HSE postpones resuming external emails amid cyber virus concerns

Patient appointments disrupted as emails blocked due to fears over ransomware virus

A screenshot shows a Wannacry ransomware demand, provided by cyber security firm Symantec. The HSE shut down its email systems on Monday in a bid to prevent infection of its IT systems by the virus. Photograph: Reuters

A screenshot shows a Wannacry ransomware demand, provided by cyber security firm Symantec. The HSE shut down its email systems on Monday in a bid to prevent infection of its IT systems by the virus. Photograph: Reuters


The Health Service Executive (HSE) has delayed making a decision on lifting external email access for patients to the HSE network until Wednesday afternoon, amid concerns over the global ransomware cyber virus.

When patients’ email access to the HSE network is restored, it will be phased in and expected to take a full day before the email service is operational again. This means patient contact to and from parts of the Health Service may not come online again until Thursday or afterwards, if HSE management decides to begin lifting the IT lockdown at a meeting on Wednesday afternoon.

On Tuesday afternoon the HSE took the decision to begin reinstating internal email access among staff, from 1 pm email servers which were offline were rebooted to activate antivirus security upgrades. The email servers had been shut down from Monday to protect the HSE’s computer system from the ransomware virus, while their security software was updated. The staff email servers were rebooted and opened up on a phased basis, with 1,200 email servers brought back online on Tuesday. However, many parts of the Health Service have yet to have staff email access reopened.

Resulting issues arising from the email lockdown and patient appointment problems are being dealt with at local hospital and service levels, a spokeswoman for the HSE said. The Health Service she said, had identified “minimal” disruptions, and service delays were managed without impacting patient care to a “significant level” she said.

Of the 1,200 email servers rebooted on Tuesday, two problems were identified as part of the reintroduction of email access. The issues were not related to the ransomware cyber attack, and affected two administrative computers that did not hold patient records. “A decision on external access will be made tomorrow” Richard Cobridge, chief information officer of the HSE said on Tuesday.

Patient appointments including MRI scans, X-rays and blood tests were disrupted on Monday due to the email shutdown. No instances of the virus infecting the HSE’s computer system have been recorded.

Speaking on his way into a Cabinet meeting on Tuesday, Minister for Health Simon Harris said that “no patient record has been compromised or damaged as a result of the cyber attacks”.

“Cyber threats are never far away and we need to remain vigilant. This incident has tested our people and our processes and provided us with huge learning to build upon,” he said.

He said health agencies would monitor the situation over the coming days and his priority was to ensure patient safety was not compromised, that “patient data is secure and confidential” and that there was minimal disruption to services.

Mr Cobridge said that “all [HSE]clinical services and computer systems have been protected from the virus and no data or information was compromised as a result of the attempted cyber attack”.

He said the HSE leadership team will meet on Tuesday to discuss if they can restore external communications from outside the HSE network by Wednesday.

After external communications have been reopened, “business as usual will resume”, Mr Cobridge said.

A Microsoft security patch, released in March to close the vulnerability in Windows operating systems exploited by the ransomware virus, has been downloaded onto 28,000 HSE computers since Saturday.

Some 52,000 computers and medical machines and 2,350 servers have been updated with the most recent antivirus security software in an emergency IT blitz since news of the global cyber attack broke over the weekend.

The HSE has estimated there are 1,500 computers still operating on the vulnerable unsupported Windows XP system.

A HSE spokesperson outlined that IT staff have located more than half of the at-risk computers, and expect to find and address the remaining units by Wednesday.

Fianna Fáil spokesman for health Billy Kelleher said more needed to be done to ensure the virus, which is still active, was stopped from infecting the HSE’s computer system.

“Any attack could lead to emergency departments, or even whole hospitals, being closed, cancellation of outpatient and inpatient appointments, or chaos in the National Ambulance Service. In Northern Ireland, we have seen lifesaving operations being cancelled as a result of these cyber attacks,” Mr Kelleher said.

“The implications of such an attack are deeply worrying. Our health system is in a fragile enough state as it is. We cannot allow such an attack to happen, and possibly disrupt it even further.

“We cannot have a situation where the HSE could potentially be held to ransom over access to critically important services and facilities through a concerted and targeted attack on their networks,” Mr Kelleher said.