Thousands of medical procedures, appointments and scans scheduled for next week have been cancelled following a cyberattack on the health service.
The Irish Times reports that the Health Service Executive (HSE) has said the disruption caused by the attack on its IT system will last well into next week, with it to be at least three days before the scale of the damage is clear.
The fallout from the biggest cybercrime attack seen in the State will force the cancellation of many HSE services.
“It’s not just that appointments have to be cancelled, but you can’t even see who has an appointment,” said a senior source.
Most elective work early next week is likely to be deferred, as diagnostic information from scans and other tests is not available online.
The attack places further pressure on a health system already struggling following 14 months of the Covid-19 pandemic — with more than 630,000 patients currently waiting for an outpatient appointment and 79,000 on the in-patient waiting list.
Covid test delays
While the attack brought parts of the health service to a standstill on Friday, the rollout of Covid-19 vaccines continued largely unaffected. Over 52,000 people were immunised.
The provision of test results and contact-tracing services, which run on a separate computer system from the rest of the health service, were restored last night after being disrupted for most of the day.
Chief medical officer Dr Tony Holohan warned the attack would impede the ability of the health service to organise effective testing but said the incident should not distract people from the basic public health messages.
Patients with symptoms should self-isolate and attend one of the HSE’s self-testing centres, Dr Holohan said.
“We haven’t switched off testing and there is no reason to think the public will deviate from their behaviour,” he added.
IT staff in the HSE have yet to determine the extent of damage caused by the “zero-day threat” attack, which means there was no previous experience of how to respond.
It is not yet known if patient data has been compromised.
Over the weekend, the HSE plans to restart individual elements of the its IT system once they have been risk-assessed and cleared, but the process is expected to continue into next week.
There are fears a second ransom demand may be received, threatening to release patient data if money is not paid.
A ransom in Bitcoin has been sought by criminal elements behind the attack, but the HSE has said this will not be paid, in accordance with State policy.
“We’re very clear we will not be paying any ransom,” Taoiseach Micheál Martin said. “Or engaging in that sort of stuff, so we’re very clear on that.”
Department of Health
There were indications on Friday night that the attack had not been confined to the HSE, with a Government minister saying issues had been identified at the Department of Health.
Minister of State at the Department of Public Expenditure and Reform, Ossian Smyth, there may have been a “serious breach” and that department systems would be examined over the weekend to assess the extent of any damage done.
Mr Smyth said the attack was carried out by a “serious international group”.
Gardaí are liaising with the HSE and the National Cyber Security Centre, as well as sharing information with Europol.
The HSE said the attack began at about 4.30am on Friday and that IT staff switched off systems as a “precaution” to protect data.
Emergency, ambulance and most GP services were unaffected, but hospitals were forced to return to the use of paper.
Naas hospital and St Luke’s hospital in Dublin said outpatient appointments on Monday had been cancelled, while Wexford has cancelled X-ray and endoscopy appointments.
The Royal Victoria eye and ear hospital has cancelled outpatient appointments “until further notice”, while Wexford general hospital will decide on Sunday whether Monday’s appointments go ahead.
The Rotunda Hospital has cancelled some outpatient appointments on Monday and Tuesday next week. St Vincent’s University Hospital in Dublin has not cancelled any appointments.
The HSE is regularly updating this webpage with any changes.