Mr. Bernard Gloster:

The majority of those questions are probably for Tusla in the first instance. As for the cyberattack, I do not have all the notes in front of me but it is very live in my head. Regarding the recovery phase for Tusla, the first thing was to recover basic connectivity for people to be able to operate email and to be able to connect with one another in and out through the system. We operate across nine HSE platforms or domains, and seven of the nine were successfully restored over two weeks ago with some intermittent challenges.

Two others, in the north west and the north east, took a little longer but are now moving closer to recovery. Moreover, our devices had to be cleaned, or greened as it is called, and a substantial programme was undertaken. In the case of Tusla, there are in excess of 5,000 devices, and we are now probably just a couple of hundred short of having certified them as not corrupted in any way.

The main concern for Tusla is one I discussed with the Senator's colleagues, Deputy Whitmore and others, during the course of the attack and when I wrote to committee members. Our main case management system, namely, the national childcare information system, is back up and running and social workers are able to use it, as of a little over a week ago. I want to be clear and to reflect the concern of members when I say that system was badly damaged, which is why it took so long to get it back. When it came back, I was concerned that week as to whether we would be able to retrieve it unsuccessfully. We rebuilt it from a back-up, and our ICT team, who are expert in it, and the HSE ICT team worked night and day to get it back from the back-up. The original database we were using was damaged by the encryption attack, the sudden and necessary shutdown of the HSE system and the decryption process, all of which combined to cause damage to the database and render it unusable. We do not have evidence of exfiltration of any information from it, thankfully, but it certainly challenged us to get it back.

All our smaller systems are, in the main, back up and running, although there are some issues with internal file shares and other systems. I will go not go through the entire list, but one in particular remains outstanding for us. It relates to the external portal by which members of the public make referrals to us. Coincidentally, given that we have been talking about our early years service, our early years service interacts with all the preschool providers through that external portal for registration and other purposes. Ms McDonnell, who is in attendance today, and her team have worked exceptionally hard to continue to support people manually to work through that. At the moment, the best advice I have suggests the external portal will probably not be available until the start of August. It is connected with a dependency on the Internet, which is in turn connected with a security concern for the system, which has to be slowly brought back in steps. If I can assist members with any other information on the attack, I will be happy to do so. I have provided a global picture of where we are. We are still challenged but we have got an awful lot back.

As for how regulation is to be implemented, inconsistency on repeat inspections can happen anywhere. I have for years worked in every part of the social care system in Ireland, which is regulated now, and I have seen exactly what the Senator was talking about. I have seen it from the points of view of both the regulated and the regulator. I might ask Ms McDonnell, who has an established expertise in inspection and manages the service, to address how that inconsistency can happen and why small breaches are recorded, even if they are rectified at the time. The research we have published this year shows that by the time we come to publish our inspection report, 85% of either breaches or drops below the standard of compliance detected on inspection will have been corrected. It shows a continuing improvement and that they result from the regulatory environment.

Ms McDonnell might address the issue of inconsistency. Before I pass to her, so as not to hold up the committee, I will point out that the Senator is quite right and I thank her for picking up the observation. As I stated, regulation is good and important, but if we are not sensible in how we develop it or sensible and judicious in how we apply it, it can give rise to these types of challenges and problems. That is why the Department's commitment to tailoring a specific regulatory environment for childminding is important, given that the current regulatory regime is quite difficult to apply.