Catherine Murphy (Kildare North, Social Democrats) | Oireachtas source

They are not under the remit of the Comptroller and Auditor General so we do not get the opportunity to do that. That is under the local government auditor.

I will move to a different topic, which is the cyber attack. Some €657 million over seven years is the cost of implementing the PwC recommendations. Obviously, some of the things that happened can be rectified reasonably quickly. We were told there was no single person responsible and no documented recovery plan, the patching updates were not effective, there was a single antivirus product, antivirus signatures were not updated and 30,000 machines were on Windows 7. Some of those issues are pretty basic. Have the most immediate aspects been dealt with and how will that plan work out? I presume the HSE has moved away from Windows 7 at this stage. Have some of those more exposed and easily fixable aspects been dealt with at this stage?

Mr. Mulvany might also deal with the number of people who have been identified. Has the HSE identified every one of the people who are likely to have had their information disclosed or accessed during that attack? Many people have yet to be notified. Does Mr. Mulvany have a ballpark figure for that?