Minister for Health Stephen Donnelly has said technology experts assisting with the Health Service Executive recovery from last week's cyber attack have reported that a lot of medical files have not been compromised.

Speaking on RTÉ's News at One, Minister Donnelly said extensive back-ups are also said to be in place.

The Minister said "no effort is being spared", and "everything is being done" to repair the damage caused, adding that "good progress" was being made in areas of radiology, diagnostic services and radiation oncology.

"What we're focusing on right now are radiology and diagnostics, radiation oncology, patient administration and voluntary hospitals.

"There is some good news there, progress is being made there are teams working on this, there are hundreds of people across the system working on this," he said.

"Radiology and diagnostics, there is good progress being made similarly for radiation oncology in the patient administration system. That's really important, so the hospital knows who's meant to be coming in, they can prepare."

The Minister said over the weekend the "base layer" server of Health Service Executive data was rebuilt. He said this is the first layer server upon which all the other systems are built.

It "will take weeks" until all the HSE systems will be back up and running, he said, but added "high priority" areas are expected to be operational sooner.

"The briefings we have from the cyber experts, is that to have all of the systems back online where we want them will take weeks, however, it is important to say to patients, many of whom are very worried, is that there is progress going on in those priority areas and we don't expect that it will take weeks to get some of those higher priority systems up and running."

HSE warns it will take weeks to fix IT systems
'No sense' other agencies affected by attack - Ryan

Tusla facing significant challenges after cyber attack after cyber attack

He reiterated that the emergency departments are operational, as well as the ambulance service, testing, tracing and the vaccine program, which he said is "running at full speed ahead".

The Minister said a technical briefing has indicated there was nothing that happened in the Department of Health that would have led anyone to believe the HSE was under attack.

Minister Donnelly said on Thursday, the Department of Health discovered suspicious activity on its IT system and its IT team notified the National Cyber Security Centre and received technical advice that "the various malware that was put on, did not detonate, it was prevented from detonating".

The Minister said he was made aware of this early on Friday morning.

He said the cyber security experts explained that "by the time the HSE systems were shut down, there was no information from the Department of Health attack, which would have suggested the HSE had been attacked as well".

"They went on to say even if that information could have been ascertained, that the attack on the HSE system was so sophisticated and so deep, that even attempting to shut it down likely would have caused the criminals involved to trigger the malware," he said.

He said he does not know if there was any communication from the cyber security team to the HSE on Thursday, but the Department of Health's communication was with the National Cyber Security Centre.

"The Department followed the protocols which any Government department would, which is they informed the National Cyber Security Centre", he added.

The Minister re-iterated the Government's position that no ransom will be paid and said they are awaiting a detailed briefing from the technical experts on what information has been downloaded.

Cyber security under continuous review - Taoiseach

The Taoiseach said cyber security is under continuous review across all State agencies.

Speaking on his way into this morning's Cabinet meeting, Micheál Martin said these type of attacks are a very significant threat to both the State and the private sector.

He said the Government is working to make sure criminals do not exploit the situation and its response is "steady and methodical".

The HSE was last week forced to shut down all of its IT systems following the "significant" ransomware attack, which focused on accessing data stored on central servers.

Mr Martin said there is a possibility that patient data has been accessed and could be shared and that security experts are assessing the full impact of this threat and the implications .

He said it is shocking how people's lives have been disrupted and work is under way to ensure the services affected return as soon as possible.

Minister for Justice Heather Humphreys said the Government will not be blackmailed into paying the criminals who carried out the cyber attack.

"The Government will not be paying any money. We will protect our citizens. We will not be blackmailed," she said.

Minister for Communications Eamon Ryan said an assessment is under way to see how much information has been encrypted and taken out from the HSE's networks.

He said it is too early to know what gateway was used to access the system but added the "best IT brains in the country" are investigating the attack.

The Data Protection Commissioner has received personal data breach notifications from both the Department of Health and the Health Service Executive, as a result of the cyber attack.

A spokesperson said the General Data Protection Regulation (GDPR) introduced a requirement for organisations to report personal data breaches to the relevant supervisory authority [i.e. the DPC], where the breach presents a risk to the affected individuals.

Organisations must do this within 72 hours of becoming aware of the breach.

The Data Protection Commissioner says that where a breach is likely to result in a high risk to the affected individuals, organisations must also inform those individuals without undue delay.

The Minister of State for eGovernment, Ossian Smyth, has said a cyber-attack similar to that on the HSE and Department of Health has been made on a district health department in New Zealand in the last few hours.

Speaking on RTÉ's Six One News, Minister Smyth said his department's staff will be in contact with their counterparts in New Zealand to share information and offer assistance.

He said the HSE has a lot of administrative, diagnostic and financial data about patients which is highly sensitive and which people would not like to see published.

Everything possible is being done to prevent that from happening, he said, but realistically there is no way to guarrantee that it can be prevented.

Mr Smyth said he believes it is possible that some information would be deliberately published as the Government would not pay a ransom.

He described Friday's attack as highly targeted, and said it was the largest to have succeeded in getting through.

Meanwhile, Minister for Foreign Affairs Simon Coveney has spoken to his Russian counterpart, Sergey Lavrov, about the cyber attack.

The exchange happened yesterday, during a scheduled call regarding UN Security Council business.

The organised cyber crime group blamed for the attack in Ireland - Wizard Spider - is based close St Petersburg in Russia, according to intelligence agencies.

Challenges 'will undoubtedly mount' this week after IT attack - Henry

The Health Service Executive's Chief Clinical Officer said the ransomware attack has had a profound effect on the entire HSE and the ability to deliver care, and that these challenges will "undoubtedly mount" for most hospitals over this week.

Dr Colm Henry said so much of modern healthcare is heavily reliant on information technology systems for the safe delivery of care.

The HSE was last week forced to shut down all of its IT systems following the "significant" ransomware attack, which focused on accessing data stored on central servers.

Speaking on RTÉ's Morning Ireland, Dr Henry said that urgent emergency and time critical care is being delivered, but not in the same way as before.

He said that the ordering of tests, comparing of results and writing of results are "completely linked to IT", and there are people in hospitals now delivering results to consultants, while medical teams are phoning GPs directly.

He said the HSE was working with outside agencies and the priority is to re-establish those clinical systems on which critical services depend.

These include maternity, radiology, radiotherapy, newborn and diagnostics.

Dr Henry said some progress has been made with voluntary hospitals, whose systems are somewhat independent of the HSE. However, he warned that it will take a considerable period of time to restore systems to most hospitals.

He said the HSE had no choice but to shut down all systems, given that some were corrupted and information encrypted.

He said he was hopeful there will be contingency plans in place that will ensure staff get paid on Thursday as scheduled but he was not in a position to guarantee that this will happen.

In an update today, the HSE said that most appointments will go ahead as planned but that many X-ray appointments are cancelled.

Meanwhile, Minister Donnelly has said while it may take weeks for the HSE to get all its IT systems back, steady progress is being made, starting with services for the most urgent patients.

It continues to assess the impact of the attack, with the areas worst affected being radiology, diagnostics and patient administration systems.

The compilation and publication of some data on Covid-19 and vaccination progress is also affected.

There are 2,000 patients management systems and 80,000 devices to get up and running safely.

It remains unclear if patient information has been compromised

Additional reporting Karen Creed