This month, THE HEALTH Service Executive (HSE) will begin contacting those whose information was illegally accessed and copied during the May 2021 cyberattack on IT systems.

Approximately 113,000 people will be notified, with the schedule expected to take several months as patients and staff will be notified by letter.

Those affected will then have the opportunity to obtain advice and further support from the HSE.

Of the people reported, 86% of notifications relate to patient data and 14% relate to staff data.

The files accessed and copied are large in scope and include a combination of personal information, medical information, and internal health service files. They include documents such as HR forms submitted by staff in connection with leave and a limited amount of financial information relating primarily to staff expenses.

Personal information includes spreadsheet information such as names, addresses, contact phone numbers, email addresses. Medical information may include certain medical records and correspondence with patients, certain lists of patients receiving treatment, patient delivery lists, notes, treatment histories, and vaccination lists.

Due to the number of people involved and the need to support each notification, the process is expected to be completed in April 2023 at the latest.

Joe Ryan, the HSE national director who leads the program, said the HSE regrets the data copying following the cyber attack.

“Thanks to our extensive monitoring and support from security services, we found no evidence that the personal data relating to the HSE cyber attack was shared or used fraudulently.

“This notification process is an important duty for the HSE, as we held people’s personal data and, through this cyber attack on HSE systems, that information has been compromised. In letters to those affected, the HSE will apologize to people notified.

“We sincerely apologize for the impact this cyber attack has had on our healthcare service, our patients and our teams nationwide. We have taken a comprehensive approach in responding, from initial response, to long-term data review, and now the notification We are sorry that this has happened and we ask for people’s understanding as we work through this complex administrative process, in which we hope to support people and continue to answer their questions and requests. “

The cyber attack in May 2021 paralyzed the Irish health system, with computer systems and data held hostage for their return.

Over 80% of HSE IT infrastructure and health service sites across the country were affected by the cyber attack.

The HSE has been monitoring the Internet, including the Web, since the cyber attack and has so far seen no evidence that illegally accessed and copied data has been used for criminal purposes or has been posted online.

The cyber attack continues to be an ongoing criminal investigation that limits the amount of detailed information we can share in the public domain in relation to illegally accessed and copied data.


An independent report on the incident released in December 2021 found that there was a lack of preparedness within the HSE to defend itself or respond to a cyber attack.

He said the HSE “did not have a single owner responsible for cybersecurity, at executive or executive level at the time of the incident,” and that teams that had cybersecurity elements in their mandate were known to have insufficient resources.

It also delved into the timeline of the cyber attack and found that on March 18 the origin of the attack came from a malware infection on an HSE workstation.

The infection was the result of the workstation user clicking and opening a malicious Microsoft Excel file that was attached to a phishing email sent to the user two days earlier.

After gaining unauthorized access from March 18, the attacker continued to operate in the environment for a period of eight weeks before the “detonation” of the attack on May 14.

Leave a Reply

Your email address will not be published. Required fields are marked *