Fresh cyber attack impacts HSE

By Rebecca Black, PA

The Health Service Executive (HSE) has been impacted by a fresh cyber attack.

Work is ongoing to determine the impact on HSE data following the attack which has been as criminal in nature and international in scale.

But no patient data is believed to have been accessed at this stage.

The HSE said an external partner, EY, was working with it on a project to automate part of its recruitment process, when it was alerted to a cyber attack on the MoveIT product which they were using to support the work.

In a statement the HSE said it is likely that information relating to no more than 20 individuals involved in recruitment processes was accessed.

The data includes names, addresses, mobile number, place on the panel and more general information on the posts being recruited.

The HSE stressed: “Importantly no other personal identification data or financial data is included”.

The HSE is in contact with relevant authorities and is informing the Data Protection Commission.

Those individuals whose data was accessed will be contacted.

HSE chief executive Bernard Gloster said no patient data was involved.

“I have reviewed this incident with senior officials this morning,” he said.

“Any breach is regrettable but unfortunately a feature of international criminal activity in recent years.

“A number of significant facts are important here including no patient data was involved, the attack was not in the HSE ICT environment, there is no evidence as of yet of this data appearing on the dark web which is being monitored by EY and the exposure for the HSE appears to be quite small.

“We are actively keeping the matter under review.”

In 2022 thousands of patients and staff were told their personal information had been stolen and copied during a ransomware attack which resulted in the HSE having to close down its IT services, causing widespread delays and the cancellation of appointments at hospitals across the country.