The Health Service Executive has warned it will take weeks to fully repair the damage caused by the recent cyber attack on its IT systems.

The HSE's Chief Operations Officer said all of its IT systems are still shut down as work continues to build up the underpinning systems.

Anne O'Connor said some clean back-up data had been found, which will allow for a rebuilding of the patient management systems.

Speaking on RTÉ's Six One News, Ms O'Connor said it is a very complex task as the HSE has 2,000 patient facing systems and 80,000 devices.

They are particularly hampered in relation to their radiology systems, oncology radiation and maternity systems, she said. There is no access to historical data and there are challenges in labs, she added.

"There is a chance" that some historical files could be lost, she said, but currently they are assessing the back-up data to see what is there.

Ms O'Connor said key systems have to be turned back on first, beginning with patient management, labs and radiology but she said this had to be done one server at a time and this phase would take a considerable amount of time.

Ms O'Connor said historical data is the first priority so that patient scans, X rays and other details can be checked.

Hospital emergency departments remain open, she said, but are operating more slowly as all details have to be transcribed manually.

There is no database access to lab results and this has resulted in staff delivering handwritten results to hospital departments.

She said another priority was the payroll systems as staff are due to be paid on Thursday.

Ms O'Connor said at the moment some of the big voluntary hospitals in Dublin are being prioritised as they are built on a different system, however it will take some time longer to restore core HSE hospitals.

There are 14,000 people booked into outpatient clinics a day, she said, and many of these have been cancelled over the coming days. Urgent cases are being moved to private hospitals for treatment.

Ms O'Connor said the impact around the country was different - there have been far more cancellations in the west and the south but there was a very mixed picture in hospitals in the east.

Outpatients who have appointments booked for the coming days should check the HSE's website which is being regularly updated. She urged people to check in advance of turning up for appointments.

Read More:
'Number of days' before systems back working - HSE
'No sense' other agencies affected by attack - Ryan
Vaccine appointments continue despite HSE cyber attack

HSE Chief Executive Paul Reid said: "The reality here is we are trying to restart 30 years of technology investment over a few days" and he said "realistically this will work out in weeks, rather than just days".

He said steady progress has been made "throughout the last 48 hours ... aiming to restore particularly some of the voluntary hospitals and, in parallel, some of the national systems, such as the national imaging system and the patient administration system."

Mr Reid said that "some hospitals will come up sooner than others" and he said the HSE expects to make good progress this week by "stepping-up some hospitals and services over the coming days".

He said: "We have 2,000 systems in total to step up across the whole country and as we step those systems up, we have to test their resilience, how they connect between each other and if any corruption emerges between one system and another."

Mr Reid said while services will begin to improve over the coming days, the cyber attack is "extremely impacting on us right now at quite a serious level all across the country".

He added: "It is a process over the coming few weeks where we will have to manage the step back up of services and the resilience of the networks that support those services.

"So we will see progress, we are making progress but it is going to continue over a sustained period of time."

Asked about the type of data targeted by the ransomware, Mr Reid said: "The reality of these criminal organisations is they do target all of your data and access the most sensitive data that they see as value to them and we are working through that in each of our systems."

While some of the systems have not been impacted at all, the HSE chief said work is ongoing to establish if any data has been compromised.

"Some patient data in some systems seems to have been impacted but that is a slower process where we just have to see how corrupt is has been.

"How we can restore it without being impacted or indeed what data they may have extracted themselves?"

Earlier, the HSE warned GPs that its clinical laboratory capacity for checking samples from patients may be reduced to as little as 10%, due to last week's cyber attack.

In a letter from Chief Clinical Officer Dr Colm Henry, and seen by RTÉ News, GPs have been told not to send any samples of any kind to HSE laboratories unless it is "essential to decisions that must be made right away".

GPs have also been notified that samples they submitted before last Friday may no longer be suitable for processing when the system recovers, and it may be necessary to submit fresh samples from patients.

Dr Henry said that as the HSE recovers, it will need to process urgent samples. As a result, it needs to avoid having many "aged and often deteriorated samples" when the IT systems come back.

The HSE electronic system to communicate the results of these tests to GPs is not functioning and it is also unable to look up the results of previous samples.

Also today, the Minister for Justice met the Garda Commissioner and the head of the Garda Cybercrime Bureau in relation to the ransomware attack on the Department of Health and HSE.

Minister not aware of data loss as a result of cyber attack

Minister for eGovernment, Ossian Smyth, said he is not aware of any loss of data as a result of the cyber attack on the HSE's IT system.

Speaking on RTÉ's Today with Claire Byrne, Mr Smyth said the HSE back-up servers, which store back-up data, have not been affected.

He said the ransomware would have attempted to delete data on back-up servers, but he said he is not aware of any data loss.

"As far as I understand, we are not aware of any server where we have lost data. We have the back-ups, and so far, we are not aware of any data loss," he said.

Mr Smyth said he would expect that some data would be published on the Dark Net.

He agreed that this may be distressing for some people, but said most of the HSE data affected has been administrative data rather than clinical data.

The minister also said that many of Ireland's major hospitals have their own systems and in most cases their clinical data was not breached.

"It is distressing. The only thing I would say is that most of the HSE's data is administrative. A lot of the major hospitals, the Mater, Vincent's, James's and so on, keep their own systems and are not affected."

Mr Smyth said the focus remains on restoration and rebuilding HSE systems, adding he has been "impressed" at how quickly the HSE was able to get systems dealing with Covid-19 testing, tracing and vaccination back up and running after "very short interruptions".

He said that no ransom will be paid, adding that the cyber attack will be treated as a GDPR incident.

He described the hack as a "targeted criminal attack of the worst kind".

"This criminal gang were targeting different elements and were spending time investing, aiming for a body that they know was under stress at that moment when they were focusing on the pandemic and that resources were allocated away from security. It was a targeted criminal attack of the worst kind."

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

The former director general of the HSE said there needs to be a much greater emphasis on cyber security across the public sector.

Tony O'Brien said there is now an opportunity to look at "old and redundant systems" and invest in getting the best long-term defences in place.

Speaking on RTÉ's Today with Claire Byrne, he said the HSE has a highly-skilled and capable ICT team, but that the overall spend on ICT is a quarter of what is expected in comparative health teams in other developed countries.

Additional reporting Tommy Meskill