The Health Service Executive has spent an estimated €37.5 million to date in repairing the damage and improving the security of its computer systems after last May’s cyberattack.
The figure does not include costs associated with the impact on patients and resuming services.
Minister of State for Health Frank Feighan outlined the information technology costs in the Seanad following a question from Fianna Fáil Senator Malcolm Byrne.
Mr Byrne said he was interested in details of the information and communications technology (ICT) spend. But he also said there would be broader costs related to the impact on the health service and cited 7,000 patient appointments delayed each day.
"Quite frankly it was a terrorist attack," said Mr Byrne. And he added that Ireland should co-operate with European Union partners on responding to such threats as "we are not capable of simply responding on our own".
Mr Feighan said the attack resulted in an immediate loss of almost all ICT systems. And “the impact on patient services, on patients themselves, was on a scale not seen before”.
He said almost all systems have now recovered full functionality, but some remedial work is required on a several older legacy systems and this is being progressed.
Risks to HSE
Mr Feighan said there are “significant financial costs” for repairing the damage caused.
He told the Seanad that funding provided this year “addressed immediate risks to the HSE including the recovery of systems and data affected by the attacks, upgrades and replacement of legacy systems, and the establishment of security operation centres for enhanced monitoring of threats”.
He said the HSE estimates that these measures alone “cost €37.5 million in 2021”.
Mr Feighan added that he believes there is a need for sustained investment in ICT in the health service to safeguard the system.