Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

CEO HSE Paul Reid. Leon Farrell

Cost of HSE cyber attack ‘could rise to half a billion euro’, Committee hears

HSE boss Paul Reid said the human cost of the incident will be hard to measure.

LAST UPDATE | 23 Jun 2021

THE OVERALL COST to the HSE following the recent cyber attack could amount to half a billion euro, an Oireachtas committee has heard.

Chief executive Paul Reid also warned that he can “never be confident” that the HSE has seen the worst of the cyber attack.

Reid said that while there are financial costs, there will be human costs as well, adding that it will take months before systems are fully restored.

He told the Oireachtas health committee that the immediate costs amounted to €100 million, but that will rise when other factors are included.

Fine Gael Senator Martin Conway said he expects it to amount to hundreds of millions of euro, “possibly half a billion”.

Reid said Conway was “correct”, adding that significant investment is needed to protect the systems.

The HSE boss said there are technical and infrastructure costs.

“There are particular costs in relation to capital costs, which would be the replacement of a number of devices across the networks,” he added.

“There is also capital costs in upgrading key systems to have them at a higher standard.

“Third party costs which relate to a number of technical expertise that we have engaged from a range of specialist providers. We have also engaged international expertise.

“There are costs we will incur in the future, and we need to put in place a security operation centre to monitor our network on a more comprehensive basis.”

He also said that a lot of the Microsoft applications will be updated, adding that immediate costs are “well over” €100 million.

“That is just to get us through this,” Reid warned.

“The other costs we have is clinical costs and local IT costs we have to put in place to strengthen resourcing.

“Looking back we would have invested €82 million in malware protection but we have a really old legacy network in the HSE. It needs investment for protection, it needs investment for security and protection of data, and we will have many lessons learned from this in reports we will get.”

He said that while he is not aware of any other sensitive data belonging to patients that have been illegally accessed.

However, Reid warned that the HSE may not have seen the worst of the cyber attack.

Maternity hospitals

Meanwhile, the HSE is to issue updated advice to all maternity hospitals and units on its visitation guidance.

It recently sent out advice asking maternity hospitals to review it approach and adopt a “least restrictive approach possible”.

Fianna Fail’s John Lahart, however said that TDs have been getting emails for months from expectant mothers and their partners.

He read an email he received from a pregnant woman who was in hospital and spoke of how she was “alone, lonely, vulnerable, anxious, angry and confused”.

“I don’t think the response has been strong enough in asking all maternity units to review their approach again,” Lahart added.

“Why, when the CMO has said there is no good reason why partners cannot accompany their partners either to prenatal appointments or in labour, how many hospitals are not complying with this?”

Reid said: “There is nobody more aware than ourselves in the HSE and the medical teams who provide compassionate care for mothers and babies.

“We have to do things very differently in terms of infection prevention and control.

“A lot of our 19 maternity hospitals are old and old hallways and old antenatal rooms and are not built for dealing with infection prevention.”

He said that 16 out of the 19 maternity hospitals were working through complying with the measures, but three were not, which included Wexford, Kilkenny and Tullamore maternity units.

The HSE chief clinical officer Colm Henry they are are amending the guidance this week for those attending early pregnancy assessment units.

“We are also planning to alter our visiting guidance and roll that out across all 19 units,” Henry added.

It also emerged during the hearing that young people aged 18-20 may have to wait until September or October to receive their Covid-19 vaccination.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

View 39 comments
Close
39 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Install the app to use these features.
    Mute Michael Healy
    Favourite Michael Healy
    Report
    Jun 23rd 2021, 8:01 AM

    Let’s hope the appropriate security and constant refresh training is put in place now for all public sector employees, not just the ones working in the hse, about the dangers of clicking on dodgy links in emails and spotting suspected attempts at ransomware. There’s no point fixing everything and putting nice shiny security measures in place, if the people using the systems aren’t kept upto date and given training every 6 months to keep them vigilant about preventing this again

    214
    Install the app to use these features.
    Mute Neil Neart
    Favourite Neil Neart
    Report
    Jun 23rd 2021, 5:18 PM

    @Michael Healy: The responsibility for this catastrophe rests with the Minister for Health Simon Harris.

    13
    Install the app to use these features.
    Mute Frédéric Slimane
    Favourite Frédéric Slimane
    Report
    Jun 23rd 2021, 5:31 PM

    @Neil Neart: it can’t be all on him can it!how long has he been in office for?

    6
    See 1 more reply ▾
    Install the app to use these features.
    Mute Sean
    Favourite Sean
    Report
    Jun 23rd 2021, 6:20 PM

    @Michael Healy: Chronic underinvestment in IT and cyber security for many years made this an inevitability for the HSE . Let’s not blame Anne from Accounts for clicking on the wrong link!

    9
    Install the app to use these features.
    Mute Limited Edition
    Favourite Limited Edition
    Report
    Jun 23rd 2021, 8:11 AM

    8:53am HSE offices.

    Someone’s email inbox:

    Subject line: you gotta see this!

    Email: “Friends laughed at him but soon wanted to know how he did it… dad discovers life hack to millions of euro. Click here to learn how”

    *** installing malware ***

    8:54am Nation wide system failures

    136
    Install the app to use these features.
    Mute Mickety Dee
    Favourite Mickety Dee
    Report
    Jun 23rd 2021, 10:53 AM

    @Limited Edition: That is some seriously fast encryption malware

    22
    Install the app to use these features.
    Mute Jess Obourn
    Favourite Jess Obourn
    Report
    Jun 23rd 2021, 4:34 PM

    @Limited Edition:

    “Mary what’s my password again for the computer?”
    “Its hse123 Declan, try it again”
    “1 2 3 H S E”
    “Not working Mary”
    “Ring your man in IT, whats his name?”
    “Hello son, im trying to enter my password number 123 but its not working”

    20
    Install the app to use these features.
    Mute Jonathan
    Favourite Jonathan
    Report
    Jun 23rd 2021, 7:52 AM

    Good work guys, so stressful on a lot of people

    104
    Install the app to use these features.
    Mute Barry Sorensen
    Favourite Barry Sorensen
    Report
    Jun 23rd 2021, 1:11 PM

    What baffles me is that they are not recovering the servers from backups. Did they not have backups? What was their Disaster Recovery Plan? Who was running that show?
    Any half aware small business in the land has multiple on site and offsite backups to recover from. Its so much faster to recover from backups than to decrypt servers.

    98
    Install the app to use these features.
    Mute Mickety Dee
    Favourite Mickety Dee
    Report
    Jun 23rd 2021, 2:40 PM

    @Barry Sorensen: The data isn’t the issue, it’s the prices to ensure there is no malware still lurking that costs the money

    5
    Install the app to use these features.
    Mute Barry Sorensen
    Favourite Barry Sorensen
    Report
    Jun 23rd 2021, 10:41 PM

    @Mickety Dee: Modern backups take server images, not just data backups. Recover the image from pre infection from an offsite backup.

    4
    Install the app to use these features.
    Mute David Van-Standen
    Favourite David Van-Standen
    Report
    Jun 23rd 2021, 2:05 PM

    At this rate the next estimate will be a billon euro by next Friday..

    78
    Install the app to use these features.
    Mute David Corrigan
    Favourite David Corrigan
    Report
    Jun 23rd 2021, 2:10 PM

    @David Van-Standen: It’s only tax payers money David. Its like a play thing to those in power.

    89
    Install the app to use these features.
    Mute Michael Dikie Foran
    Favourite Michael Dikie Foran
    Report
    Jun 23rd 2021, 2:03 PM

    Must be priced by the fookers building the. Children’s hospital joke

    86
    Install the app to use these features.
    Mute Claude Saulnier
    Favourite Claude Saulnier
    Report
    Jun 23rd 2021, 8:42 AM

    How many servers were encrypted in the first place? Just to get an idea of what 3/4 means.

    63
    Install the app to use these features.
    Mute Ger
    Favourite Ger
    Report
    Jun 23rd 2021, 10:05 AM

    Whatever became of the encryption key that was placed online? Was it used? Did it work? I’ve heard nothing about it since the day that story broke

    46
    Install the app to use these features.
    Mute Mickety Dee
    Favourite Mickety Dee
    Report
    Jun 23rd 2021, 10:57 AM

    @Ger: Yes it was used. The slowdown is to make sure the servers are clean. I guess the only way to be sure it’s to completely rebuild the servers from the bottom up and add them back into the network one by one

    28
    Install the app to use these features.
    Mute Ger
    Favourite Ger
    Report
    Jun 23rd 2021, 3:44 PM

    @Mickety Dee: cheers. I hadn’t heard anything about it.

    1
    Install the app to use these features.
    Mute Diarmuid O'Braonáin
    Favourite Diarmuid O'Braonáin
    Report
    Jun 23rd 2021, 2:42 PM

    why civil servants have any input in this is beyond me. We should have a separate dept of specialists like most countries have. All govt IT systems are 20 years behind other countries. Let me give you an example. How many times have people had to write a physical letter and post it into a govt department or fill out a form….

    We need change and we need it now. A separate department that looks after all other govt departments in all IT areas be it infrastructure or software development. The PPARS project for the HSE was budgeted at 15 million and topped out at 220 million all of which went to accenture. WHY? Because the govt keeps outsourcing everything and it costs 10 to 20 times more doing things like this.

    39
    Install the app to use these features.
    Mute Bain triail aisti
    Favourite Bain triail aisti
    Report
    Jun 23rd 2021, 7:04 PM

    @Diarmuid O’Braonáin: Main hurdle is public sector staff and their inherent resistance to any change.
    Strangely this disaster will enhance the HSE IT department immeasurably, achieving what otherwise would have been impossible.

    9
    Install the app to use these features.
    Mute Damian Ryan
    Favourite Damian Ryan
    Report
    Jun 23rd 2021, 2:24 PM

    Between this and Covid. Our great grand children will still be paying. In extra taxes

    33
    Install the app to use these features.
    Mute Watchful Axe
    Favourite Watchful Axe
    Report
    Jun 23rd 2021, 12:18 PM

    Is the phishing cold calls/machine voice messages gone up in the last few weeks. I got plagued with multiple calls over a day from different vodafone numbers on home and work phones within a week of each other. How can it be worth the expense for these guys. There should be an option to report as spam caller in a menu.

    30
    Install the app to use these features.
    Mute Franny Ando
    Favourite Franny Ando
    Report
    Jun 23rd 2021, 3:25 PM

    @Watchful Axe: Crazy today home phone and mobile. Blocking no good just come back on another 087 number.

    7
    Install the app to use these features.
    Mute Ixtrix Net
    Favourite Ixtrix Net
    Report
    Jun 23rd 2021, 3:42 PM

    @Watchful Axe:
    what ‘expense’? the calls originate off VoiP numbers, a simple hack changes what number you see. Staffed by people where a days wage can be less than a couple of sms message between different networks here

    2
    Install the app to use these features.
    Mute Max Power
    Favourite Max Power
    Report
    Jun 23rd 2021, 2:14 PM

    Near half billion doesn’t sound too bad … it makes the near half million a year that the CEO is getting sound like good value !

    31
    Install the app to use these features.
    Mute Graham McNamara
    Favourite Graham McNamara
    Report
    Jun 23rd 2021, 11:48 AM

    So it takes 6 weeks to decrypt 3/4 of it but many months to fully decrypt! Why is that?

    29
    Install the app to use these features.
    Mute Richard Mccarthy
    Favourite Richard Mccarthy
    Report
    Jun 23rd 2021, 9:23 AM

    There are so many scams now being put out its scary to think one click could land you in the $hite.

    31
    Install the app to use these features.
    Mute GrumpyAulFella
    Favourite GrumpyAulFella
    Report
    Jun 23rd 2021, 2:46 PM

    Memories of the catastrophic PPARS HSE systems implementation here where another consultancy firm laughed all the way to the bank. Accenture are providing the consultancy to HSE to recover their IT infrastructure along with US cyber security consultants. My guess is that they have hit the HSE with an outrageous recovery plan over an extended timeline consuming thousands of consultancy days at a ludicrous daily rate. HSE are not in a position to contest the quotes as Accenture know that they have them over a barrel and there’s taxpayer money there to be milked. PAC need to be all over this and DPER need to be involved also. A thorough due diligence exercise on the quotes, overall cost and tendering process is required. Big announcement from Accenture today also.

    22
    Install the app to use these features.
    Mute MrJohne
    Favourite MrJohne
    Report
    Jun 23rd 2021, 2:25 PM

    As Accenture are about to take on 500 new staff..

    17
    Install the app to use these features.
    Mute Mary Nugent
    Favourite Mary Nugent
    Report
    Jun 23rd 2021, 2:51 PM

    The Government were advised before about attacks.

    16
    Install the app to use these features.
    Mute Gerard Heery
    Favourite Gerard Heery
    Report
    Jun 23rd 2021, 4:55 PM

    SOME country to turn money into confetti

    14
    Install the app to use these features.
    Mute Dave Hammond
    Favourite Dave Hammond
    Report
    Jun 23rd 2021, 4:19 PM

    Hmm I’d love to see an breakdown of the half a billion spend of taxpayers money in some detail – the random required was rumoured to be 20 million – so to retain the high moral ground and absolutely not solve the problem with negotiation they decided that we should spend half a billion repairing the damage – - how moch do we pay these guys to run our health service exactly? How embarrassing will it be when after spending the 500miklikn they get hit again – there is nothing more certain than that’s gonna happen – I love Ireland

    13
    Install the app to use these features.
    Mute Navillus O Nai
    Favourite Navillus O Nai
    Report
    Jun 23rd 2021, 7:26 PM

    If they just spent the money upgrading from Windows 7 to Windows 10 like everyone else had to, instead of paying Microsoft to support Windows 7 years after it was discontinued, I wonder would they be in the same boat?

    8
    Install the app to use these features.
    Mute Sean Fallon
    Favourite Sean Fallon
    Report
    Jun 23rd 2021, 3:17 PM

    That interview with Reid was on radio earlier..

    He was ASKED would it cost half a billion.
    He REPLIED it has cost at least €100 million.

    Where are we getting he said it would be half a billion??

    8
    Install the app to use these features.
    Mute Pablo 123
    Favourite Pablo 123
    Report
    Jun 23rd 2021, 4:08 PM

    Increase the pension age to 72.5 years immediately

    7
    Install the app to use these features.
    Mute Frédéric Slimane
    Favourite Frédéric Slimane
    Report
    Jun 23rd 2021, 5:29 PM

    “there will be many lessons learned.”i bet expensive ones at that!

    5
    Install the app to use these features.
    Mute Paul Whitehead
    Favourite Paul Whitehead
    Report
    Jun 23rd 2021, 4:47 PM

    Hope that includes the price for new cables… will be 2 billion otherwise.

    4
    Install the app to use these features.
    Mute Stephen Bergin
    Favourite Stephen Bergin
    Report
    Jun 23rd 2021, 11:03 PM

    This is a f#$king scandal of the highest proportion. They knew 2 years ago they had no security protection. Reckless decision. Then pay themselves 400k….. banana Republic…..

    1
    Install the app to use these features.
    Mute Fifty Shades of Sé
    Favourite Fifty Shades of Sé
    Report
    Jun 24th 2021, 10:50 AM

    They might have Windows 10 installed before Windows 11 comes out.

    1
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.

Leave a commentcancel

 
JournalTv
News in 60 seconds