"Do we need three more nurses or do we need to update the XP machine?" This is the challenge that faces out-going Chief Information Officer at the HSE, RIchard Corbridge.
Speaking at the Irish Independent's Dublin Information SEC cyber-security event, Mr Corbridge said that the debate was not an easy one for him and his team to win.
However, when it came to one of the biggest IT challenges faced by the HSE, the WannaCry ransomware attack in May this year, Mr Corbridge was quick to praise his team saying that there were members of staff working all weekend of the incident occurring to protect the healthcare system.
"With WannaCry it was clear we had to act quickly, this could have impacted out patient appointments, had something like this landed on a Sunday night in Autumn with flu and the week ahead it could have taken years [for the HSE] to recover," he said. The fact that the incident occurred on a Friday evening in May made it easier for the HSE to respond with minimal disruption.
"We mobilised 38 people to work the weekend and made sure the elements under threat were protected," Mr Corbridge said, but the biggest fear for him was around Monday morning and whether hospitals and GPs would have been impacted.
"The worst case scenario for the HSE was that we lost any hospitals -the Irish healthcare system cannot afford for any hospitals to close their doors," Mr Corbridge told a captivated audience.
Also, a big fear on the Saturday was that the HSE would lose GP systems, which had 10 years of data, from the attack. Preventative measures taken by the team that weekend included taking down the external email down for the whole of the HSE to protect it from WannaCry.
"We were out front and centre with colleagues," Mr Corbridge said. Overall only one HSE facility in Wexford was affected from the WannaCry attack. In terms of lessons learned from the incident Mr Corbridge said that the HSE now has a better way of handling such an incident.
In addition, it has a better understanding of the need to work with partners in order to protect the HSE and its supply chain. Going forwards Mr Corbridge said that the HSE is embracing technology, with Ireland becoming the first EU country to have a Cloud First policy for health - a strategy that other countries have followed.