Support from readers like you keeps The Journal open.
You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.
If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.
HSE CHIEF PAUL Reid has said that “safe and steady progress” has been made overnight in dealing with the fallout of a “sophisticated” ransomware attack that the Government called “possibly the most significant cyber attack on the Irish State”.
The HSE was made aware of the attack in the early hours of Friday, and shut down all national and local IT systems yesterday in order to protect them from encryption by attackers.
Because computers are shut down as a precautionary measure, some health services have been affected: the extent of the disruption varies from each hospital and service.
The Covid-19 vaccination programme has not been affected by the attack, and people should attend those appointments as normal. The HSE is still planning to administer between 260,000 and 280,000 Covid-19 vaccine doses next week.
Reid has encouraged the public to continue to register for a vaccine appointment through the online portal, saying that the system is safe to use. People aged between 50 and 69 are eligible to register, with information on those between 40 and 49 expected to be released next week.
Covid test results and contact-tracing services have been successfully restored after being disrupted yesterday.
Anyone who has symptoms of Covid-19 is asked to self-isolate and contact your GP, who may advise you to attend one of the walk-in Covid-19 test centres.
However, the Department of Health has said that “due to the current disruption of the HSE IT systems” daily Covid-19 figures are not available. Backdated figures will be published “when possible”, a spokesperson said.
Not paying a ransom
The HSE yesterday confirmed that a ransom has been sought but said it will not be paid, in line with State policy.
When asked today about whether the HSE would pay out a ransom to ensure patient data was not released by the attackers, Reid did not confirm but said that the HSE was working with cybersecurity experts to ensure patient data is not released.
However, Reid also said that due to how patient data is stored across multiple systems, there was currently no indication of how much patient data has been accessed by the attackers.
“We’re now assessing across each system, what level of data was encrypted [by attackers], what level of data may have been compromised,” Reid told Saturday with Katie Hannon.
“So that’s still a process that we’re going through before we move to the recovery phase.”
The systems were hit by a Conti ransomware attack, where attackers enter into a computer system and study how it works, before compromising anything they can and announcing their attack to the victim.
Reid said it was “quite a sophisticated” attack, a “major incident” for the health service, and is a “human-operated” cyber attack.
Advertisement
According to Reid, teams have made progress in identifying the nature of the attack and some of the potential impacts that the ransomware attack has caused.
The HSE’s backup systems are currently safe, with Reid saying that teams are assessing whether or not there has been any impact on the data stored within the backup systems.
Minister of State for Public Procurement and eGovernment Ossian Smyth told RTÉ News yesterday that the attack was not espionage, and that it was an international attack.
“This is a very significant attack, possibly the most significant cyber attack on the Irish State,” Smyth said.
He added that the motive is to encrypt private data, and threaten to publish the data if a ransom is not paid.
Update on appointments
Appointments were cancelled by a number of hospitals yesterday and thousands more could be cancelled next week.
In a statement released this afternoon, the Saolta Group of Hospitals said the cyber attack “continues to have a considerable impact on hospital services”.
The Saolta Group covers the following hospitals:
Letterkenny University Hospital
Sligo University Hospital
Mayo University Hospital
Roscommon University Hospital
Portiuncula University Hospital
Merlin Park University Hospital
University Hospital Galway
Maternity services and dialysis treatment will go ahead. Patients should also attend their chemotherapy appointments unless contacted and advised otherwise.
The following cancellations have been confirmed:
All outpatient clinics
All diagnostics including x-ray, CT scans, MRI appointments and cardiac investigations
Endoscopy services
Radiotherapy services at UHG
All elective inpatient and day case procedures are cancelled; a small number of procedures may go ahead and in this event patients will be contacted directly
The statement noted: “Patients can expect significant delays in the Emergency Departments and Roscommon Injury Unit as existing IT systems are not in use and the manual workarounds in place are time-consuming.
“We ask patients to contact their GP or GP Out Of Hours Service in the first instance if their health problem is not urgent.
“Where possible patients should bring their existing patient number or board number with them when they come to the hospital. This number appears on appointment letters, test results, blood test results.
“We would like to thank our patients for their understanding at this difficult time.”
The UL Hospitals Group has also issued an update today, saying that a majority of outpatient appointments and elective procedures will go ahead as scheduled on Monday 17 May.
The UL Group covers:
University Hospital Limerick (UHL)
Ennis Hospital
Nenagh Hospital
St John’s Hospital
University Maternity Hospital Limerick
The group is advising that patients attend for their appointments and procedures unless contacted directly by the hospital and advised otherwise.
Related Reads
HSE confirms ransom has been sought over cyber attack but says it will not be paid
Explainer: What is a ransomware attack and why has the HSE been targeted?
“We apologise to patients who are experiencing delays and disruptions to our service,” said the group in a statement.
The emergency department at UHL will continue to operate but currently is very busy. They are currently urging all members of the public to consider all care options and only attend the ED in an emergency.
Non urgent patients may face significant delays, according to the UL Hospitals Group. Injury units are still in operation in Ennis, Nenagh and St John’s.
The Maternity Emergency Unit remains available 24/7 and the Early Pregnancy Assessment Unit remains appointment only.
The UL Hospitals Group also said that there may be further disruption next week.
The Dublin Midlands Hospital Group has released this update about cancelled appointments.
See statement below from @DMHospitalGroup regarding the current situation in our hospitals following the ransomware attack on the @HSELive IT systems. Updates will be posted as they become available. We thank our patients & the public for their understanding at this time. pic.twitter.com/02KZyDrSN6
— Dublin Midlands Hospital Group (@DMHospitalGroup) May 14, 2021
Patients have been advised to check the websites and Twitter accounts of the HSE and the hospital group in their area for the latest updates.
National Cyber Security Centre
Communications Minister Eamon Ryan and junior minister Ossian Smyth were both briefed by the National Cyber Security Centre (NCSC) this morning, with the agency saying that their full resources are being put to supporting the HSE in its response to the attack.
A spokesperson for the Department of the Environment, Climate and Communications today said that the NCSC’s full resources “have been committed to supporting the HSE in its response to the cyber attack, and the NCSC is liaising with international partners and third-party contractors”.
“This work will continue throughout the weekend with the focus on supporting the HSE’s recovery process in order to minimise disruption to services.”
Speaking yesterday evening, Taoiseach Micheál Martin said it would take “some days” to assess the impact of the cyber attack.
He was also clear that no ransom would be paid, and said that it would be dealt with in a “methodical way”.
Security sources have said that the most likely suspects for the attack are criminals who are ‘state actors’.
“This is an almost daily occurrence, and the HSE were targeted this time. In terms of cyber security the most difficult thing is that these hackers are state backed and are most likely from North Korea, Russia or China,” a cyber security source said.
With reporting by Gráinne Ní Aodha and Tadgh McNally
Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.
Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.
To embed this post, copy the code below on your site
Close
96 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic.
Please familiarise yourself with our comments policy
here
before taking part.
So Dr Anthony Holohan, it’s okay for children to be in school in a full class for five hours with approximately 30 other pupils but it’s not okay to sit down in a restaurant for about an hour with your family for a meal!
@Jimmy Pea: And ok for them to be inside a hotel bar restaurant for hours on end yet a normal bar restaurant is somehow more dangerous to kids. Laughable.
@Paul Furey: Where are your facts Paul?!?! You never have any…… Heres an exert from an article and a link to the article pointing out that Holohan was against face masks for the public initially.
“Dr Holohan and others trotted out a litany of reasons why face masks would be an ineffective measure for the general public.”
@Paul Hedderman: at the time he was following what was public health advice world wide, people really need to build a bridge and stop getting personal about Dr Holohan.
@Jimmy Pea: oh change the record. People say the same thing every single day. Everything doesn’t revolve around sitting in a darned restaurant. Dr Holohan is doing the best he can with the tools he has (pardon the pun lol) and don’t bring up the cervical checks either. That was tragic, absolutely heartbreaking but he didn’t single handedly tell all those women they were fine. Give the man a break for goodness sake.
@GClare: It wasn’t public health advice worldwide at the time, and many countries had implemented masks months before us. In certain countries like Ireland and the US, the government flat out lied to us about mask wearing. That was the Irish public health advice at the time. Blatantly lying to the people of Ireland has consequences for future public health advice, such as this indoor dining charade.
@Jimmy Pea: That statement was the clearest signal of NPHET being allowed to over step their mark repeatedly. Even with the slightest good news story of families being allowed to finally dine together (behind all other countries) they feel the need to put the sword in. Why do anything at all ever?
“The Chief Medical Officer yesterday advised parents that it is safer not to bring children into indoor dining settings.” How was it safe last year when we had no vaccines and the vulnerable weren’t protected with vaccines? But now this year its not safe? What has changed between this year and last year? Has the virus gotten more deadly because globally deaths are nowhere near what they were last year?
Lastly I’d love to know where did he get his information form to come to this conclusion or is it just his opinion which is not based on facts or science?
@David Clements: We have a paradox. How is it safe to go to a pub inside in Newry and not in Dundalk? Its safe for an unvaccinated family to have a meal indoors in a hotel restaurant but not in one with no hotel. If safe all over Europe for unvaccinated kids to have meal with their parents but its unsafe here? The whole of Europe is lifting restrictions, in Ireland we had introducing more restrictions and bigger fines and penalties.
They have lost the public on this. We all saw the football stadiums full of people. Bars and restaurants full of people enjoying themselves. Maybe we have a different strain of Covid here that no one told us about.
@Diarmuid O’Braonáin: Newry is in a different country, different jurisdiction. 48,000 cases in the UK yesterday and 49 deaths. Would you be hedging bets on any UK decision being safe given their disastrous mismanagement of the crisis? I wouldn’t. The rest of Europe is not opening up and relaxing restrictions. They are doing the opposite.
It’s a terrible decision. We should be either following medical evidence which advises against unvaccinated in a crowded indoor setting or advocate personal responsibility and allow people to make their own decisions.
This idea of allowing some unvaccinated indoors but not others based on what happens to be politically convenient at the time is absolutely absurd and leads to a general sense of unfairness and annoyance among the public.
@Rochelle: yes but is there any consideration at all for businesses and workers livelihoods. You’ve left this important variable out. The dilemma is to get businesses open, people in work while trying to protect the health of the general population as best we can. What is your alternative solution that checks those boxes?
If you chose not to get the vaccine I have no sympathy for you. But what’s the difference d
Between an unvaccinated 16 or 17 year old that can go in while a 19 or 20 year old who hasn’t got a vaccine yet can’t?
@Ronan O’Keeffe: trying to make sense of it, good luck with that.
Imagine the people who for reasons of not being able to take the vaccine for medical reasons…
For people who have legitimate concerns about the rushed method in which this was brought out & of its effectiveness against new strains…
For people who were very concerned about a government proposal to spy & inform in your neighbours if they were breaking restrictions ..
A government who has locked up an elderly lady for 3 months for not wearing a mask while in England they are set to announce that masks are no longer required everywhere.
Good luck trying to make sense of this arbitrary discrimanatory legislation from a government who having giving themselves 3 pay raises during Covid & tell us we are all in it together.
@Hear me now: as they deliver more broken promises then run up the stairs without having to take any questions.
& for anyone who questions this mess or doesn’t go along with the general narrative they are mocked… ridiculed…called anti-vaxxers… conspiracy theorists…
Never be afraid to challange the status quo _ always ask questions…do not just nod & accept.
Be good everyone…Hopefully tomorrow will be better than today.
Rant over.
@Ronan O’Keeffe: because we decided – ages ago – that 18 was the start of adulthood. With all the rights and responsibilities and requirements to abide by the rules that come with being an adult.
@EvieXVI: we also decided – ages ago – that discrimination is totally unacceptable and should not be tolerated in any developed, civilised society, but hey-ho here we are.
@Eoin Jackson: that depends on your definition of discrimination. When a decision is made for the common good and a law introduced for the common good then this is not discrimination. The needs of the many outweigh the wants of the few. That’s how society works.
But its ok to bring them into the Hotel Bar and not the Bar up the street.. has Professor Tony giving a Logical difference between a Hotel bar and a bar next door..
This latest ‘concession’ raises more questions.
If asymptomatic children can still pass on the virus as we have been told then surely this latest move by the government is totally irresponsible?
This decision has nothing to do with COVID. Just a weak government looking for brownie points.
@Will: That’s exactly it, it’s a decision made purely for optics. They’ll claim they’re mostly following the health advice but also listening to the public.
In reality this is the worst outcome for the public since the virus will spread more among unvaccinated children and staff in indoor dining and many young people will be prevented from dining indoors.
We need a government with the courage to pick a lane on issues like this.
@Rochelle: what’s the alternative. Those kids are not in school at present and are in a protective bubble at hime with their vaccinated parents. Chances are any socialising they are doing during the height of Summer is outdoors. Simple. It’s a huge conspiracy theory after all.
“we need to trust people” – yeah when it comes to this one specific detail, everything else it’s just lock it down to stop people doing it. Talking out of both sides of his mouth.
Not a chance that will happen. It will be pushed out 2/3 weeks and then it will be decided to wait for a few weeks to allow schools to reopen and then your into October at which time cases will be high (which wont mean anything with majority vaccinated) but it will put off until next year.
@Roisin Lyons: you should ask all the people who were outraged last week at the prospect of not being allowed to dine indoors with their kids who are not eligible to be vaccinated yet. This was a decision based on public pressure
So. I have chosen not to get the vaccine at the moment for my own personal reasons. I have bent over backwards to make sure I complied with all the restrictions since day 1. I am a young healthy person, BUT anyone who caught the virus can avail of this now luxury. You are now being rewarded a license for being covid positive. If I had of known that I’d be out with the masses having raves and pints and drinks with everyone
@Alexandra Molloy: you should be glad that everyone else is getting vaccinated to protect you, and happy enough to eat and drink outdoors for a few weeks or months so that enough people are vaccinated that you won’t need to worry about it
No that you can get a meal and a pint indoors can the government let non essential workers have driving lessons and start getting more driving tests done
Pope Francis had 'peaceful' night in hospital, Vatican says
Updated
4 hrs ago
15.0k
Kyiv
Zelenskyy says he would resign from Ukrainian presidency 'immediately' for NATO membership
8 mins ago
263
The Morning Lead
People living in illegal cabins - including family forced to dismantle home - tell their stories
16 hrs ago
40.7k
82
Your Cookies. Your Choice.
Cookies help provide our news service while also enabling the advertising needed to fund this work.
We categorise cookies as Necessary, Performance (used to analyse the site performance) and Targeting (used to target advertising which helps us keep this service free).
We and our 152 partners store and access personal data, like browsing data or unique identifiers, on your device. Selecting Accept All enables tracking technologies to support the purposes shown under we and our partners process data to provide. If trackers are disabled, some content and ads you see may not be as relevant to you. You can resurface this menu to change your choices or withdraw consent at any time by clicking the Cookie Preferences link on the bottom of the webpage .Your choices will have effect within our Website. For more details, refer to our Privacy Policy.
We and our vendors process data for the following purposes:
Use precise geolocation data. Actively scan device characteristics for identification. Store and/or access information on a device. Personalised advertising and content, advertising and content measurement, audience research and services development.
Cookies Preference Centre
We process your data to deliver content or advertisements and measure the delivery of such content or advertisements to extract insights about our website. We share this information with our partners on the basis of consent. You may exercise your right to consent, based on a specific purpose below or at a partner level in the link under each purpose. Some vendors may process your data based on their legitimate interests, which does not require your consent. You cannot object to tracking technologies placed to ensure security, prevent fraud, fix errors, or deliver and present advertising and content, and precise geolocation data and active scanning of device characteristics for identification may be used to support this purpose. This exception does not apply to targeted advertising. These choices will be signaled to our vendors participating in the Transparency and Consent Framework.
Manage Consent Preferences
Necessary Cookies
Always Active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then these services may not function properly.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not be able to monitor our performance.
Store and/or access information on a device 104 partners can use this purpose
Cookies, device or similar online identifiers (e.g. login-based identifiers, randomly assigned identifiers, network based identifiers) together with other information (e.g. browser type and information, language, screen size, supported technologies etc.) can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here.
Personalised advertising and content, advertising and content measurement, audience research and services development 136 partners can use this purpose
Use limited data to select advertising 106 partners can use this purpose
Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).
Create profiles for personalised advertising 78 partners can use this purpose
Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.
Use profiles to select personalised advertising 77 partners can use this purpose
Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.
Create profiles to personalise content 37 partners can use this purpose
Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.
Use profiles to select personalised content 33 partners can use this purpose
Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects. This can for example be used to adapt the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.
Measure advertising performance 127 partners can use this purpose
Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.
Measure content performance 60 partners can use this purpose
Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non-advertising) content e.g. reached its intended audience and matched your interests. For instance, whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on this service and the web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you.
Understand audiences through statistics or combinations of data from different sources 75 partners can use this purpose
Reports can be generated based on the combination of data sets (like user profiles, statistics, market research, analytics data) regarding your interactions and those of other users with advertising or (non-advertising) content to identify common characteristics (for instance, to determine which target audiences are more receptive to an ad campaign or to certain contents).
Develop and improve services 82 partners can use this purpose
Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.
Use limited data to select content 38 partners can use this purpose
Content presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type, or which content you are (or have been) interacting with (for example, to limit the number of times a video or an article is presented to you).
Use precise geolocation data 43 partners can use this special feature
With your acceptance, your precise location (within a radius of less than 500 metres) may be used in support of the purposes explained in this notice.
Actively scan device characteristics for identification 25 partners can use this special feature
With your acceptance, certain characteristics specific to your device might be requested and used to distinguish it from other devices (such as the installed fonts or plugins, the resolution of your screen) in support of the purposes explained in this notice.
Ensure security, prevent and detect fraud, and fix errors 86 partners can use this special purpose
Always Active
Your data can be used to monitor for and prevent unusual and possibly fraudulent activity (for example, regarding advertising, ad clicks by bots), and ensure systems and processes work properly and securely. It can also be used to correct any problems you, the publisher or the advertiser may encounter in the delivery of content and ads and in your interaction with them.
Deliver and present advertising and content 96 partners can use this special purpose
Always Active
Certain information (like an IP address or device capabilities) is used to ensure the technical compatibility of the content or advertising, and to facilitate the transmission of the content or ad to your device.
Match and combine data from other data sources 68 partners can use this feature
Always Active
Information about your activity on this service may be matched and combined with other information relating to you and originating from various sources (for instance your activity on a separate online service, your use of a loyalty card in-store, or your answers to a survey), in support of the purposes explained in this notice.
Link different devices 50 partners can use this feature
Always Active
In support of the purposes explained in this notice, your device might be considered as likely linked to other devices that belong to you or your household (for instance because you are logged in to the same service on both your phone and your computer, or because you may use the same Internet connection on both devices).
Identify devices based on information transmitted automatically 84 partners can use this feature
Always Active
Your device might be distinguished from other devices based on information it automatically sends when accessing the Internet (for instance, the IP address of your Internet connection or the type of browser you are using) in support of the purposes exposed in this notice.
Save and communicate privacy choices 64 partners can use this special purpose
Always Active
The choices you make regarding the purposes and entities listed in this notice are saved and made available to those entities in the form of digital signals (such as a string of characters). This is necessary in order to enable both this service and those entities to respect such choices.
have your say