The HSE is unable to reassure people that their sensitive medical information will not be leaked online.
It comes after the health service fell victim to a significant ransomware attack in the early hours of Friday morning.
A ransomware’ attack involves hackers gaining access to an entity's data and threatening to publish it or encrypt it unless a 'ransom' is paid.
The Government has insisted Ireland will “not be paying any ransom” to the hackers and the HSE is currently working to rebuild its system from “clean backup data.”
On Newstalk Breakfast this morning, HSE Chief Operating Officer Anne O’Connor said there is no guarantee those behind the attack will not publish people’s private medical information.
“We know that the data has been encrypted but we don’t know what data has been taken,” she said.
“The nature of this attack is that data is encrypted and potentially stolen. We are working through that at the moment but we don’t know what data if any is gone.
“We do know that some data has been compromised but that is as much as we know and our teams are working through that now to determine what data has been impacted
“That work is still underway and unfortunately, we can’t give assurance in terms of what data may or may not have been stolen.
“We have been in contact with the Data Protection Commission that there has been a potential breach but in terms of the nature of that, but we are not sure of that yet and that work is underway in terms of mapping what that data might be.”
Pressed on whether she can offer people with sensitive medical issues any reassurance that their information will be posted online, she said: “I am not able to reassure them.”
“We are currently trying to determine what data has been impacted by this,” she said. “We have no evidence that anything is up on the web or has been stolen but as I said, that is being worked through today and over the coming days.”
"Significant impact"
Ms O’Connor said the situation will undoubtedly lead to further delays in the health system – noting that doctors around the country have been asked only to request blood tests in urgent circumstances.
“This is going to have a significant impact,” she said. “It will depend on how long it goes on for.
“We know that every day in the country we see about 14,000 outpatients. The biggest impact of this attack has been, as you said, in radiology. So, it is not about the inability of the machine to take the scan … our challenge is that we can’t have results available. We can’t relay results.
“If you imagine people coming in through emergency department, if we send them for a scan or a blood test – our lab system is greatly compromised too in terms of results - we have no way of relaying those results to clinicians in the hospital … and equally we can’t get results out to GPS for blood tests.
“Everything has to be manually transcribed now. Every request for a test and every result has to be manually transcribed and we have had to bring staff back into the hospital to basically work as runners between labs and radiology departments.
“We have no electronic systems so you can imagine the delay that will bring in. From a GP perspective, we have no way … our lab capacity now is down to under 10%. We wrote out to all GPs yesterday to say please send in urgent blood test only because again everything has to be hand transcribed.”
Ransom
The Taoiseach has said there is no prospect of any ransom being paid to those behind the attack.
Ms O’Connor said that decision is a matter for Government – but noted that the longer the system is compromised the greater the risk to patients.
“From a health service provision perspective, we are very concerned and our risk will increase as the week goes on,” she said.
“We know that, as we move towards the back end of this week, our risk goes up in terms of just not being able to access records.
“That is being taken into account I’m sure in terms of the people that are discussing this. We have the whole of Government, as well as the National Cyber Security Team, An Garda Síochána and Interpol working on this and that will be a decision for them to make based on all of the different views – particularly from the health service and others.”
On Newstalk Breakfast this morning, the Minister of State for eGovernment, Ossian Smyth said the HSE has spent the weekend retrieving data from back-up devices.
On this week’s Tech Talk, Newstalk technology correspondent Jess Kelly sat down with Ronan Murphy of SmartTech247 to find out everything you need to know about ransomware attacks, including the big question - to pay or not to pay?
You can listen back to Anne O'Connor here:
