Paul Reid: It will take weeks, not days to deal with impact of HSE hack

“Ultimately, we are seeing a process of weeks rather than days of impact. We have made some good steady progress throughout the weekend. Certainly, the decryption key and script does help us in the process," he said.

“So what we are doing now is assessing each of those national systems we want to restore. Which ones we restore, which ones we have to rebuild, which ones we may have to remove, and certainly the decryption process helps us in that. So good progress over the weekend, particularly in some of the national systems,” he added.

He said that over the next few weeks, some hospitals will regain access to national systems, including patient administration systems, but that it is a “slower process". 

Important of injunctions

 Mr Reid also stressed the importance of the injunctions secured from the High Court restraining any sharing, processing, selling or publishing of data stolen from its computer systems in a massive cyberattack.

“It's a very strong order issued by the High Court which ultimately, for persons known or unknown, it does make it ultimately a criminal offence for sharing of information or putting on a platform, or indeed redistributing information,” he said.

The HSE CEO said the service has employed its own company in order to do their own scans for any leaked data, and they have been working closely with social media companies who have been offering their assistance.

Right now, the main focus is on constraining the impact, according to Mr Reid.

“Obviously, we'll be talking with the data protection commissioner should data be published, and indeed with people themselves. So we're doing everything we possibly can across a range of initiatives, but it is a high risk,” Mr Reid said.

“We have sought the advice of some of the best people we can in this area to see how we constrain the publication of this data. The high court order was a very important part of this process but ultimately it would be a legal process for later. For right now, we want to engage with all the regulatory, legal authorities of the state and do everything we possibly can,” he added.

Chief information officer

It was put to Mr Reid that there hasn’t been a chief information officer, or somebody in charge of the IT system in the HSE since Richard Corbett resigned in 2017, and he was asked whether he was going to appoint one.

“Well there has (been). We have a full-time CIO in place since then who has done tremendous work throughout Covid to have systems for testing and tracing deployed that we never had, and is now working relentlessly all last week and this weekend in terms of mobilising our teams,” he added.

When asked whether this was an interim appointment, Mr Reid said that it is a long-term appointment. He also said that the HSE is looking to strengthen its overall technology.

“We will be putting in more roles and even this year, we're putting in more roles and indeed more senior roles into our IT technology organisation overall,” Mr Reid said.

“Many of these risks we identified ourselves over a period of time, and we have them on our risk register and we are very conscious with the actions we have to take to address them,” he added.