HSE still in ‘state of very high risk’ amid slow recovery from cyberattack

Chief operations officer says just 30,000 of health service’s 80,000 IT devices cleaned so far

The Health Service Executive (HSE) remains in “a state of very high risk” 20 days after a crippling cyber attack with only 30,000 of its 80,000 devices cleaned and “switched on” again, a senior official has said.

Anne O’Connor, HSE chief operations officer, said the pace of the recovery work being carried out following the attack has been “extraordinary” but there was still “an awful long way to go.”

“People just don’t understand the scale of what we are dealing with - this isn’t just one service; this is our whole health infrastructure,” she said.

“It’s not just that our system has been damaged. It has kind of been destroyed so there is a lot of rebuilding of the whole system going on.”


The HSE was forced to shut down its IT systems on May 14th after it was targeted by cybercriminals in a ransomware attack .

Outside consultants are helping the HSE restore computer systems following the cyberattack that chief executive Paul Reid has said will likely cost at least €100 million.

Ms O’Connor said the HSE had a colour-coded system to monitor the restoration of services: red for severely impacted, amber for a returning service, green for a service operating again in its location and blue for a normal system, interacting with others, internally and externally.

“We have nothing on the page that is blue,” she said.

The HSE’s labs were “amber” with only some operating at 20 to 30 per capacity and that about half of the 100 million lab tests processed a year related to GP referrals, which have not returned.

One of the main difficulties is trying to restore IT systems so that the HSE can communicate and share patient records, images and test results outside hospitals to GPs.

An immediate objective was to restore Healthlink, the core IT system used for communications between the HSE and GPs, to allow radiology imaging reports to be sent out to GPs.

“We are days away from GPs being able to use Healthlink to refer in,” she said.

This was causing problems for rapid access cancer clinics, screening and for testing, including Covid-19 testing, which was why people were still being asked to attend walk-in tests centres.

Ms O’Connor said the HSE was “gradually bringing emails back” and that about 34,000 “HealthIRL” emails - just one of nine email systems used across the HSE - were coming back.

People were urged not to attend scheduled outpatient appointments at the country’s three main children’s hospitals unless they have been contacted to confirm attendance. At least 80 per cent of the devices across the children’s hospitals have been affected by the cyber attack.

The HSE was experiencing high attendances at hospital emergency departments because GPs were not able to access blood tests and other diagnostic tests and also as a result of the cancellation of outpatient appointments, said Ms O’Connor.

“Part of the problem is people ask how long will it take for us to get it all back. We can’t answer that because until systems are back, we won’t know what activities we have lost,” she said.

Simon Carswell

Simon Carswell

Simon Carswell is News Editor of The Irish Times