HSE ransomware attack: Thousands of appointments to be cancelled into next week

Battle to maintain services as HSE becomes the latest health service to have its data 'held hostage' by online criminals
HSE ransomware attack: Thousands of appointments to be cancelled into next week

Thousands of patients face cancelled appointments into next week at least as the HSE continues to battle the ransomware attack which crippled its IT systems from early yesterday morning.

HSE chief clinical officer Dr Colm Henry insisted the problem could be resolved in “a number of days”. Yet even as he was speaking hospitals were already cancelling appointments for next week with a number saying they are cancelled “until further notice”.

The attackers struck early in the hours of Friday morning, encrypting data across the health system so emails, test results — including vital blood tests — and patient records suddenly became unavailable.

Gardaí and Interpol are investigating

A few hours later, the HSE received a note telling it that it was the victim of a ransomware attack. The message included a link to be clicked for instructions on what to do next. That message is now in the possession of An Garda Síochána. Interpol is also involved in the investigation as are national cyber security teams.

The attack is a type of ransomware known as Conti which operates a double extortion effect; the information is encrypted but the attackers may also threaten to steal and expose the data.

Taoiseach Micheál Martin said last night: "We're very clear we will not be paying any ransom or engaging in any of that sort of stuff," and said the issue is being dealt with in a way that is in accordance with the advice of cybersecurity experts.

Instructions to HSE staff

Messages went out early yesterday telling HSE employees to leave computers and all electronic devices turned off. 

Throughout the day, staff worked the phones cancelling thousands of appointments around the country.

Many were working 'blind', as they could not access electronic records in many cases, although some departments, which still work with paper alongside electronic records, had better access.

Dr Henry said: “We will honour appointments [next week] unless you are notified by the hospitals. 

It seems clearer now it will take a number of days to get to the bottom of this, to resolve it and to reopen services. 

Cancer services have been particularly impacted, with non-urgent radiation appointments cancelled in droves.

Maternity hospitals are also severely affected. The Master of Dublin's Rotunda Hospital, Fergal Malone, asked women not to attend appointments scheduled for Friday, unless they were over 36 weeks pregnant, or in an emergency.

Tests and vaccinations continue 

In Munster, the Ireland South Women and Infants Directorate cancelled outpatient gynaecology clinics across Cork, Kerry, Waterford, and South Tipperary.

GPs were unable to book Covid-19 tests, although a new system to allow people to attend test centres without an appointment was put in place within hours.

Covid-19 vaccinations are arranged using an IT system separate to the main HSE system, but even this was offline until late yesterday. Vaccinations continued unabated.

The out-of-hours GP service continues over the weekend unaffected, as does the emergency National Ambulance Service.

A number of hospitals including South Tipperary General Hospital have now cancelled non-urgent care appointments for Monday, and some for later in the week.

'Zero-day threat'

Yesterday afternoon, HSE chief operations officer Anne O’Connor warned the services will be in “a very serious situation” if the issue is not resolved quickly.

And she said that, up to that point, the HSE was not aware of any patient data being compromised.

Ms O’Connor told RTÉ the cyberattack was a ‘zero-day threat', meaning it is a new vulnerability, and the HSE had no previous knowledge of it.

Health watchdog Hiqa had already been preparing to start a review of the national electronic referrals eHealth system later this year.

Rachel Flynn, Hiqa's director of health information and standards, said the attack shows the need for “continuously investing in and strengthening the security infrastructure”.

She called for “robust business continuity plans” to allow every level of the health service from local to national to prepare for ransom attacks, and said these should be “regularly tested, reviewed [and] updated locally.” 

More in this section

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.