Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Irish Mirror
Irish Mirror
National
Rebecca Daly

Patients affected by the HSE cyber attack last year have yet to be contacted

People who were affected by the 2021 cyber attack on the Health Service Executive have yet to be informed.

Cyber security experts from the HSE have been monitoring the internet for the data, and say they will act “immediately” if they find any evidence it is being used.

The HSE has yet to inform those affected by last year’s cyber attack that their data may have been compromised, but plan to do so “as soon as possible”.

Read more: Dad-of-seven stabbed to death at Kerry funeral issued video pleading for no violence

The major ransomware attack took place in May 2021, causing major disruption to the system and appointments.

Information held by the HSE on their computer systems was illegally accessed and copied by cyber criminals. Gardai were provided with details of the incident in December 2021, the HSE said.

The health body has said that the process of reviewing the compromised data and the affected individuals is taking time.

A statement to the Irish Mirror said: “The HSE has been reviewing the data that was illegally accessed and copied to allow us to notify individuals as required and is in the process of verifying the identity of the relevant individuals for notification purposes.

“This is taking time due to the volume of data impacted and the importance of ensuring we are notifying the correct people. This process is well advanced and we anticipate being in a position to notify relevant data subjects as soon as possible.”

In cases where there is an obligation to notify people under the General Data Protection Regulation (GDPR), the HSE said they will contact them directly.

They have also been closely monitoring the internet and dark web for stolen data. Thus far, they have seen no evidence that it has been posted online or used for criminal purposes. This is apart from a small amount of data that has been removed following an article by the Financial Times that referred to it.

The statement said: “The HSE is taking every step necessary to minimise the impact of this data breach and to safeguard individuals' personal data against any potential future unauthorised activity.

“It should be noted the HSE has been monitoring the internet including the dark web since the cyber-attack and has seen no evidence at this point that the illegally accessed and copied data has been published online or used for any criminal purposes (other than a small amount of data which was referred to in an article in May 2021 by the Financial Times and subsequently removed).

“Our cyber security experts are continuing to monitor the internet and the dark web for illegally accessed information. They are looking for any signs of it being published or used and we will act immediately if they see any evidence of this."

The HSE has advised people to be wary of suspicious calls, emails or texts and to avoid clicking on any links that may be sent to them. Do not give financial information to personal information out, unless it is to a “trusted and legitimate source”, they suggest.

“The HSE or your bank will never phone, text, email or video call you unexpectedly asking for your bank details. Never give your bank details, passwords or personal details if it seems a bit odd or out of the blue.

"If you believe you are a victim of a cyber-crime, please take screenshots of texts and emails and contact your local Garda station,” the HSE said.

READ NEXT:

Get breaking news to your inbox by signing up to our newsletter

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.