Tusla in push to move data from HSE systems after cyberattack

Over 90% of Child and Family Agency systems dependent on network hit in ransomware attack

Among the Tusla systems affected by the cyberattack are its online portal for people to report child protection concerns, and its National Childcare Information System which contains highly sensitive information about children and their families. File photograph: iStock
Among the Tusla systems affected by the cyberattack are its online portal for people to report child protection concerns, and its National Childcare Information System which contains highly sensitive information about children and their families. File photograph: iStock

Tusla is seeking to speed up efforts to move its data away from the HSE’s computer systems in the wake of the cyberattack that left its staff relying on pen and paper to carry out their work.

More than 90 per cent of the Child and Family Agency’s systems are hosted by or dependent on the HSE’s network, which was hit by a ransomware attack last month.

Among the Tusla systems affected by the cyberattack are its online portal for people to report child protection concerns, and its National Childcare Information System which contains highly sensitive information about children and their families.

It may be four weeks before the online portal is back in operation, and staff are currently writing down details of suspected abuse or neglect cases being reported over the phone.

READ SOME MORE

Plans to move Tusla’s data away from the HSE date back as far as 2017 and the first phase of the project – the building of a new network and associated data centres – was completed last September.

‘Long way to go’

However, the project is not due to be completed until the end of 2022. Tusla chief executive Bernard Gloster last week said “there’s a long way to go”.

A spokeswoman for the agency said the second phase of the project involves moving data historically associated with the HSE to the Tusla-only data centres, and this started in January with the email addresses of some 500 staff.

She added: “However, as part of the recovery process from the recent cyberattack, Tusla will be expediting a significant volume of this work.”

Risks relating to cybersecurity were most recently articulated in Tusla’s National Corporate Risk Register at the start of 2021, which noted: “the potential failure to protect the availability of information due to Tusla not having control of its ICT infrastructure and ICT assets”.

Tusla highlighted weaknesses in the HSE’s computer systems including some related to security controls and disaster recovery protocols – particularly older and legacy systems – in its 2019 Annual Report.

The report says: “In the main, the systems utilised by Tusla are more current and less impacted by legacy issues, but where Tusla is dependent on these systems, these weaknesses may have an implication for its internal controls.”

It also notes: “The HSE has indicated that it is committed to improving controls in respect of cybersecurity.”

The Irish Times previously reported on a series of actions being taken by the HSE to improve the security of its networks, with some completed last year and other with target dates into 2021.

In recent weeks the HSE has not been able to say whether weaknesses identified in internal audits – highlighted in its own annual reports as far back as 2018 – were a factor in the success of the recent cyberattack.

The Tusla spokeswoman said its plans to move its data away from the HSE were not linked to the weaknesses that had been identified in the HSE’s system, saying this goal was included in ICT strategies published as far back as 2017.

1,500 referrals

The spokeswoman separately said Tusla normally receives approximately 1,500 referrals via its online portal for reporting child protection concerns each week.

She said: “As all systems are down, we cannot confirm the exact number of weekly referrals, but early indications are that the cyberattack has had marginal impact on our referral rates in most areas and that people are making referrals by phone.”

There have been media campaigns to promote phone referrals, including a national radio advertising campaign.

In an interview with RTÉ Radio, Mr Gloster said he does not envisage the portal being back in use until at least the end of June.

He said referrals currently have to be written by hand, adding “It really is back to 1970s/1980s social care service.”

Mr Gloster said a “semblance of normality” may return over the next month, but it will be six months for the recovery plan “to get us back to where we’d want to be”.

He said a specialist company is monitoring the internet including the dark web for any sign that Tusla’s data has been published, but this had not been detected as yet.

Cormac McQuinn

Cormac McQuinn

Cormac McQuinn is a Political Correspondent at The Irish Times