Ireland’s health service has temporarily shut down its IT system after what it described as a “significant ransomware attack”.
The Health Service Executive (HSE) said it had taken the precaution of closing down its systems to further protect them and assess the situation.
Ireland’s Health Minister Stephen Donnelly said the incident was having “a severe impact on [the] health and social care services”.
Emergency services continued, he said.
Anne O’Connor of the HSE told Irish broadcaster RTÉ on Friday afternoon that if “this continues to Monday, we will be in a very serious situation and we will be cancelling many services”.
“At this moment we can’t access lists of people who are scheduled for appointments on Monday, so we don’t even know who to cancel,” she said.
A number of hospitals in the Republic of Ireland are reporting disruption to services.
- Dublin’s Rotunda Hospital has cancelled outpatients visits, due to a “critical emergency”, unless women are 36 weeks pregnant or later. All gynaecology clinics are cancelled. It said those with any urgent concerns should attend.
- The National Maternity Hospital in Dublin also said there would be “significant disruption” to its services on Friday “due to a major IT issue”.
- St Columcille’s Hospital in Dublin said some virtual appointments and matters related to electronic records were postponed.
- Children’s Health Ireland (CHI) at Crumlin Hospital advised people there were delays and all virtual/online appointments had been cancelled.
- The UL Hospitals Group, which consists of six hospital sites in the midwest, said in a statement that “long delays are expected” for patients attending its services. It said emergency services are still operating and people with an outpatient appointment or scheduled procedure should attend unless they are contacted and “advised otherwise”.
The HSE is tweeting about what services have been affected.
I have been in regular contact with @paulreiddublin this morning about this cyber attack on the @HSELive IT systems. We are working to ensure that the systems and the information is protected. COVID-19 testing and vaccinations are continuing as planned today.
— Stephen Donnelly (@DonnellyStephen) May 14, 2021
In a tweet, Mr Donnelly said his department is working to ensure the systems and information is protected.
He added that Covid-19 vaccinations and testing would proceed as normal.
‘Significant and serious’
Earlier, HSE chief executive Paul Reid told RTÉ’s Morning Ireland it is working to contain a sophisticated human-operated ransomware attack on its IT systems.
He said that the cyber attack was affecting all national and local systems involved in all core services.
Mr Reid described the attack as “significant and serious”.
“We are working with all of our major IT security providers and the national security cyber team are involved and being alerted, so that would be the major state supports including gardai [Irish police] the defences forces and third party support teams,” he added.
There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.
— HSE Ireland (@HSELive) May 14, 2021
Mr Reid said the attack is focused on accessing data stored on central servers.
He said it is a major incident, but that no ransom demand has been made at this stage.
Computer viruses that threaten to delete your files unless you pay a ransom are known as ransomware.
Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it.
Rotunda Hospital Master Professor Fergal Malone said they had discovered during the night that they were victims of the ransomware attack, which is affecting all of its electronic systems and records.
Prof Malone said he believed it could also have affected other hospitals, which was why they had shut down all of their computer systems.
Rotunda Critical Emergency
Due to a serious IT issue all outpatient visits are cancelled today – unless you are at 36 weeks pregnant or later. All gynae clinics are cancelled today.
If you have any urgent concerns please attend as normal.
Further updates will follow.
— The Rotunda Hospital (@RotundaHospital) May 14, 2021
Prof Malone said all patients are safe and the hospital had contingency plans in place so it can function normally using a paper-based system.
He added that this would slow down the processing of patients, which is why the hospital was looking to limit the numbers attending appointments on Friday.
He said life-saving equipment was in operation and it was computers with healthcare records that have been affected.
“We have systems in place to revert back to old fashioned based record keeping,” he said.
“Patients will come in, in labour, over the weekend and we will be well able to look after them.”
The child and family agency, Tusla, said its IT systems are not operating as a result of the attack, as the agency is hosted on the HSE network.
It said any person wishing to make a referral about a child can do so by contacting the office in their area.
The HSE tweeted that the National Ambulance Service is “operating as per normal with no impact on emergency ambulance call handling and dispatch nationally”.
‘Zone of uncertainty’
Professor Seamus O’Reilly, oncologist at Cork University Hospital, said all of its computers had been switched off due to the cyber attack.
He told RTÉ that the HSE had acted quickly, but that it was distressing for patients who are awaiting results and “living in that zone of uncertainty”.
Prof O’Reilly said cancer care was time dependent on technology and the hospital is anxious to proceed with treatment.
Krysia Lynch, chair of the Association for the Improvement in Maternity Services in Ireland, said it was time to ask the HSE if they have patient records stored in a robust way and if they have proper cyber defences for this type of ransomware.
“If they are moving to electronic records for all maternity hospitals they need to have their assurances in place as it is very difficult to have maternity services disrupted in this way.”