Cyberattack: ‘High risk’ stolen patient data may be released tomorrow, HSE chief says

Good progress is being made in restoring IT systems in the health service

The chief executive of the HSE said on Sunday there is a “high risk” the criminals behind the cyberattack attack will fulfil their threat to release patient details on Monday.

On Sunday, the Government said it is “aware of the risk” that personal data stolen from the HSE in a cyberattack may be published online.

The Government issued fresh advice to people who may become victims of fraud as a result of their data being exposed. People are advised to be cautious of criminals taking advantage of fears around the HSE attack by contacting them to attempt to obtain information or payments. The Government has urged the public to report any such attempts to gardaí.

“The theft and disclosure of medical data would be a particularly despicable crime because it involves sensitive, personal information. Any public release of this data would be illegal,” it said. “There is, sadly, a real risk of patients’ data being abused in this way.”


Restoring systems

Good progress is being made in restoring IT systems in the health service following the cyberattack on the HSE, Mr Reid told RTÉ radio’s This Week programme.

Steady progress was made over the weekend and the provision of an encryption tool by the cybercriminals behind the attack has helped, he said.

As a result, systems in some hospitals for storing scan results and patient administration details are likely to be restored soon. In others areas, restoration of system will take weeks.

The HSE is focused on doing “everything we possibly can” to “constrain” the impact of the data breach, Mr Reid said. Last week’s High Court order makes it a criminal offence to share information from the breach publicly, he pointed out.

In addition, the HSE is working with the social media platforms to ensure no material is published. If data is published, the HSE will contact the Data Protection Commissioner, he added.

“This is an attack on the State, not just the health service, not just on our patients. We have sought the advice of some of the best people in this area to see how we can constrain publication of data and the High Court order was a very important part of this process.”

“Ultimately, there would a legal process for later, but for right now we want to engage with all the regulatory and legal authorities of the State, and do everything we possibly can.”

The HSE will put in place more senior roles in IT as part of its actions to address the issues that have arisen, Mr Reid said.

Work is under way on “assessing each of those national systems we want to restore, which ones we have to rebuild, which ones we may have to remove and certainly the decryption process helps us in that.”

“You will probably see some hospitals having access to some of the national systems, including a patient administration system, but it is a slower process, throughout next week and over the next few weeks as well.”


In an update on Sunday, the HSE said services around the country were continuing to see substantial disruption.

Blood tests and diagnostics are taking much longer than usual to operate, while emergency departments remain very busy with high attendances.

Long delays are expected for patients needing non-urgent care. With staff working over the weekend to get services up and running again,

The NIMIS system for digital radiology is now live again in Beaumont and the Coombe hospitals, with progress being made in other hospitals.

CervicalCheck appointments are resuming on Monday, while other screening services are going ahead.

The encryption tool provided by the cyber-attackers is being tested manually on various systems and when this is safe, but the HSE says this is a slow process.

Significant impact

An estimated 50,000 patients attending family doctors have been affected during the first week of the disruption caused by the IT breach, according to Cork GP Mary Favier.

The cyberattack is starting to have “quite a significant impact” due to the difficulty in order blood tests, X-rays and other services, she said.

In her own practice, she already has concerns about possible cases of delayed diagnoses caused by the disruption.

And while private patients have been largely unaffected, public patients were enduring a “double whammy” due to the IT disruption and the delays caused by the Covid-19 pandemic, said Ms Favier.

Minister for Higher Education Simon Harris said: "If you are contacted by anybody asking for your bank details, please know the State will never contact you asking for your bank details over the telephone or by email.

“And in my experience, the state will never contact you offering to pay you back money either.”

Mr Harris used the example of someone who had recently been for an X-ray being contacted by a person alleging to be from a hospital, claiming they are owed money for the procedure, and asking for bank details.

“Under no circumstances do that. Terminate the phone call, don’t reply to the email, and please contact your local Garda station,” he said.

He said it was vital that the public report such incidents to the gardaí, to protect themselves and so that information on the criminals responsible can be passed on to international policing.

“This is a crime, and we want to be able to pass on as much information as possible to police forces around the world,” he told RTÉ’s the Week in Politics. “Any contact in any way suspicious at all, please contact the gardaí.”

He called on the public to have a “heightened sense of awareness” and to discuss the issue with family and friends.


Meanwhile, the Opposition have continued to raise questions about Ireland’s preparedness for the attack.

Labour TD Duncan Smith said representatives from the National Cyber Security Centre (NCSC) had failed to “answer basic questions” at a private meeting of the Communications Committee last week. He said: “It was a pretty bizarre meeting. The representative from the NCSC didn’t answer very basic questions in relation to resourcing and the lead-up to this attack.

“We didn’t push too much on this current attack because it’s an ongoing issue. “But just in relation to how prepared the NCSC was, we were not comforted by how that meeting went.”

There are huge questions that will need to be answered after this.”

In a statement on Sunday, the Government said: “It is a common feature of these kinds of cyberattacks that the perpetrators steal data. “Work to identify the extent of any data taken from the HSE’s IT systems is ongoing as part of the process of repairing the systems.

The statement added: “An Garda Síochána are continuing in conjunction with national and international partners to pursue the investigation of this crime. “The Government urges anyone who has reason to suspect they are victims of this cyberattack to make a report at their local Garda station or through the Garda confidential line.” The line is open 24 hours a day, seven days a week on 1800 666 111.

The ransomware attack has resulted in the HSE having to close down all its IT services, causing widespread delays and the cancellation of appointments at hospitals across the country. - Additional reporting PA

Paul Cullen

Paul Cullen

Paul Cullen is Health Editor of The Irish Times