Currently ‘no evidence’ Tusla case file data stolen in HSE cyberattack

‘Too early to be absolute’ sensitive information was not harvested, says chief executive

Critical case work is continuing, with child protection or welfare reports being received via phone rather than online, says the State agency. File photograph: Alan Betson

Critical case work is continuing, with child protection or welfare reports being received via phone rather than online, says the State agency. File photograph: Alan Betson

 

There is currently “no evidence” that sensitive information about child protection and welfare cases on Tusla’s national database had been stolen during the recent cyberattack, the State agency has said.

Bernard Gloster, chief executive of Tusla, the child and family agency, cautioned it was still “too early to be absolute” that sensitive files had not been harvested by the cybercriminals.

In a briefing note on Friday, to members of the Oireachtas Children’s Committee, Mr Gloster said as Tusla’s networks had been hosted on the Health Service Executive’s network, it also had to shut down its systems.

This meant social workers had no access to its online database of cases, and that the online portal to report child protection concerns was down.

Mr Gloster said there was evidence of “encryption activity” from the cyberattack on devices linked to Tusla’s online database, the National Childcare Information System (NCCIS). “However, we have also no evidence at this time of information theft from NCCIS,” he wrote in the May 21st briefing.

“I continue to receive increasing assurance on this point, however, it is too early to be absolute in the context of the criminal activity underpinning this attack,” he said.

Tusla also had “significant other databases [and] files” across the HSE network, where it is believed data may have been compromised by the cybercriminals, he said. The criminal gang behind the cyberattack has claimed it will publish or sell the HSE data online if a ransom is not paid.

Case work

Critical case work was continuing, with child protection or welfare reports being received via phone rather than online, Mr Gloster said.

“At this time, we can provide a qualified but reasonable level of assurance regarding critical case work, manual oversight, payment dependencies and safety,” he wrote.

“However, as this is only possible through extensive manual workarounds, the unknown duration of the incident remains a concern in continuity planning,” he said.

In a separate statement on Friday, Mr Gloster said while there was no indication sensitive Tusla data had been stolen in the attack, it was “too early to be definitive”.

“We have many files and databases on the HSE network and all of these are unavailable to us at this time,” he said.

While staff were “challenged” by the current situation, immediate child protection matters and children in care services were still being prioritised, he said.