By Cate McCurry, PA
The overall cost to the HSE following the recent cyberattack could amount to half a billion euro, an Oireachtas committee has heard.
Chief executive Paul Reid also warned that he can “never be confident” that the HSE has seen the worst of the cyberattack.
Mr Reid said that while there are financial costs, there will be human costs as well, adding that it will take months before systems are fully restored.
He told the Oireachtas health committee that the immediate costs amounted to €100 million, but that will rise when other factors are included.
— HSE Ireland (@HSELive) June 21, 2021
Fine Gael Senator Martin Conway said he expects it to amount to hundreds of millions of euro, “possibly half a billion”.
Mr Reid said Mr Conway was “correct”, adding that significant investment is needed to protect the systems.
The HSE boss said there are technical and infrastructure costs.
“There are particular costs in relation to capital costs, which would be the replacement of a number of devices across the networks,” he added.
“There is also capital costs in upgrading key systems to have them at a higher standard.
“Third party costs which relate to a number of technical expertise that we have engaged from a range of specialist providers. We have also engaged international expertise.
“There are costs we will incur in the future, and we need to put in place a security operation centre to monitor our network on a more comprehensive basis.”
He also said that a lot of the Microsoft applications will be updated, adding that immediate costs are “well over” €100 million.
“That is just to get us through this,” Mr Reid warned.
“The other costs we have is clinical costs and local IT costs we have to put in place to strengthen resourcing.
“Looking back we would have invested €82 million in malware protection but we have a really old legacy network in the HSE. It needs investment for protection, it needs investment for security and protection of data, and we will have many lessons learned from this in reports we will get.”
He said that while he is not aware of any other sensitive data belonging to patients that have been illegally accessed.
However, Mr Reid warned that the HSE may not have seen the worst of the cyberattack.
Meanwhile, the HSE is to issue updated advice to all maternity hospitals and units on its visitation guidance.
It recently sent out advice asking maternity hospitals to review it approach and adopt a “least restrictive approach possible”.
Fianna Fáil’s John Lahart, however said that TDs have been getting emails for months from expectant mothers and their partners.
He read an email he received from a pregnant woman who was in hospital and spoke of how she was “alone, lonely, vulnerable, anxious, angry and confused”.
“I don’t think the response has been strong enough in asking all maternity units to review their approach again,” Mr Lahart added.
“Why, when the CMO [chief medical officer] has said there is no good reason why partners cannot accompany their partners either to prenatal appointments or in labour, how many hospitals are not complying with this?”
Mr Reid said: “There is nobody more aware than ourselves in the HSE and the medical teams who provide compassionate care for mothers and babies.
“We have to do things very differently in terms of infection prevention and control.
“A lot of our 19 maternity hospitals are old and old hallways and old antenatal rooms and are not built for dealing with infection prevention.”
He said that 16 out of the 19 maternity hospitals were working through complying with the measures, but three were not, which included Wexford, Kilkenny and Tullamore maternity units.
The HSE chief clinical officer Colm Henry they are amending the guidance this week for those attending early pregnancy assessment units.
“We are also planning to alter our visiting guidance and roll that out across all 19 units,” Mr Henry added.
It also emerged during the hearing that young people aged 18-20 may have to wait until September or October to receive their Covid-19 vaccination.