Advertisement

HSE receives copy of stolen data from cyber attack in May

It comes after the US Department of Justice passed information to the Gardaí
Jack Quann
Jack Quann

16.33 20 Dec 2021


Share this article


HSE receives copy of stolen da...

HSE receives copy of stolen data from cyber attack in May

Jack Quann
Jack Quann

16.33 20 Dec 2021


Share this article


The Health Service Executive (HSE) says it will contact all those affected by a cyber attack in May, after it was given a copy of the stolen data.

An Garda Síochána gave the HSE a copy of data that was taken as part of the attack against the HSE's ICT systems on May 14th this year.

The Garda National Cyber Crime Bureau got this data from the US Department of Justice under a Mutual Legal Assistance Treaty (MLAT), which was processed by the US courts.

Advertisement

It was then given to the HSE last Friday, December 17th.

The HSE says it is reviewing the material to identify "any individuals whose personal data was stolen and will notify the relevant data controller as required and affected individuals as required following engagement with the DPC [Data Protection Commission]".

It says this could take 12 to 16 weeks "due to the volume of this data."

"We are at a very early stage of assessing the data received on 17th December 2021 and don't yet know the numbers of individuals impacted", it adds.

However it says the HSE has been monitoring the internet - including the dark web - since the cyber attack, and has seen "no evidence at this point that this stolen data has been published online or used for any criminal purposes."

The HSE carried out an initial technical examination of the material over the weekend, and confirmed it is data taken from HSE systems.

It expects this material will include a mix of personal data, medical information, HSE corporate information, commercial data and general non-personal administrative data.

Personal data means information about individuals - such as names, addresses, contact phone numbers and e-mail addresses.

Medical information could include medical records, notes and treatment histories.

"Where we identify personal information belonging to any individual compromised in this dataset we will take appropriate action at that point following engagement with the DPC. You do not need to do anything or contact the HSE", the health body says.

"We will continue to work with our technical experts and An Garda Síochána and have seen no evidence of inappropriate use of stolen or copied data, we will continue to monitor the internet including the dark web and social media outlets via specialist monitoring services".

While the HSE has had a High Court order in place since late May to stop all stolen data - including personal and medical information - that may have been taken from being published online.

The HSE says it will enforce this order and take "appropriate action where necessary" to protect this information.

Main image: A hacker using a virus to attack software in August 2019. Picture by: Westend61 GmbH / Alamy Stock Photo

Share this article


Read more about

Cyber Attack DPC Dark Web Health Service Executive High Court Order Hse Cyber Attack Medical Information US Department Of Justice

Most Popular