HSE database with sensitive gynae information shut down
The database holds details about abortions, pregnancies, and other intimate gynaecological procedures. Picture: iStock/PA
A HSE database containing sensitive gynaecological information about more than 100,000 women has been shut down because of last week’s HSE hack.
Experts are trying to find out if the data on it can be retrieved and the HSE does not yet know what information – if any – has been permanently lost.
While other patient-related systems are also affected, one of the main ones is the agency’s Maternal and Newborn Clinical Management System (MN-CMS).
The electronic filing system was introduced to Cork University Maternity Hospital in December 2016 and has since been extended across many of the country’s maternity hospital services network.
It has been shut down since last Friday, leading to fears it may have been compromised, and data from it stolen by the hackers.
Thousands of maternity hospital appointments have had to be cancelled because staff have no access to patient digital records stored on that system.
The currently inaccessible information includes details about abortions, pregnancies, and other intimate gynaecological procedures.
The MN-CMS also contains time-sensitive data which mothers-to-be currently need during their pregnancy. This includes information on previous pregnancies or scans taken a few weeks ago.
A HSE spokesperson said: “We have no evidence yet that any patient records will prove to be irretrievable. Every element of the system is shut down and some [of it] will be compromised.
“We don't think any patient records are permanently lost but we don't know, nor do we know when we will get [them] back.”
Krysia Lynch, chair of AIMS Ireland, which works with women in the maternity system, said: “AIMS Ireland has it on reasonable authority that the HSE’s maternal records system has gone down and appears to have been compromised.
“And they need to assure individual women how the potential loss of those records is going to be rectified, and an additional healthcare plan needs to be put in place. This should include the proviso that if a procedure or scan needs to be redone, then it will be redone.”
While it has not yet identified a specific route through which the hackers entered the system, the HSE has acknowledged its core patient management system is incapacitated.
The biggest single central patient management system the HSE operates is the MN-CMS.
This is an electronic health record (EHR) service for all women and babies being cared for in maternity, newborn and gynaecology services in Ireland.
The sort of data the system records is information about scans, previous pregnancies, and other sensitive gynaecological information.
Also recorded on the MN-CMS are the details of thousands of abortions. They are entered into a woman's electronic medical records file as a "STOP" – a surgical termination of pregnancy.
A number of maternity hospitals have cancelled almost all appointments that would have relied on the system to work.
The public procurement process for the new system began in late 2011 and concluded with contract signing with Cerner in early 2014.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
