Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Friday 8 December 2023 Dublin: 9°C
DPA/PA Images

HSE hack: A sensitive Tusla database dealing with child protection cases can't be accessed

The Tusla database holds information on current and previous child care cases.

LAST UPDATE | May 21st 2021, 8:00 PM

CHILD PROTECTION WORK by Tusla has been hugely hampered by the HSE cyber-attack as a database used to manage cases has been hit.

The National Childcare Information System (NCCIS) looks after child protection and welfare cases across the country.

Multiple sources have told The Journal that the hack has caused a halt to work as social workers, administrative staff and management cannot access critical data files.

Sources say the files – which include records of children in care, court outcomes, social work files dealing with children and child abuse cases – have all been encrypted and cannot be accessed.

One source with direct knowledge of the situation said that senior management in Tusla had been contacting staff about the problem in recent days.  

It is believed that the fostering department is the only department not affected as it operates off a different system.

“This is causing particular concerns because of the sensitivity of the records but also just the sheer scale of it.

“The database took years to come into effect because it contained so much information, and Tusla has been paperless for the last few years because everything goes in the database. They are crippled without it,” a separate source involved in investigating the issue said. 

In a statement this evening, CEO of Tusla, Bernard Gloster spoke about the challenges caused by the hack.

“We have many files and databases on the HSE network and all of these are unavailable to us at this time,” said Gloster.

“While there is no doubt that our staff are challenged by the current situation, teams around the country have a vast array of professional knowledge and that, coupled with manual systems ensures we are able to continue to prioritise our immediate Child Protection and Children in Care services.”

Sources have said that there has been a direct impact on open case files of individual children who are currently in need of Tusla’s help.

“There is no way to track children in care or know their histories. There are real concerns that there is potential that the most sensitive of cases, that of child sexual abuse, can be found out if it is leaked online,” another source added.

Another source, who is involved in liaising with Tusla on child protection issues, said that urgent referrals by gardaí under the Child Care Act who find children at risk may also be impacted.

“This comes under section 12 of the act. The garda interactions with these children will be recorded on PULSE but there is a problem with the follow up then for social workers accessing their information.

“It will just all have to be done with a pen and paper,” the source added.

On cases that are currently before the courts, Gloster says Tusla is working with legal representatives and the court service to ensure that no child subject to court proceedings will be negatively impacted.

Tusla database

Gloster confirmed that the database was contained within the cyber attack but said that there was no evidence that the information on the server had been stolen.

Gloster has said that he is continually receiving assuring updates that the information has not been stolen “however it is too early to be definitive”.

“The National Childcare Information System (NCCIS) remains unavailable and at this point it is not possible to indicate for how long more this will be the case,” said a spokesperson for Tusla.

“The NCCIS is operated by Tusla, however the majority of Tusla databases and operating systems are hosted on the HSE network as our provider of ICT shared services and recognising that Tusla has its origins in the HSE.

“It is not possible to be definitive as to whether any of the data held on the NCCIS been compromised as a number of investigations and processes are underway in the HSE and Tusla to determine the impact on all systems, including NCCIS.

“At this point there is no evidence of NCCIS information theft.  We are continuing to examine the risks and challenges to all of our operating systems and databases,” the spokesperson said.

According to Gloster, Tusla is continuing to ensure that important payments are made as soon as possible, including payments of aftercare allowances to care leavers, foster care payments, as well as payments to providers and staff.

There are currently manual workarounds being put in place to ensure payments are made.

Additional reporting by Christine Bohan and Tadgh McNally.

On this week’s episode of The Explainer we look at the impact of the HSE cyber hack:

The Explainer / SoundCloud

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel