First victims of HSE hack will find out today

It could take until April next year before all 113,000 people whose HSE data was illegally accessed during the cyberattack last year are contacted, the HSE said.

The first letters were sent out Tuesday, including 94,800 patients and 18,200 staff. Some of the copied staff documentation included travel expenses with financial details.

The HSE has been monitoring for any use of the data, national director of operation performances and integration Joe Ryan said.

“We have no indication, no evidence to date other than the small amount of data the attackers released to the Financial Times in 2021, there has been no movement of the data on the internet or the dark web since that time,” he said.

He accepted however, that anyone affected has the right to take a court case if they choose.

The law is very specific, the Data Protection Act 2018, is very specific about the process that data subjects need to engage in if they want to pursue any claim or damages.

“Indeed the Act specifies the Circuit Court. If there are any claims pursuant to this, those have to be in accordance with that and happen through the courts.” 

The cyberattack took place in May 2021, and he defended the delay in contacting people by saying tens of thousands of documents had to be reviewed.

Some 850 HSE staff will be the first to receive these alert letters.

“We are writing to them to notify them that data relating to their staff travel expense claims was illegally accessed and copied,” he said. “This data contained some limited financial details.” 

Chief information officer Fran Thompson urged the public to only contact the HSE about this problem if they receive a letter. Some 100 staff will be available to answer calls if necessary.

Anyone who does not receive a letter by April does not need to take action, he said.

The HSE continues work with the National Cyber Security Centre and cybersecurity specialists, including monitoring encrypted online content on the dark web.

We have segregated our data between cloud environments and in-premises environments. We have separate teams managing both of those.

 Mr Ryan added: “We sincerely regret the impact this cyber-attack has had on our health service, our patients, and our teams nationwide.” 

Tusla and children’s health Ireland (CHI) were also affected. They will run a separate process of contacting people whose data was breached in these organisations, he said. 

The Irish Examiner reported earlier this month the HSE estimates it could cost €2.1bn to modernise its computer networks over 20 years.

Thousands of patients missed out on operations and procedures as a result of the cyberattack. A report sharply criticised the HSE for its lack of structures and processes to deal with the incident.

Source link

Tags: No tags

Leave A Comment

Your email address will not be published. Required fields are marked *