| 6.7°C Dublin

Over 100,000 staff and patients to be contacted by HSE after data was accessed in cyber attack

Close

The HSE said there is no evidence that any personal data has been shared or used fraudulently since 2021. Stock image

The HSE said there is no evidence that any personal data has been shared or used fraudulently since 2021. Stock image

The HSE said there is no evidence that any personal data has been shared or used fraudulently since 2021. Stock image

Around 94,000 patients and 18,200 members of staff whose information was illegally accessed and copied during the May 2021 cyber attack on the HSE will be contacted over the coming months.

Of the 113,000 people being notified, 86pc relate to patient data and 14pc to staff files.

The HSE said yesterday it anticipates everybody will be notified by April next year at the latest.

It follows the ransomware attack by Russian criminals on HSE computer systems in May 2021.

It led to computer systems being crippled and confidential files being accessed, some of which later appeared on the dark web.

Tusla is working through a substantial number of records relating to people whose personal information was affected by the cyber attack. It will begin its own notification process to affected people in the coming weeks, following the conclusion of an ongoing verification and validation process.

The HSE said yesterday there is no evidence that any personal data has been shared or used fraudulently since 2021.

Joe Ryan, HSE national director leading the programme said: “From mid-November, and continuing over the coming months, the HSE will be contacting approximately 113,000 people by letter to inform them that some of their personal data was illegally accessed and copied as part of this cyber attack.

"The HSE regrets that this happened as a consequence of the cyber attack on the HSE.

“Thanks to our extensive monitoring and support from security services, we have seen no evidence that personal data relating to the HSE cyber attack has been shared or used fraudulently.”

He said it was important that the HSE notifies people whose data was compromised. 

In the letters, the HSE will be apologising to the people affected.

Daily Digest Newsletter

Get ahead of the day with the morning headlines at 7.30am and Fionnán Sheahan's exclusive take on the day's news every afternoon, with our free daily newsletter.

This field is required

People being notified will receive a letter telling them what part of their personal information was impacted.

The letter will also outline how, if they wish, they can then request to view the exact documents which were illegally accessed and copied, which can be done via a portal on the HSE website.

Mr Ryan said: “We expect this process will take a number of months to complete, as we take the time to contact each person, ensure we have a secure communication with them, and go through the process of assisting them if they want to make a request to view their documents.

"We are sorry that this happened, and ask for people’s understanding as we work through this complex administrative process, in which we hope to support people and continue to answer their questions and requests.”


Related topics


Most Watched





Privacy