Alan Kelly (Tipperary, Labour) | Oireachtas source

It is five days since the ransomware attack was revealed. This is escalating into a pretty serious national security crisis and I am not sure it is on the radar to the level it should be. This morning when I was driving up to Dublin, one of my local GPs got in touch. One of his patients had been contacted by a medical organisation from outside the State with all his details as regards a procedure he needed and his medical history. This organisation knew, in effect, exactly what he required medically and was offering, in a short period, to be able to provide the operation he needed because it could see he was not going to get it for some time as a public patient. The family contacted their GP and An Garda Síochána and, in fairness to the GP, he contacted An Garda Síochána. I am not going to get into the details and I do not want to know the details of the individual. If this is happening on any scale throughout the country, we have a big problem.

The Financial Timeshas revealed, and the Minister, Deputy Eamon Ryan, said he believes the report to be accurate, that 27 files relating to 12 people, including laboratory results, admission records, etc., have been published on the Dark Web. This seems to align very much with the story I heard this morning from the local GP in my county. I want to know what is the plan in this regard and I do not want a generic answer. I say this with a sense of deep worry. As probably the only Deputy in Leinster House who asked about the security of the IT systems in the HSE over a number of years, including, last December, in regard to Windows 7 on 37,000 machines, I want to know what is the plan.

I have a number of specific questions. There is a duty of care to the tens of thousands of staff of the HSE regarding their personal data. What is the plan in this regard? How should people who are going to be contacted similarly to the person I described be advised in respect of what they should do? Is An Garda Síochána ramped up on this scale or the Data Protection Commissioner? What advice should be given to people? What is being done in regard to the prioritisation of bringing back services? What is the priority list, so that we can give some comfort to people as regards when they can expect services to be back? How do we ensure that the scaling up that is going to be done to deal with this issue is an investment for the future as well, given that I estimate the costs could run to more than €100 million?

Finally, when will we be able to give guidance to the public as to what to do when they see that potentially their medical information-----

See this speech in context