Reporting on epidemiology of COVID-19 from the national Computerised Infectious Disease Reporting (CIDR) system to recommence on 02/09/2021

Key points

  • Reporting on the number of notified COVID-19 cases using CIDR will recommence from 2 September 2021 onwards
  • The number of cases reported from CIDR for the period affected by the cyber-attack will differ from the estimates reported based on interim arrangements.
  • Data for this period should continue to be interpreted with caution.
  • On a day-to-day basis the daily number of cases reported from CIDR will differ from the number of positive tests the previous day.
  • Due to data validation and slightly different upload schedules, the cumulative number of cases reported from CIDR has decreased by approximately 1,700 cases compared to what has been reported based on CCT and interim arrangements.
  • The extraordinary commitment of all surveillance partners and supporting structures is acknowledged in the effort to resume reporting on CIDR

The reported epidemiology of COVID-19 and other notifiable diseases is normally based on notifications to the Computerised Infectious Disease Reporting (CIDR) system hosted by HSE-Health Protection Surveillance Centre (HPSC). On 14 May 2021 the HSE suffered a major cyber-attack on its IT systems. While HSE-HPSC and CIDR were not directly compromised by the cyber-attack, our surveillance partners (Departments of Public Health, laboratories, and others) were. Many had no access to even basic IT infrastructure and services for several weeks, reverting to keeping paper records. In addition, as a precautionary measure many HSE health information systems were shut down even if not compromised, including CIDR. For these reasons normal surveillance operations ceased.

The restoration of IT systems and access within the HSE was gradual. The necessary IT access to fully recommence notifications of COVID-19 to CIDR was reinstated in mid-July and was followed by a period of testing and resolution of any performance issues related to new IT security measures implemented since the cyber-attack. Since 14 May, an estimated 75,000 cases of COVID-19 had been diagnosed in Ireland. In recent weeks, laboratories and Departments of Public Health, assisted by a Robot Process Automation solution, have been processing this backlog of notifications of COVID-19 and the backlog is now resolved. We will be recommencing using CIDR to report on the epidemiology of COVID-19 cases from 2 September 2021 onwards.

As an interim measure after the cyber-attack, the reported daily number of COVID-19 cases was based on data uploaded to the HSE-CovidCare Tracker (CCT). As was highlighted in all published reports since the cyber-attack, these data did not represent notified cases. They had not undergone the extent of data validation which is undertaken by Departments of Public Health and HPSC. The number of cases reported from CIDR for this period will differ and will be lower from that reported based on CCT data.

The number of cases notified to CIDR each day from 1 March 2020 to date will be made available on the HPSC website for a short period following the recommencement. In early August there were slight delays in processing some notifications due to the volume of daily cases in addition to the backlog. As a result, the number of cases reported for some days is reduced and the number of cases reported other days is inflated.

Data is subject to ongoing validation. While efforts continue to ensure the quality of the data for the period after the cyber-attack until normal surveillance activities were resumed, given the extent of the impact of cyber-attack on surveillance partners and across the health service, data for this period should continue to be interpreted with caution.

From 2 September 2021 onwards, HPSC will revert to reporting the daily number of cases notified to CIDR up to midnight the previous day. This differs from other data sources reported by the HSE such as the daily number of positive tests from the previous day. The daily number of positive tests may include repeat tests of the same person. In addition, the two-step method of processing notifications typically occurs either on the day or within one day of laboratories uploading positive records on CIDR and due to differing upload schedules by the laboratories to CCT and CIDR and the time required to process notifications on CIDR, on a day-to-day basis figures with differ between the two systems. CIDR as the national surveillance system is the definitive source for validated data on COVID-19 cases in Ireland which meet Irish and European case definitions.

The cumulative number of cases of COVID-19 reported today will decrease by approximately by 1,700 cases. Since the cyber-attack the cumulative total has been a combination of data notified to CIDR up to 14 May 2021 and cases uploaded to the CCT after the cyber-attack. The cumulative total will now be based only on data from CIDR. The decrease is due to a combination of factors described above – data validation on CIDR and the slightly different upload schedules and processing requirements of CIDR which mean that CIDR data may not include all cases diagnosed the previous day.

We would like to acknowledge and thank staff in laboratories, the Departments of Public Health and HPSC and other partners for their work during this period. Thanks to their flexibility and dedication much of the surveillance of COVID-19 continued with adapted methods despite the extremely challenging context posed by the cyber-attack. The retrospective notification of 75,000 cases for this period, while also responding to a 4th pandemic wave, was an unprecedented task and would not have been possible without the extraordinary commitment of all surveillance partners and supporting structures. We would also like to thank the HSE Contact Management Programme, the Office of the Chief Information Office, and Deloitte for their support during this period.

Published: 02 September 2021