| 17.1°C Dublin

HSE blunder means it must pay millions to protect files


Stock Image

Stock Image

Stock Image

The HSE faces a bill of millions of euro because it has failed to upgrade most of its computers in time to protect against cyberattacks.

The blunder means that it is set to hand Microsoft a blank cheque for unnecessary fees to supply emergency protection against hospitals being shut down by hackers.

Microsoft's obsolete Windows 7 operating system will be cut off from security support worldwide next week, a deadline that has been flagged for five years.

The health body has had repeated warnings about the deadline from IT security experts and Microsoft, but still operates 46,000 of its 58,000 PCs and laptops on the outdated system which now needs expensive emergency intervention.

A spokeswoman for the HSE confirmed that it has agreed the emergency cover with Microsoft but admitted that it does not yet know how much it will cost.

She claimed that Microsoft has not yet told the HSE what the bill will be.

Industry estimates put the cost at €50 per PC per year, doubling each year.

This could see the HSE stuck with a bill for €2.3m in 2020, rising again in 2021 if the outdated systems remain.

The HSE may be in a position to negotiate a discounted rate due to the number of computers it has that are still stuck on the outdated system.

"Microsoft's pricing fees for extended support have not yet been released so the HSE is not in a position to comment," said the spokeswoman.

Three years ago, the HSE failed to upgrade PCs from Windows XP, causing a temporary shutdown of HSE systems from the notorious WannaCry ransomware virus and causing patient appointments to be cancelled.

The same virus crippled UK hospitals, forcing some into paying over hundreds of thousands of pounds to criminal attackers who gained control over the computer systems.

Daily Digest Newsletter

Get ahead of the day with the morning headlines at 7.30am and Fionnán Sheahan's exclusive take on the day's news every afternoon, with our free daily newsletter.

This field is required

Other State bodies are also stuck with Windows 7 computers.

The Department of Employment and Social Affairs has 11,000 PCs that are still using Windows 7, while the Department of Justice has 3,700.

Both departments host sensitive data on citizens.

Microsoft declined to say whether it was involved with providing support for the HSE or what its pricing structure is for its new premium support services targeted at those who have not upgraded from Windows 7.

The HSE has seen a number of chief information officers come and go over the last three years and has been plagued by a lack of action in solving IT problems.

In November, it confirmed that 46,000 of its 58,000 laptops and desktop PCs still run Windows 7.

The risk from ransomware viruses remains strong.

This week, the huge international foreign currency exchange firm Travelex admitted that it had fallen prey to a ransomware attack.

Hackers infected it with Sodinokibi ransomware, also referred to as REvil ransomware. Its online currency service is still unavailable.

Police in the UK are investigating the cyberattack.

In Ireland, one-in-five PCs still use Windows 7, according to figures from Statcounter.

The company has advised ordinary citizens to upgrade to Windows 10 or to buy a new PC which has Windows 10 pre-installed.

Most Watched