Patients face further wait for email access as HSE decides whether to lift ban

Appointment delays to continue until at least Thursday afternoon after WannaCry threat

Patients may have to wait until at least Thursday afternoon to send emails to and receive emails from the Health Service Executive, as the organisation continues to deal with the fallout from the WannaCry ransomware attack.

Appointments for MRI scans, X-rays and blood tests, among others, were disrupted on Monday when the HSE shut down its email servers to protect its computer systems from the global cybervirus.

Managers are due to decide on Wednesday afternoon whether to lift the ban on external email, now that the HSE has had time to update its security software. If they go ahead, patient access to the organisation’s computer network will be phased in over 24 hours.

Appointment problems are being dealt with at local hospital and service levels, according to the HSE. The health service had identified minimal disruptions, a spokeswoman said, and service delays were managed without significant effects on patient care.

On Tuesday the organisation began to reinstate internal email access, bringing 1,200 servers back online. A Microsoft security patch, released in March to close the vulnerability in Windows operating systems that WannaCry has exploited, has been downloaded on to 28,000 HSE computers since Saturday. About 52,000 computers and medical machines and 2,350 servers have been updated since news of the global cyberattack broke over the weekend. The HSE has estimated that 1,500 of its computers still use the vulnerable, unsupported Windows XP system.

The National Cyber Security Centre said that a small HSE-funded centre in Co Wexford had been infected by the WannaCry virus but that its computers were not linked to the wider HSE network, so containing the threat. Viruses that affected computer systems at three Irish hospitals on Monday afternoon were not linked to the WannaCry attacks, the HSE said.

Internationally, more than 200,000 organisations were infected by the virus, which struck in the UK and Spain first last Friday, before spreading around the world. The NHS was one of many major global organisations affected, with 47 trusts hit.

Minister for Health Simon Harris said on Tuesday that no patient record has been compromised or damaged as a result of the cyberattacks. "Cyberthreats are never far away, and we need to remain vigilant. This incident has tested our people and our processes and provided us with huge learning to build upon."

Fianna Fáil spokesman for health Billy Kelleher said more needed to be done to stop the virus, which was still active this week, from infecting the HSE computer system. "Any attack could lead to emergency departments, or even whole hospitals, being closed, cancellation of outpatient and inpatient appointments, or chaos in the National Ambulance Service. In Northern Ireland we have seen lifesaving operations being cancelled as a result of these cyberattacks," Mr Kelleher said.

“Our health system is in a fragile enough state as it is. We cannot allow such an attack to happen, and possibly disrupt it even further. We cannot have a situation where the HSE could potentially be held to ransom over access to critically important services and facilities through a concerted and targeted attack on their networks.”

Additional reporting: Jack Power and Mary Minihan