HSE #CyberAttack Health Services Impact – UPDATE

As a member of the Health Service Executive (HSE) Regional Health Forum, I wanted to share with you an update on the impact the recent cyber-attack has and is having on our health services. Over the coming days, I will endeavour to share with you further updates as and when I have secured that information from the HSE.

HSE Cyber Security Incident – UPDATE

“Many of our Emergency Departments are very busy and patients requiring non urgent care should expect significant delays. Hospital emergency departments are relying on manual processes for a lot of their work at the moment. We are asking the public to please consider All Care options in advance including Injury Units, GP Out of Hours and your local pharmacy. 

The cyber attack is continuing to have a particularly serious impact on radiation oncology, with medical staff unable to access detailed individual treatment plans. We are working to find options to continue to treat affected patients. 

This criminal ransomware attack has had a significant impact on patient care and there continues to be major disruptions. You can find more details on service disruptions on hse.ie.

Viewing the HSE website is entirely safe, and the public and staff are encouraged to do so to access information.

Work continues today in assessing the impact and beginning to restore HSE IT systems.   This work will take many weeks and we anticipate major disruption will continue due to the shutdown of our IT systems.  

Our priority is to bring back key patient care systems in line with clinical priority and to keep our patients safe while maintaining essential care and support services.

The HSE continues to work with the National Cyber Security Centre, and with national and international experts including McAfee, to rectify this issue.”

Health Services update:

• Services around the country are seeing impacts and disruptions, many essential services are continuing. People can check updates on services that are affected on the HSE website service updates page.
• Hospitals are working to get priority systems back online including radiology and diagnostic systems, maternity and infant care, patient administration systems and radiation oncology.
• Many health services are operating essential and urgent services, without access to critical IT systems, with the most common impacts being seen in radiology, radiotherapy and laboratory systems.
• This means that essential services, like blood tests and diagnostic services are taking much longer to operate than usual, using manual processes ,and increasing turnaround times for patients in our care.
• Health services are being asked to plan for operating essential services within contingency arrangements for the next two weeks. Larger voluntary or specialist hospitals, many based in Dublin, are being prioritised for restoration as soon as possible within that planning process.
• The HSE’s Chief Clinical Officer has provided guidance to all clinicians on patient safety and priority focus while our services respond to this attack – see HSE Clinical Guidance here.
• Services nationwide and the HSE centrally is assessing risk on an ongoing basis and putting in place new arrangements to maintain care and patient safety in hospital and community services.
• Hospitals and community services nationwide are seeing varied impacts, but all teams are responding with contingency arrangements, including redeploying staff, rescheduling some procedures and appointments, and adjusting processes as needed.
• Vaccinations and COVID test and trace are operating, without the GP referral system for testing, and people with symptoms may attend test centres without an appointment.  These services have seen usual levels of attendance over recent days.
• The National Ambulance Service is operating normally and all systems and services are working as usual.

Information Systems Response:

• Our priority remains to bring back key patient care systems in line with clinical priority. This includes diagnostic imaging, laboratory systems and radiation oncology.
• Progress has been made in relation to rebuilding the NIMIS (national integrated medical imaging system). This is the system used for CT scans, X-rays and MRI scans nationally and is in place in over 60 locations nationwide. This work is technically complex and will take time to do safely.   
• The cyber attack is continuing to have a particularly serious impact on radiation oncology, with medical staff unable to access detailed individual treatment plans. We are working to find interim solutions and options to continue to treat affected patients.
• Some IT systems or parts of the IT system in voluntary hospitals could return this week. However for other hospitals we are looking at a longer period, in some cases several weeks before their systems return.
• The HSE Office of the CIO is building a national collaboration platform for staff which will include email and Microsoft Teams. This is complex technical work being done at pace.
• Progress is being made on rebuilding systems to allow HSE staff to communicate by email securely. This is part of the core infrastructure being rebuilt at a foundational level. It involves rebuilding a large number of servers and is a complex, technical process.
• HSE payroll systems were prioritised for assessment and contingency arrangements are being worked on to mitigate any risk to payments that are due to staff this week.
• The Defence forces are assisting and support the HSE in the deployment of end point devices such as servers, desk tops, PCs at locations nationwide. They will also provide operational support nationally to the HSE. 
• We are currently still in the assessment phase for many areas and in the early recovery phase for some. Overall there are four phases to this process. The four phases are Containment, Communication, Assessment and Recovery. 
• We continue to work with the National Cyber Security Centre and the State agencies including An Garda Siochana and the Defence Forces. 
• Operating teams are working 24 7 to resolve this situation in a planned structured response under the direction of a HSE national co-ordination centre. 
• There are approximately 2,000 IT patient facing systems, each supported by infrastructure,  multiple servers and devices.  They are still being put through a rigorous process of assessment and recovery in a controlled and structured way.
• In addition there are 80,000 HSE devices which are being assessed. The IT system has grown and evolved over 30 years, and we are trying to bring it back online. Different sections will need to be brought back online in a structured, co-ordinated, safe way.   
• Progress continues to be made on getting servers cleaned, restored and back online. This is in line with the pace we had anticipated, and is a stepped, methodical process, to mitigate the risk of re-infection. We are also looking at interim solutions to get some servers back online in a proven safe way.  
• Every voluntary hospital has been given a series of steps to get IT systems assessed and to identify a pathway to get them back up and running. The first phase, which is still underway, is checking to see whether their systems are clean.
• It is clear that data on some servers has been encrypted but the full extent of this remains unknown at this point.
• While we believe we will have lost some details of recent clinical activity we anticipate that we will recover older patient records.