Mr. Seamus McCarthy:

The appropriation account for Vote 38 - Health records gross expenditure of €21.7 billion in 2021. Almost all of this, just over €21.3 billion, was paid to the HSE and was spent across 14 of the Vote subheads. This includes €2.2 billion in respect of Covid-19 actions. A further €100 million was allocated to the National Treatment Purchase Fund.

Receipts into the vote in 2021 totalled €482 million. Those receipts comprise mainly of €270 million recovered in respect of the cost of providing health services to EU nationals under EU regulations and receipts of €168 million from the proceeds of excise duties on tobacco products.

At year end, net expenditure under the Vote was €498 million less than provided for. With the agreement of the Minister for Public Expenditure and Reform, €104 million in unspent capital allocations was carried over for spending in 2022. The remainder of the surplus for the year, amounting to €394 million, was liable for surrender to the Exchequer.

I issued a clear audit opinion in relation to the appropriation account.

As signalled in advance, a specific area of interest for this meeting is claims for reimbursement of long-stay nursing home charges. Members may wish to note that such claims are not specifically referred to in the appropriation account for Vote 38.

Subhead D of the Vote provides for expenditure in respect of “statutory and non-statutory inquiries and miscellaneous legal fees and settlements”, in respect of which a total of €11.155 million was incurred in 2021.

Note 6.2 provides more detail about compensation and legal costs incurred and how this breaks down between compensation, legal costs and other costs. These amounted to €9.4 million in 2021, across a range of claim types. The accounting policies for appropriation accounts do not require that information to be disaggregated by type of case.

The accounting policies require Accounting Officers to include a note on any contingent liabilities, unless it is considered that to do so could prejudice the Exchequer's position in court cases or other negotiations. In this appropriation account a contingent liability disclosure in general terms is included at note 2.11.

Chapter 12 of my report on the accounts of the public services examined the impact of the cyberattack in May 2021 on the Health Service Executive and other health bodies. As a result of a malware attack and encryption of servers and workstations, HSE staff were unable to access affected HSE systems and patient information. The attackers were also able to access and to undertake the exfiltration of data relating to patients. In order to contain the spread of the ransomware infection, the HSE shut down its information and communications technology network. Subsequently, the attackers provided the HSE with a tool which was used to decrypt the systems. The process of restoring the HSE systems continued until September 2021.

The Department of Health also identified suspicious activity on its systems around the same time as the attack on the HSE but was able to take prompt action to contain the impact on its systems. The statement on internal financial control at the front of the appropriation account outlines the steps the Department has taken in response to the attack.

The impact of the cyberattack across the health service was severe and immediate, impacting the provision of health services and the recording of patient information. At the time of reporting, the full financial impact of the attack had not been quantified. As well as the direct costs relating to the attack, there are costs relating to the improvement of systems and the impact on clinical care and patients, which will continue into the future. A plan has been prepared which envisages significant investment to improve the HSE's ICT systems, with initial estimates of actions expected to cost more than €600 million over seven years.