The weekly death statistics were scheduled for publication at 9.30am on 12th March.

The Vital Statistics Unit were notified at 9.24am by their Grade 5 (who is part of their production team) that at 9.20am the Weekly bulletin was visible on the ‘publication’ section of the NISRA website. The team tried to establish if the publications were blank documents (sometimes used to check the page layout in advance of publication) or if they were the live documents. By the time this was established it was 9.30am when the publication was due to go live. It was later confirmed by the Grade 5 that the bulletin (which she had opened) was the live document.

No one internal or external to NISRA, who wasn’t already part of the production team, picked up on the visible documents on the publication page prior to the 9.30am announcements.

Key statistics relating to Covid-19 deaths in NI were available online publically. These statistics have high public and media interest. However, no one appears to have accessed the documents prior to the publication time so the impact of the breach is minimal.

The Vital Statistics Unit reviewed the step-by-step publication processes with NISRA’s Dissemination Branch (who are responsible for the website) and it was confirmed that all correct processes were followed as understood at the time. However, Dissemination Branch have taken the incident forward with the website support unit in IT Assist and identified how the incident happened and what steps to take to prevent it happening again. Dissemination Branch have sent out updated instructions via email and plan to hold training as well as making an updated manual available to all branches.