Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Dublin Live
Dublin Live
Health
Ferghal Blaney

HSE hack victims who had personal information stolen have not been told they were targets

Hacking victims who had their personal information stolen during the HSE ransomware attack last year have not been told they were targeted.

It’s a legal requirement for the health authority’s IT management to inform them under GDPR rules. The HSE said in a statement that it was taking time to get through all of the affected data.

The cost of repairing the damage caused by the attack has so far topped €600million and it will cost more to finish the repairs and put new safeguards in place. A spokesman for the HSE said: “The HSE has been reviewing the data that was illegally accessed and copied to allow us to notify individuals as required and is in the process of verifying the identity of the relevant individuals for notification purposes.

Read more: 'Russian cyber terrorists' suspected of being behind major cyber attack at The Coombe

“This is taking time due to the volume of data impacted and the importance of ensuring we are notifying the correct people. This process is well advanced and we anticipate being in a position to notify relevant data subjects as soon as possible. The HSE is taking every step necessary to minimise the impact of this data breach and to safeguard individuals’ personal data against any potential future unauthorised activity.

“Our cyber security experts are continuing to monitor the internet and the dark web for illegally accessed information. They are looking for any signs of it being published or used and we will act immediately if they see any evidence of this.”

The issue was raised at the launch of European Cyber Security month by the Justice Minister and junior minister with special responsibility for eGovernment, Ossian Smyth. The launch took place at the National Cyber Security Centre where Smith was asked about the HSE lapse.

He said: “The HSE is working with the Data Protection Commissioner on that and I understand that there’s a legal requirement for the HSE to file reports with the DPC after there’s been a breach, and then to work with the DPC to inform people about their risk, about what data may have been extracted about them, what’s missing and so on. So I think that’s something that the HSE takes very seriously.”

READ NEXT:

Sign up to the Dublin Live Newsletter to get all the latest Dublin news straight to your inbox.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.