Skip to main content

HSE cyber attack and how it may affect you

Our health service was targeted by a criminal cyber attack earlier this year.

The aim of this attack was to disrupt our health services and computer systems, steal data, and demand a ransom for its return.

We have been given a copy of the evidence Gardaí have found of which data has been stolen. This follows a Garda investigation which involved other international police forces.

We are now examining the stolen files and we expect it includes a mix of medical information, personal data, HSE corporate information, commercial data and general non-personal administrative data.

Personal data means information about individuals, such as names, addresses, contact phone numbers and email addresses. Medical information includes medical records, notes and treatment histories.

What happens next

We have updated the Data Protection Commission. We will work with them to make sure that we contact everyone who needs to be informed when we have reviewed all the stolen files.

It may take us 12 to 16 weeks. This is because we need to:

  • look at all the data that has been stolen
  • make sure that we are contacting the right people

You do not need to contact us to ask if your data was stolen.

No evidence of scams related to the attack

Scams involving personal data are common. They can happen at any time.

There is also no evidence that any recently reported scams are linked to this cyber attack.

Read about protecting yourself from scams or attempted fraud

No evidence of data published online

There is no evidence so far that patient or staff data has been published online or sold to criminals involved in fraud.

A small amount of HSE data appeared on the 'dark web', a part of the internet which can only be accessed using special programmes, immediately after the cyber attack. Action has been taken to assist the people affected by this.

What we are doing about the data

The HSE has a high court order to stop all personal and medical information that was stolen in this cyber attack from being published online.

We are working with digital publishers, search engines, social media networks and our legal team to make sure that any information that has been stolen is not shared online.

Specialists are also monitoring websites used by criminals to check for activity involving any data stolen in the cyber attack.

If we are alerted to stolen information appearing online, we will contact the Data Protection Commission and take the necessary action to protect anyone affected.

Read the High Court injunction restricting any sharing, processing, selling or publishing of stolen data (PDF, 4 pages, 460kb)

Last updated: 20 December at 4.25pm

page last reviewed: 28/05/2021
next review due: 28/05/2024