TL;DR

GESY keeps failing because it is fragile by design and hard to govern. Tight coupling between components means a single failure cascades across the entire system. A system vital to everyday healthcare that is funded with public money should be far more robust. Modular components, proper isolation, and better architectural decisions are not optional extras when building public infrastructure. Cyprus gave a critical national platform to a single vendor with no backup plan, no transparency and no meaningful user involvement. This concentrates risk, creates dependency and weakens accountability.

The solution is straightforward: build internal technical capacity within HIO, split the system into well defined components, work with multiple suppliers, involve healthcare providers continuously in development, use open standards and publish clear public updates on performance and incidents. Healthcare is too important for system wide outages.

Cyprus needs to modernise how it buys, builds, and operates government software.

The full story

GESY’s recurring failures are not just bugs. They show deeper problems in how the system was designed and how Cyprus manages critical government software. This is not a one-off crisis; healthcare providers report that the system fails at least twice a week, with major documented outages occurring roughly every six months since October 2024.

When GESY fails the entire system becomes unusable: doctors cannot access patient medical histories, pharmacists cannot dispense medications, labs cannot submit results and specialists cannot see their scheduled appointments. There is no partial functionality, no offline mode and no graceful degradation. A national platform must be able to handle stress without total system failure. GESY’s full outages imply that the design is fundamentally wrong. Everything is interdependent.

A well designed healthcare platform should work like this: If appointments go down doctors should still be able to view patient history, pharmacies should be able to work in limited mode and sync later, and lab results should still be uploadable. Emergency care should not depend on the same components as routine appointments.

The absence of backup systems creates direct patient safety risks. Doctors cannot safely examine patients without access to medical histories, current medications, and known allergies. When patients cannot recall this information themselves, physicians face an impossible choice: delay care or risk dangerous drug interactions and contraindications.

One failure should not take down the whole country’s healthcare system.

Resilient systems separate major functions into independent components. Patient records, prescriptions and appointments should all operate independently, with no single database or server acting as a single point of failure. They use redundancy, automated failover, and backups that actually work. When components fail, they degrade gracefully: critical information remains available, changes queue locally for later syncing and communication is immediate and detailed about what works and what doesn’t.

GESY has none of this. No backup and no contingency. Features were prioritised over resilience. This is backwards. Critical national infrastructure requires redundancy from day one.

The frequency of these incidents also raises questions about deployment practices. Systems like GESY must have automated testing, staged rollouts, safe deployment techniques and fast rollback when things go wrong. Monitoring should catch problems before users do.

Another governance failure is the lack of involvement from the people who actually use this system. Doctors, pharmacists, and lab technicians experience these failures firsthand every day. They understand the workflow requirements and know what doesn’t work. Yet there is no structured mechanism for their feedback to influence development. You need working groups with healthcare providers in design sessions, testing prototypes, validating workflows and setting priorities. Not surveys sent to thousands of doctors about a system that’s already built. Software that works comes from ongoing dialogue, not questionnaires asking what doesn’t work and what they need.

User-centered design means understanding what your users need, how they think, and how they behave – and incorporating that understanding into every aspect of your process. — Jesse James Garrett

The single-vendor model is equally problematic. Handing an entire national healthcare system to one large supplier puts all the knowledge outside government, makes switching prohibitively expensive and makes long term improvement nearly impossible. Without internal expertise, HIO cannot effectively manage any supplier.

HIO needs internal technical capacity: a team that can evaluate architecture, validate contractor work and manage infrastructure. The goal isn’t to build everything in-house, but to set standards and avoid single-supplier dependency.

Achieving this means splitting the platform into separate components with clear interfaces between them. Use industry standards so different teams can work together. When something isn’t working, replace the component or change the team; you shouldn’t need to rebuild everything. This allows flexibility in approach, development and maintenance. Right now, HIO attempts to manage vendor performance through contractual penalties. The contract includes performance requirements, and penalties are supposedly being applied. But this data is not public. What are the actual penalties? What’s being done about permanent fixes? Beyond the transparency problem, penalties cannot fix bad architecture. The system keeps failing. The problem is structural, not contractual.

Government software should be transparent. A public status page showing the state of each component should be standard, not debatable. Incident reports should be immediate and not incidental. The public should know what happened and why, what changed, and the steps taken to prevent it from happening again. Performance metrics and roadmaps should be publicly available.

Hiding failures doesn’t make them go away.

But transparency alone won’t fix GESY. A quick fix will not address this issue. You cannot patch your way out of a design problem. Without addressing the root causes, these outages will keep happening. Real reform needs an independent technical audit, service standards with real consequences, a plan to isolate core functions, stronger public sector capability and procurement that breaks single vendor dependency.

Building a reliable national system is achievable. The only question is whether Cyprus will fix it properly or continue accepting failure. Better standards, better governance, and real accountability are not optional.