HSE examines extent to which patient records were compromised in cyberattack

Health IT systems ‘some way off’ restoration, with hospitals to be affected for next week

The Health Service Executive (HSE) is currently examining to what extent patients' medical records are among data that has been "compromised," as a result of the major cyberattack, which has curtailed many hospital services.

Paul Reid, HSE chief executive, said officials were currently trying to determine “what level of data may have been compromised” in the ransomware attack.

The standard approach from criminal groups behind such cyberattacks was an “double extortion” attempt, to both withhold the hacked data, and also threaten to publish it online, unless a ransom was paid.

Mr Reid said the HSE was confident it had secure back-ups of all the affected data from its IT systems, allowing it to “rebuild” the infrastructure.


Work was currently looking at what systems could be brought back online, “in a safe manner one by one,” he told RTÉ’s Saturday with Katie Hannon show.

The cyberattack had been “very significant and sophisticated,” and was being dealt with by the highest level of the intelligence forces of the State, Mr Reid said.

There had been cases where organisations had paid ransoms to cyber criminals, and the data had not been returned, he said.

While the referral system for Covid-19 tests via GPs was down, people with symptoms could attend any testing centres across the country, and no longer needed a prior referral, Mr Reid said.

Close contacts of positive cases, who previously received a text, would now receive a phone call from contact tracing teams, he said.

The Department of Health has said due to the IT system shutdown the daily number of new Covid-19 cases would not be available on Saturday. The department said backdated figures would be published when possible.

Minister for Communications and Minister of State Ossian Smyth were on Saturday morning briefed by the National Cyber Security Centre (NCSC) about the attack.

The NCSC said in a statement their “full resources have been committed to supporting the HSE in its response to the cyber attack” and that “work will continue throughout the weekend with the focus on supporting the HSE’s recovery process in order to minimise disruption to services”. The NCSC advised that more updates will be provided as the investigation goes on.


The vaccination programme was continuing “at pace”, despite the cyberattack, and remained on target to administer more than 250,000 doses by the end of this week.

People in their 40s would hopefully be able to book their vaccine appointment by the end of next week as well, Mr Reid said.

Minister for Communications Eamon Ryan and Minister of State Ossian Smyth had a briefing on the cyberattack from the National Cyber Security Centre (NCSC) on Saturday morning.

The Department of Communications said the NCSC was committing its “full resources” to respond to the hack, and was in contact with international partners and private contractors.

“This work will continue throughout the weekend with the focus on supporting the HSE’s recovery process in order to minimise disruption to services,” the department said.

The cyber security centre has also issued advice to other State operators of essential services to guard against any repeat attacks.


The health service will likely be impacted by the effects of the attack for the next week, as a senior Health Service Executive (HSE) official has said hospital IT systems are “some way off” being restored.

Dr Clare Faul, director of St Luke’s Radiation Oncology Network, said the cyberattack was having “a significant and ongoing impact” on services.

The IT shut down had led to radiation treatment centres ceasing services in St Luke’s, Beaumont and St James’s Hospital.

“We initiated a plan to treat all urgent patients in the private sector, which commenced on Friday and is continuing . . . We are doing everything possible to get our systems ready to treat patients with radiation again next week,” she said.

Anne O'Connor, HSE chief operations officer, on Saturday said it was in the "early stages" of rebooting some of the foundational technology, but were "some way off" having the main systems back up and running.

At present it would be at least several days before health service and hospital IT systems returned to normal, she said.

“We are definitely working on several days at the minute, and that’s if it goes well. The system at a wider level will be impacted we believe for this week,” she told RTÉ’s Brendan O’Connor Show.

“Yesterday a decision was taken to shut down all of the systems, really to protect the whole infrastructure, as of now there’s been a lot of work overnight,” she said.

“We have been working since early yesterday morning to determine first of all the impact of this attack across the board, and to see what systems are working,” she said.

On Friday, the HSE said it would not be paying the ransom demanded by the cyber criminals behind the attack, who are believed to be a criminal gang operating in another country.

It is understood the exact amount being sought in the ransom is not clear, according to one senior official.


Several hospitals moved to cancel outpatient appointments and elective procedures in the wake of the cyberattack.

One major problem was the lack of diagnostics and access to previous test results, while the systems remained down, Ms O’Connor said.

“A really big problem here relates to diagnostics, so our whole imaging system has been affected by this . . . We have no access to previous scans, no access to previous blood results,” she said.

Hospitals had returned to pen and paper for processing results from bloods and other lab tests. “We’ve gone right back to years ago, we’ve got literally runners in the hospital bringing pieces of paper around with results,” said Ms O’Connor.

There were “different scenarios in different parts of the country,” with some hospitals more affected than others, she said.

Some voluntary hospitals were not hit as hard as a result of the HSE shutting down its IT systems, while other hospitals had been forced to cancel most outpatient appointments.

“The important thing for us is to not cancel things if we don’t need to . . . We are prioritising urgent and time-dependent work,” said Ms O’Connor.

The HSE’s online system for booking Covid-19 vaccine appointments had been restored on Saturday, meanwhile the administration of vaccinations was largely unaffected by the cyberattack.

While some appointments, such as chemotherapy and dialysis services would continue, there were widespread cancellations of others such as x-ray appointments and radiology services.

The HSE has warned delays should be expected as hospitals attempted to move to offline manual processes.

Health officials were unsure if a tech issue in Beaumont Hospital identified on Thursday was also connected to the ransomware attack.

Members of the public have been advised by the HSE that updates about changes to appointments and services will be published on its website.

Jack Power

Jack Power

Jack Power is a reporter with The Irish Times