Peadar Tóibín (Meath West, Aontú) | Oireachtas source

The recent cyberattacks on the HSE and the Department of Health are monstrous crimes. They are attacks on the most vulnerable in Irish society. Patients are already struggling with never-ending waiting lists that have been worsened by Covid and ongoing restrictions but shockingly, on top of this, key life and death treatment is again put on hold due to this odious crime. The Government has a duty of care with regard to safeguarding and protecting the health of citizens and their personal data. This responsibility is particularly important in Ireland as we are a data island. Some 30% of the data that exist in the EU are located here. If one is going to mine data, the place to go is Ireland.

What is the record of the Government with regard to protection from cyberattack and safeguarding personal data? According to a reply I received this week to a parliamentary question, Tusla, for example, had 362 breaches in the past year, which is practically a breach for every day of the year. Incredibly, the National Cyber Security Centre, NCSC, has been rudderless for the past year, with no director put in place.

The NCSC is also homeless. It does not even have a permanent residence from which to operate. The Government sees the role of the director of the NCSC to be so important that it has set the wage for that individual lower than a backbench Opposition Member.

The former chief executive officer of the HSE, Tony O'Brien, stated this week that the HSE's expenditure on IT security is approximately a quarter of what would be expected compared to other health systems. That is a phenomenally difficult thing for any Government to have to deal with. The person who was head of the HSE in recent times is saying that the Government is spending a quarter of what it should be spending on cybersecurity. The NCSC has been given a budget of just €5 million. Let us think about that. Last year, the Department of the Taoiseach spent €16.5 million on PR alone. The NCSC has a staff of 25, with no dedicated premises or director and a budget amounting to one third of the Department of the Taoiseach's budget on PR. How can the Government claim to be fulfilling its duty of care with regard to Ireland against cyberattack? After the British NHS suffered a similar attack in 2017, it cost that government £92 million directly to deal with the cost of the attack. It also cost the British Government £210 million to strength its cybersecurity in the three subsequent years.

When will patient treatment return? How much will this cost in terms of citizens' lives and health, and taxpayer funds?

See this speech in context