Dedicated cybersecurity teams to help government departments after HSE cyberattack 

A dedicated security team is helping government departments respond to the cyberattack that has targeted the HSE and the Department of Health. 
Dedicated cybersecurity teams to help government departments after HSE cyberattack 

A dedicated team from the National Cyber Security Centre has been deployed to help 

A dedicated team from the National Cyber Security Centre (NCSC) has been deployed to help other government departments and state agencies reduce the risk of ransomware attacks on their networks.

In a statement issued on Sunday night, the NCSC confirmed it is working with the European Union (EU) and other international partners to share information on the attacks on the HSE and the Department of Health.

The NCSC said it has briefed Minister for Communications, Eamon Ryan along with Minister for State, Ossian Smyth about the ongoing operations. 

The centre said it is also in direct contact with the operators of essential services throughout the weekend and that this will continue into next week. 

"A dedicated team in the NCSC has also been providing specific guidance to its constituents including Government Departments and agencies and operators of essential services on appropriate measures to reduce the risk of further ransomware incidents on their networks. 

"Staff at the NCSC are in direct contact today with the operators of essential services and this will continue throughout the coming days," the statement said. 

The centre also said that the attack identified on the Department of Health reported earlier today is of a similar nature to that which affected the HSE on Friday. 

The HSE’s chief operations officer has said the health services IT system has been “significantly compromised across the board” by Friday’s ransomware attack, with little back up and running today.
The HSE’s chief operations officer has said the health services IT system has been “significantly compromised across the board” by Friday’s ransomware attack, with little back up and running today.

However, the NCSC said due to ongoing investigations into the hack, further comment on the nature of the ransomware is not possible. 

"The National Cyber Security Centre (NCSC) became aware on Thursday of an attempted cyberattack on the Department of Health. 

"The Department of Health has implemented its response plan including the suspension some functions of its IT system as a precautionary measure. 

"This attempted attack remains under investigation, however, there are indications that this was a ransomware attack similar to that which has affected the HSE," the centre said. 

Meanwhile, the Rotunda Hospital in Dublin has said it is severely affected by the cyberattack on the HSE and it is left with no access to patent charts or details.

It said it has developed paper-based systems where possible, which add more strain on its resources.

It said it is not able to contact any patients directly so it's prioritising urgent care and is extending its service changes and cancellations for a week.

Outpatient maternity appointments and scans in its Public/ Private and Semi-Private Clinics are cancelled for those who are less than 36 weeks gestation.

Those 36 weeks and over should come in for their appointment, while all outpatient appointments, procedures and surgeries for Gynaecology and Colposcopy are cancelled.

Attack victim

Earlier, the Department of Health confirmed it has been victim to a ransomware attack similar to the one which targeted the Health Service Executive (HSE) on Friday.

In a statement, the Department confirmed it was subject to a similar attack "late last week."

"Since Thursday, we have been working to respond to this incident," they added.

It's understood the Department shut down its systems after finding a digital note from the cybercrime group believed to be responsible, similar to the one discovered by the HSE.

The National Cyber Security Centre, along with the gardaí, the Defence Forces and Europol, are understood to be investigating both attacks.

The Department of Health said they continue to examine the impact across all their systems.

"Our focus is on protecting our data," they concluded.

"Significantly compromised"

Meanwhile, the HSE’s chief operations officer has said the health services IT system has been “significantly compromised across the board” by Friday’s ransomware attack, with little back up and running today.

Speaking on Newstalk, HSE chief operations officer Anne O'Connor said "the reality" is much of the HSE's IT system is still down.

"Where we're at, at the minute, is that we have between yesterday morning and this morning found that we do have some clean backup data available to be able to rebuild our servers from. 

"However, we have thousands upon thousands of virtual servers so each server is going to have to be rebuilt and brought back up individually, so it's going to be a slow process."

The HSE's system has been "significantly compromised" in terms of patient management systems, she said, alongside other systems.

"And whilst they're lower risk from a patient perspective, in terms of communicating with GPs, communication between hospitals and community services, all of that, that's all gone "

Anne O'Connor, HSE Chief Operating Officer
Anne O'Connor, HSE Chief Operating Officer

Ms O'Connor said the HSE is currently looking at rebuilding the system from clean backup data. 

“Our priority has to be patient management systems, our biggest risk at the minute relates to the fact that our core patient management system is down, as is our core radiology system, so all of our diagnostic capability in terms of radiology has gone."

"We have spent years developing an integrated system," she said.

"Now we're trying to disconnect [machines] so that individual pieces of equipment can work in isolation."

Ms O'Connor outlined the dire situation.

"If somebody's coming into a hospital for anything we have no capability now to look back at any previous tests any previous scans. We can't order, lab tests or radiology electronically."

"We have people in hospitals delivering pieces of paper around with lab results."

"It really is going back many many years for us, and there's a risk in that."

"Our priority has got to be to get a patient management system back that gives us access to people's information. So even things like blood transfusions matching bloods, looking at previous records with medications, allergies, et cetera.. we don't have any access now."

HSE chief clinician officer Dr. Colm Henry said the attack will continue to cause significant disruption to hospital services into this week at least.

Dr Colm Henry, Chief Clinical Officer
Dr Colm Henry, Chief Clinical Officer

“As a general rule of thumb, the diagnostic services are the most severely impacted in the short term because they rely heavily on IT systems for ordering tests, for imaging tests, for comparing previous history, and so it is with all lab tests.” 

The HSE has directed hospitals and GPs to focus on urgent, time-critical care as a priority, he added.

Statutory hospitals within the HSE are affected, as are voluntary hospitals although less so in some cases.

“Anything that requires our hospitals, our systems and our health care professionals and services to speak to each other and to plan and organise patient care is severely disrupted.” 

“The longer this goes on, there’s certainly greater risk. Even compiling lists of people to cancel is difficult for us because they are up on IT systems.” 

IT experts are working “flat out” to re-establish a “foundational layer upon which all these enabling IT systems which support critical services can be built,” he added.

However, it will be slow, painstaking work for them to assess each server to see if it's corrupted, re-build them and then re-establish them, he told RTÉ Radio.

When asked if personal patient files have been compromised, Dr. Henry said it was too early to say as assessments are still ongoing.

“It’s too early for me to say because we simply don’t know.” 

The Covid-19 testing system is fully capable at the moment, with those with symptoms and close contacts being prioritised.

“We have [contact tracing] contingency plans in place to ensure contact tracing takes place.” 

The vaccination system is unaffected, and the vaccine registration system is also running.

Meanwhile, people in their 40s should be able to register for a vaccine shortly with vaccination to begin this month and continue through June, Dr Henry also confirmed.

More in this section

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.