Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Alamy Stock Photo
Cyber Attack

Four months before all people who had data stolen in cyber attack are contacted, says HSE

Data was retrieved from the US Department of Justice by the Garda National Cyber Crime Bureau.

THE HSE HAVE said it may take up to four months to contact all thepeople who had data stolen in the cyber attack on the health service earlier this year.

The data was recovered by the Garda National Cyber Crime Bureau, who received it from the US Department of Justice through a Mutal Legal Assistance Treaty. It was provided to the HSE last Friday, 17 December.

It comes as the HSE released a report on the cyber attack earlier this month, which details how the hackers were in the health service’s computer systems for eight weeks prior to detonating the attack.

In a statement this afternoon, the HSE has confirmed that the recovered data was taken from its computer systems.

However, the HSE has said that they have been monitoring the internet, including the dark web, since the cyber attack and have seen no evidence that any of the data was published online or used for criminal purposes.

“We will continue to work with our technical experts and An Garda Síochána and have seen no evidence of inappropriate use of stolen or copied data,” said a spokesperson for the HSE.

The health service has also said that it has begun the process of identifying any individuals who had data stolen, and that it may take between three and four months to identify and contact people who are impacted.

The Data Protection Commission (DPC) has also been updated by the HSE on the stolen data.

“The HSE is reviewing this material to identify any individuals whose personal data was stolen and will notify the relevant data controller as required and affected individuals as required following engagement with the DPC,” said a spokesperson for the HSE.

This could take 12-16 weeks due to the volume of this data. We are at a very early stage of assessing the data received on 17th December 2021 and don’t yet know the numbers of individuals impacted.

According to the HSE, they expect that the data will be a mix of personal data, medical information, HSE corporate information, commercial data and general personal administrative data.

Personal data would include names, addresses, phone numbers and email addresses, while medical information includes past medical records, notes and treatment histories.

“Where we identify personal information belonging to any individual compromised in this dataset we will take appropriate action at that point following engagement with the DPC. You do not need to do anything or contact the HSE,” said a HSE spokesperson.

A High Court order remains in place to prevent the publishing of any data stolen from the HSE during the cyber attack, with the health service saying that they will enforce this order and take action where necessary if the order is breached.

In the report, issued earlier this month, also details how the HSE were unprepared for a cyber attack due to the weakness of their IT system and a lack of cybersecurity detection and monitoring.

The attack itself has is set to cost the HSE €100 million, with half of that cost being incurred in 2021, while the remaining half being a recurring fee into 2022.

Your Voice
Readers Comments
7
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel