'Safe and steady' progress made as HSE attempts to regain control of IT system

LAST UPDATE | 15 May 2021

HSE CHIEF PAUL Reid has said that “safe and steady progress” has been made overnight in dealing with the fallout of a “sophisticated” ransomware attack that the Government called “possibly the most significant cyber attack on the Irish State”.

The HSE was made aware of the attack in the early hours of Friday, and shut down all national and local IT systems yesterday in order to protect them from encryption by attackers.

Because computers are shut down as a precautionary measure, some health services have been affected: the extent of the disruption varies from each hospital and service.

The Covid-19 vaccination programme has not been affected by the attack, and people should attend those appointments as normal. The HSE is still planning to administer between 260,000 and 280,000 Covid-19 vaccine doses next week.

Reid has encouraged the public to continue to register for a vaccine appointment through the online portal, saying that the system is safe to use. People aged between 50 and 69 are eligible to register, with information on those between 40 and 49 expected to be released next week.

Covid test results and contact-tracing services have been successfully restored after being disrupted yesterday.

Anyone who has symptoms of Covid-19 is asked to self-isolate and contact your GP, who may advise you to attend one of the walk-in Covid-19 test centres. 

However, the Department of Health has said that “due to the current disruption of the HSE IT systems” daily Covid-19 figures are not available. Backdated figures will be published “when possible”, a spokesperson said.

Not paying a ransom

The HSE yesterday confirmed that a ransom has been sought but said it will not be paid, in line with State policy.

When asked today about whether the HSE would pay out a ransom to ensure patient data was not released by the attackers, Reid did not confirm but said that the HSE was working with cybersecurity experts to ensure patient data is not released.

However, Reid also said that due to how patient data is stored across multiple systems, there was currently no indication of how much patient data has been accessed by the attackers.

“We’re now assessing across each system, what level of data was encrypted [by attackers], what level of data may have been compromised,” Reid told Saturday with Katie Hannon. 

“So that’s still a process that we’re going through before we move to the recovery phase.”

The systems were hit by a Conti ransomware attack, where attackers enter into a computer system and study how it works, before compromising anything they can and announcing their attack to the victim.

Reid said it was “quite a sophisticated” attack, a “major incident” for the health service, and is a “human-operated” cyber attack.

According to Reid, teams have made progress in identifying the nature of the attack and some of the potential impacts that the ransomware attack has caused.

The HSE’s backup systems are currently safe, with Reid saying that teams are assessing whether or not there has been any impact on the data stored within the backup systems.

Minister of State for Public Procurement and eGovernment Ossian Smyth told RTÉ News yesterday that the attack was not espionage, and that it was an international attack.

“This is a very significant attack, possibly the most significant cyber attack on the Irish State,” Smyth said.

He added that the motive is to encrypt private data, and threaten to publish the data if a ransom is not paid.

Update on appointments

Appointments were cancelled by a number of hospitals yesterday and thousands more could be cancelled next week.

In a statement released this afternoon, the Saolta Group of Hospitals said the cyber attack “continues to have a considerable impact on hospital services”.

The Saolta Group covers the following hospitals:

• Letterkenny University Hospital
• Sligo University Hospital
• Mayo University Hospital
• Roscommon University Hospital
• Portiuncula University Hospital
• Merlin Park University Hospital
• University Hospital Galway

Maternity services and dialysis treatment will go ahead. Patients should also attend their chemotherapy appointments unless contacted and advised otherwise.

The following cancellations have been confirmed:

• All outpatient clinics
• All diagnostics including x-ray, CT scans, MRI appointments and cardiac investigations
• Endoscopy services
• Radiotherapy services at UHG
• All elective inpatient and day case procedures are cancelled; a small number of procedures may go ahead and in this event patients will be contacted directly

The statement noted: “Patients can expect significant delays in the Emergency Departments and Roscommon Injury Unit as existing IT systems are not in use and the manual workarounds in place are time-consuming.

“We ask patients to contact their GP or GP Out Of Hours Service in the first instance if their health problem is not urgent. 

“Where possible patients should bring their existing patient number or board number with them when they come to the hospital. This number appears on appointment letters, test results, blood test results.

“We would like to thank our patients for their understanding at this difficult time.”

The UL Hospitals Group has also issued an update today, saying that a majority of outpatient appointments and elective procedures will go ahead as scheduled on Monday 17 May.

The UL Group covers:

• University Hospital Limerick (UHL)
• Ennis Hospital
• Nenagh Hospital
• St John’s Hospital
• University Maternity Hospital Limerick

The group is advising that patients attend for their appointments and procedures unless contacted directly by the hospital and advised otherwise.

Read Next

Related Reads

HSE confirms ransom has been sought over cyber attack but says it will not be paid

Explainer: What is a ransomware attack and why has the HSE been targeted?

“We apologise to patients who are experiencing delays and disruptions to our service,” said the group in a statement.

The emergency department at UHL will continue to operate but currently is very busy. They are currently urging all members of the public to consider all care options and only attend the ED in an emergency.

Non urgent patients may face significant delays, according to the UL Hospitals Group. Injury units are still in operation in Ennis, Nenagh and St John’s.

The Maternity Emergency Unit remains available 24/7 and the Early Pregnancy Assessment Unit remains appointment only.

The UL Hospitals Group also said that there may be further disruption next week.

The Dublin Midlands Hospital Group has released this update about cancelled appointments.

See statement below from @DMHospitalGroup regarding the current situation in our hospitals following the ransomware attack on the @HSELive IT systems. Updates will be posted as they become available. We thank our patients & the public for their understanding at this time. pic.twitter.com/02KZyDrSN6

— Dublin Midlands Hospital Group (@DMHospitalGroup) May 14, 2021

Patients have been advised to check the websites and Twitter accounts of the HSE and the hospital group in their area for the latest updates.

National Cyber Security Centre

Communications Minister Eamon Ryan and junior minister Ossian Smyth were both briefed by the National Cyber Security Centre (NCSC) this morning, with the agency saying that their full resources are being put to supporting the HSE in its response to the attack.

A spokesperson for the Department of the Environment, Climate and Communications today said that the NCSC’s full resources “have been committed to supporting the HSE in its response to the cyber attack, and the NCSC is liaising with international partners and third-party contractors”.

“This work will continue throughout the weekend with the focus on supporting the HSE’s recovery process in order to minimise disruption to services.”

Speaking yesterday evening, Taoiseach Micheál Martin said it would take “some days” to assess the impact of the cyber attack.

He was also clear that no ransom would be paid, and said that it would be dealt with in a “methodical way”.

Security sources have said that the most likely suspects for the attack are criminals who are ‘state actors’.

“This is an almost daily occurrence, and the HSE were targeted this time. In terms of cyber security the most difficult thing is that these hackers are state backed and are most likely from North Korea, Russia or China,” a cyber security source said.

With reporting by Gráinne Ní Aodha and Tadgh McNally