HSE still working to establish how systems were breached

Chief executive says paying ransom would be ‘a race to the bottom’

HSE chief executive  Paul Reid at the weekly HSE  update on Thursday.

HSE chief executive Paul Reid at the weekly HSE update on Thursday.


The Health Service Executive doesn’t know how its systems were breached by cyber-criminals, almost one week after the attack occurred.

Chief executive Paul Reid said it will take at least a week before the HSE can determine how a criminal gang managed to gain access to the systems.

While it had “plenty of suspicions”, it has not yet received confirmation of the ultimate cause of the security breach.

With up to 150,000 access points in the network, there were many potentially vulnerable access points, he told the weekly HSE briefing on Thursday.

“It can be as simple as an email, clicking on an attachment to an email, that’s a proven way of getting in,” Mr Reid said. Replicating someone’s login credentials was another way of gaining access to a system.

He pointed out that €300 million has been invested in capital infrastructure in HSE systems in recent years; about €82 million of this was for “the core network”.

Asked about the issue of a ransom demand from those behind the cyber-attack, he said paying a ransom was “a race to the bottom” that increased the capability of criminal organisations and thereby further stretched state resources.

Mr Reid described the alleged ransom demand as “not unusual and not unexpected”.

“That’s what criminal cyber-gangs to,” he said. He was not able to confirm that data has been extracted from the HSE system, “but that’s what you’d expect from these criminals”.

He urged anyone who thinks their data has been misused to contact the gardaí.

Asked whether, as head of the HSE, he should not know about the ransom sought, Mr Reid said he was clear about his role, which was to run the health service and provide safe services. Fraud was a matter for the gardaí.

Mr Reid described the impact of the attack as “quite grave” in the immediate term.

He described the event as a “stomach-churning criminal act” that was proving “catastrophic” for the health system.

The HSE’s response to the cyber attack had been immediate and comprehensive and “will continue to be relentless”.

The work to undo the damage caused by the ransomware attack is not “a short sprint” and will last for the coming weeks, he said.

There are over 2,000 different systems in the health service, with over 4,500 servers providing information.

Staff in hospitals are working in a high-risk environment due to the absence of the usual supports, said HSE’s chief operations officer, Anne O’Connor

Access to diagnostics was much slower than usual and GPs were also severely restricted in their access.

As work-arounds, GPs are ringing consultants on their mobiles in relation to patients, and health service staff have been redeployed to work as “runners” in hospitals.

Outlining the disruption in many areas, she said inpatient procedures and chemotherapy services were down 50 per cent while inpatient and endoscopes were down 70-80 per cent.

In University Hospital Galway, for example, five patients received radiotherapy on Wednesday, instead of the usual 80.

Community health services were also impacted with the widespread cancellation of audiology speech therapy and other services.

The system used for storing scans in hospitals (NIMIS) is being restored at the Mater and St James’s hospital, Ms O’Connor said, but just within the hospitals themselves.

Voluntary hospitals would be able to restart more quickly because they have standalone system, officials said.

In attempting to restore services, the HSE is focusing on radiology, laboratories, radiotherapy and patient administration systems, Mr Reid said.

The process of connecting individual hospitals to the national system would take much longer.