Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Alamy Stock Photo
HSE Cyber attack

Tusla to begin contacting 20,000 people whose data was compromised during HSE cyber-attack

People will begin to receive letters this week and the process will take around ten months.

THE CHILD AND family agency Tusla is to begin contacting around 20,000 people whose data was compromised during the 2021 cyber-attack on the HSE.

Affected persons will begin to receive letters this week and that process will take around ten months.

Tusla CEO Kate Duggan told RTÉ’s News at One that information “belonging to both individuals and to staff members was copied” during the attack on the HSE’s systems. 

Duggan explained that the HSE provided IT services to Tusla, which meant that staff and members of the public who engaged with Tusla were impacted by the data breach.

While the data was copied, Duggan added: “There’s no evidence, either from national or international experts, that any of this information has been published on the internet or the dark web or involved in any kind of fraudulent activity.”

Duggan also noted that a High Court order was “secured to restrain any sharing or processing or publishing any of the data stolen”.

She told RTÉ that this is a “level of reassurance that is really important for people to hear” but acknowledged that “there is going to be anxiety for people around this”.

Following an “extensive process” involving gardaí and the Data Protection Commissioner, Duggan said that around 20,000 individuals may need to be notified.

She noted that the “data belonging to both staff and individuals that engage with our agency is sensitive data”, and therefore Tusla’s “notification processes has to be both considerate and supportive”.

When asked about the types of data that was accessed, Duggan said data pertaining to Tusla staff “primarily related to HR data”, such as applications for annual leave.

But in relation to members of the public, Duggan said that data is “anything from referral letters to reports to email correspondence.”

She added: “We are really aware and understand the impact, the worry, the anxiety that people are going to have today when they hear this.

“So the approach we’ve adopted through notification, which is going to take up until November, is that anybody who is affected by this will receive letters from this week from Tusla.”

Duggan explained that people who receive notification letters will be given two options for how to proceed.

People will be offered the option to “go onto an online portal and to work through an online system… where you will find out the data involved that pertains to you.”

For those who do not want to use the online portal, they will be assigned a caseworker who can be contacted via a freephone number.

“That caseworker will support you not just through that process of receiving the information, but also supporting you after that,” said Duggan.

“People may be hearing information for the first time about themselves through this process and we’re very concerned that they get the support they need.”

Your Voice
Readers Comments
6
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel