations, such as the employment of “runners” to bring scans between different departments of hospitals.

In general across the health system, voluntary hospitals have been less severely affected than HSE-run hospitals, as in many cases they operate separate computer systems. Private hospitals have been largely unaffected and are helping public hospitals by accepting referral patients for tests.

Time-critical care and treatment such as surgery, dialysis and radiotherapy is largely continuing.

However, diagnostic services across the country have been badly hit by the shutdown in IT.

Lab capacity

General practice has also continued, though the lack of email contact with the wider health service will cause increasing problems with time.

The HSE has warned GPs that clinical laboratory capacity for checking samples from patients may be reduced to as little as 10 per cent.

GPs have been told not to send any samples of any kind to HSE laboratories unless it is “essential to decisions that must be made right away”, according to HSE chief clinical officer Dr Colm Henry.

Samples sent last week may no longer be suitable for processing after the system is back up and running, so new samples may need to be taken, Dr Henry told GPs in a letter.

Tusla, the child and family agency, says it has also been affected because social workers do not have access to background information in case files.

While most Covid-related activities are continuing – including vaccination – there are delays in the reporting of test results, which may affect contact tracing operations.

Screening is operating as normal, according to the HSE, as are community health services.

But most radiology services and many outpatient appointments for this week have been cancelled.

The HSE response to the cyberattack is being led by chief information officer Fran Thompson and his deputy, Michael Redmond, who are briefing senior management several times a days.

There are 2,000 IT systems operating in the health service, and 80,000 devices, all of which will have to be checked.