Thousands of appointments fall foul of HSE cyber attack
PUBLIC hospital appointments for thousands of Clare patients have been cancelled amid fears it may take weeks to fully resolve the serious disruption caused by the cyber attack on the HSE’s information technology systems.
Waiting lists for in-patient and outpatient procedures look set to soar over the coming weeks following the cancellation of all outpatient clinics and all elective inpatient and day case procedures except time-critical cases, diagnostic investigations including radiology and endoscopy services.
This major unexpected disruption to health services in the Mid-West coincides with the release of official figures from the National Purchase Treatment Fund, which revealed the number of in-patients on waiting lists in the region increased by 34% from 4,798 in January 2020 to 6,465 in April 2021, while the number on outpatients jumped 6.4% from 47,134 in January 2020 to 50,189. There are currently 41,035 patients on the out-patients waiting list at University Hospital Limerick (UHL) which is the fourth highest in the country, while Galway University Hospitals top the national list with 50,997.
Dr Michael Harty has confirmed the phone in the surgery has been “hopping all week” particularly on Wednesday with people looking for information from hospitals, blood results and consultations with Shannondoc.
Deputy Violet-Anne Wynne has implored the HSE to respond with clarity about the management of this attack, a realistic timeline as to its resolution and a projected contingency plan going forward to modulate the distressing backlog of people awaiting essential treatments and health services.
The Sinn Féin Deputy has claimed health information technology (IT) infrastructure has not been fit for purpose for more than a decade and can’t see how outdated systems would not play a role in weakening IT defences.
She stressed the cyber attack prompts the need for a modernisation of health care information infrastructure.
Dialysis treatment, cancer day ward chemotherapy and radiotherapy and the Acute Fracture Unit will continue in University Hospital Limerick (UHL).
Vaccination centres at the Radisson Blu Hotel, Meelick and Treacy’s West County Hotel Ennis and
the Emergency Department at UHL continues to operate around the clock, but non urgent patients may experience significant delays.
The ante-natal clinic at University Maternity Hospital Limerick, Maternity Emergency Unit and Early Pregnancy Assessment Unit is operating and patients are asked to attend as scheduled.
Dr Harty said anyone who has not been offered an appointment will be delayed, and warned this will multiply as long as the cyber attack goes on, which will get very serious for those waiting long periods for treatment.
The Kilmihil-based GP said all their electronic communication with the hospital sector has been shut down, practices are not receiving any laboratory results this week and they have been asked only to send in urgent cases for the forseeable future.
He fears it may take weeks before the cyber attack is fully resolved.
“It will increase the disconnection between general practice and hospitals in a significant way. It makes proper decision making very difficult for family doctors and will put an increased pressure on acute services because patients who we might have been able to manage previously we might not be able to do so safely because we haven’t sufficient information.
“It will also put pressure on private hospital system.
“We are not receiving CervicalCheck reports electronically. We have been asked to suspend taking smears for the moment.
Dr Michael Kelleher said the cyber attack had severely disrupted family doctors’ electronic access to diagnostic and laboratory tests.
“A large part of general practice is the management of chronic disease. A lot of this is reliant on laboratory and other diagnostic services, which has been disrupted.
“Covid-19 assessments can’t be done online any more. Our online ordering system is down if we want to request Personal Protective Equipment (PPE). When work backs up that is where the real danger lies for people who are relying on diagnostic results, need medical attention and may not get it in a timely manner.”
Dr Kelleher described this cyber attack as a dreadful infliction on patients by ruthless criminals, who are very difficult to track down.
Doctors can’t send or receive results from the x-ray department or make referrals to outpatients departments or Covid-19 tests electronically.
People with Covid-19 symptoms are now presenting to the walk-in centre, which is presenting difficulties.
The secure HSE email system is down eliminating electronic referrals and results between family doctors and public hospitals.
Deputy Wynne said there needs to a be transparent accountability about the weaknesses in the systems that allowed this to happen.
“To develop robust cyberdefences and to deliver the catch-up care for patients on waiting lists, a fully funded and rapid programme of IT modernisation is needed.
“There are serious questions in relation to preparedness, what investments were made by the Department of Health and HSE in cybersecurity, why they are still running on unfit for purpose IT infrastructure with tens of thousands of computers working off a system which is obsolete, and how this impacted on defences.
“We need to know how this happened, what the source of it was, how the systems were impacted, and how it can be prevented from happening again.
“Most of the Department of Health and HSE’s computers run on an operating system which is no longer supported, from a security perspective, by its developer.
“Integral radiology equipment runs on software so old that the HSE has not upgraded its operating systems. It is now said that the attackers were inside the Department of Health and HSE’s systems for weeks before the attack, yet this was not detected.
“Old computers, equipment running on outdated software, and the lack of integrated health systems surely make the job of cyberdefence far more difficult and costly,” she claimed.
“It will now cost tens of millions, according to the HSE, to restore systems. The Government has dragged its heels on financing IT modernisation and now it is paying the price.
“The use of antiquated systems in health must stop – they are bad for patients and bad for security. It is not a victimless crime. This attack will make patients wait longer for diagnostics or treatment and cause waiting lists to grow longer.
“The Government should conduct a root and branch audit and review of the health system’s cyberdefences and IT systems to ensure best practice, and this should be widened to include other State bodies and agencies.
“Sinn Féin has been calling for enhanced investment in the health service’s IT for years,” she stated.
The Department of Health and the national HSE hadn’t responded to Deputy Wynne’s claims at the time of going to press.
By Dan Danaher