Following the discovery of a ransomware attack Thursday, Ireland’s core patient management system and radiology system are out of commission, says the country’s Health Service Executive.
“There has been a cyber attack on our IT systems. This has caused some disruption to our services. Most appointments will go ahead as planned but many X-ray appointments are cancelled,” said the HSE in a statement.
Virtually all X-ray, MR and CT scans across the country have been cancelled, with radiation machines temporarily closed and treatment halted at the country’s five radiology centers, St. Luke’s Hospital, Beaumont Hospital, St. James’s Hospital, Galway University Hospital and Cork University Hospital. The radiation oncology system for cancer patients has also been compromised across the board, and a number of HSE hospitals have cancelled all outpatient appointments, reports The Irish Times
Director general Paul Reid told RTE's radio show Morning Ireland
that it would cost “tens of millions” of euros to “fix” the network system.
The attack is believed to be perpetrated by a criminal gang based in Eastern Europe who are accused of encrypting and possibly stealing health service data. The attackers have demanded an unspecified ransom amount to release the data. The government, in accordance with state policy, has refused to pay the ransom.
The National Cyber Security Centre (NCSC), as a precaution, suspended some functions of its IT system as part of its response. Some hospitals have even switched over to using paper-based chart systems as a precaution, but at the cost of not being able to order lab tests or radiology electronically, said Anne O’Connor, chief operations officer at HSE.
“Our priority has to be to get a patient management system back that gives us access to people’s information so even things like blood transfusion, matching bloods, looking at previous records for medication, allergies, etc., we do not have any access,” she told the radio talk show, Newstalk’s On the Record with Gavan Reilly
, adding that it was unknown at this time how much data the attackers were able to access.
HSE chief clinical officer Dr. Colm Henry told Irish broadcast program, RTÉ’s This Week
that he is unsure when services would resume but that the disruption would continue well into the next week. He also said that it was still “too early to say” if patient information had been compromised and that it would be a slow process to assess each server to determine this. He added, however, that COVID-19 testing and the vaccination program was unaffected.
While their radiology equipment was impacted, large voluntary hospitals' patient management systems were not as badly affected due to using a slightly different computer system. They include Beaumont, the Mater, St. James’s, Tallaght Hospital, St. Vincent’s in Dublin, Mercy University Hospital and Cork University Hospital.
The HSE is currently working to disconnect machines so individual pieces of equipment can work alone. It also has some clean backup data, which could be used to rebuild its servers, but the process would be slow, said O’Connor.
A plan to treat all urgent radiation patients in the private sector has been implemented.