Tusla still depends on outdated computer system after HSE cyberattack


The Director General of the Agency for Children and Families admitted that part of Tusla’s IT infrastructure is still running on the outdated Windows 7 operating system.

It comes as Bernard Gloster told the Public Accounts Committee that the devastating cyberattack on HSE computer systems last May “brought Tusla to its knees.”

Mr Gloster told the committee that the cost to Tusla in terms of securing and recovering its computer systems was in the order of € 8 million.

He said that while most of Tusla’s systems are now back online, email connectivity in some rural parts of the country remains “the big deal.”

“We had two IT people in 2017, now we have 65 who are growing to 100. We have the most modern laptops. But because of our dependence on HSE, we are still dependent on old legacy systems, ”he said.

Mr Gloster said that the fact that Tusla itself is monitored by the Health Information and Quality Authority (Hiqa) as it in turn inspects its own private service providers is “one of the biggest contradictions”.

“I’m a supplier, I’m a buyer, but for half of this system I’m the regulator,” he said.

“It does not promote good governance. ”

He added that he had “no timetable” for the transfer of this supervisory role from Tusla to Hiqa.

Tusla, although independent from the HSE, remains dependent on the executive in terms of IT infrastructure, an issue inherited from the agency’s creation in 2014 and which Tusla is working to rectify.

Mr Gloster told PAC that the impact of the May 14 cyberattack was far more damaging than that of Covid-19 on Tusla’s operations.

“Covid was very extreme, but the impact of the cyber attack was much more brutal and much more severe,” he said.

It brought us to our knees, that’s the reality.

Tusla’s key computer portal, the National Childcare Information System, which contains records of nearly 500,000 child protection cases that social workers can access, was the system most affected by the cyber attack, said Mr. Gloster.

“This system is very important in terms of sensitivity. There is no evidence of data exfiltration, but it was badly damaged by the criminals’ encryption and the shutdown of the HSE, ”he said.

“We had to do system backups because the May 14 database was so damaged that it was unusable,” he added.

He said he should remain open to the possibility that certain personal data relating to members of the public dealing with Tusla may have been released into the public domain as a result of the attack.

“This may yet emerge,” Gloster said, adding that an “in-depth analysis” of the situation remains under the auspices of the HSE.


Gordon K. Morehouse