The cost to the Health Service Executive of dealing with last year’s cyberattacks on its IT systems has risen to almost €52 million.
Most of the costs incurred so far arise from “mitigations” taken since the cyberattack rather than direct costs on remediating the security breach to the HSE’s computer systems, it said.
The cost includes €42 million spent after the incident last year and a further €9.8 million spent this year up to mid-July.
The information was provided by HSE chief information officer Fran Thompson in response to a parliamentary question from Sinn Féin TD Darren O’Rourke.
Amitav Ghosh: ‘Ireland is where the British created all their colonial methods, it’s where they tried it out first’
Prof Donal O’ Shea: ‘The positioning of Ronald McDonald House at the entrance to the new children’s hospital makes me angry’
Joe Schmidt: ‘I felt if we could have built on our lead after half time’
‘It doesn’t have to be them or us’: Teachers behind new book of refugees’ stories want to challenge stereotypes
It has been forecast that the total cost of the cyberattack, blamed on criminal gangs in Russia, could reach €100 million.
Mr O’Rourke said the latest figures highlighted the massive cost to the State caused by “this despicable cyberattack. Although lower than initial estimates, I suspect this is not the final tally and the taxpayer will be left with an even higher bill. The costs aren’t just financial, this caused massive logistical problems for already over-stretched staff in our health service and led to an unquantifiable amount of disruption to patient care.”
Mr O’Rourke said it was “evident” the National Cyber Security Centre has not been provided with the necessary funding, staffing or resources to meet the growing challenge of cyberattacks.
HSE workstation
The opening of a malicious Microsoft Excel file attached to a phishing email led to the cyberattack that crippled the health service for weeks last year, according to a report on the incident published last December.
The file was opened at a HSE workstation in March 2021, two months before ransomware “detonated”.
Over these eight weeks, a number of alerts were raised within the health service that the IT system might be compromised, but the significance of the alerts was not identified at the time.
The ransomware that was introduced into the system was “detonated” on May 14th, resulting in healthcare professionals losing access to all HSE-provided IT systems.