HSE Data Breach

Data Breaches and “the stay”

We read with interest the decision of Judge John O’Connor in the Irish times on the 18th May 2023 concerning the application by the HSE for a stay against a plaintiff seeking to recover damages for the breach by the HSE of the GDPR. The claim stems from the 2021 cyber attack which we have commented on extensively and in respect of which we have a number of proceedings in being (although we have no involvement in the above case)

At first glance the position adopted by Judge O’Connor seems like an attractive “wait and see” position for an Irish […]

By |2023-05-18T08:58:55+01:00May 18th, 2023|

Micheal O’Dowd, Partner on Red FMs Neil Prendeville

Micheal O’Dowd, Managing Partner in O’Dowd Solicitors was invited onto Red FM’s Neil Prendeville  show this morning to discuss the “One in Four” data breach as well as giving an update in what is an interesting and ever evolving area of Law. It seems that despite stark warnings companies and organisations are still not taking Data Security seriously and are not taking precautions to avoid incurring legal liabilities.

Two years ago the self styled “Alliance for Insurance Reform” saw fit to report us to the Legal Services Regulatory Authority for merely posting on this website that people may sue […]

By |2023-05-18T09:05:40+01:00April 18th, 2023|

Data Breach issues continue

We have been somewhat inundated with queries in respect of the HSE Data Breach. The scale of upset is quite extra ordinary, but by the fact the breach occurred, and the delay by the HSE in notifying data subjects. At this point hundreds of people have made inquiries as to possibility of issuing proceedings against the Health Service for breach of the data protection rights. While experience would suggest that the HSE will attempt to deny liability it is hard to see how these denials will be successful. There is  however a very live issue before the European Court of […]

By |2023-05-18T09:10:49+01:00February 21st, 2023|

HSE Data Breach – November 2022 update

On the 5th April 2002 a hacker gained access to the Stephen P. Teale Data Center in California. The nondescript data centre was used by the state to process personal data relating to state employees. In total it is said that private information relating to 265,000 state employers was compromised on that day. The existence of hack was not made public by officials until the 24th May that year.

On 6th June 2002, the Californian Senate Committee on Privacy, held an informational hearing on the incident to explore why the breach was not disclosed in a more proactive and timely fashion. […]

By |2022-11-14T13:40:29+00:00November 14th, 2022|

HSE Hack – 12 months none the wiser

We have been a little quiet with our updates on this in the last number of months. It remains something of a mystery to us why 12 months after the hack the HSE has not informed any service users that they data may have been accessed in the course of the attack. The obligation to notify data subjects of a breach is a requirement of the GDPR. To date it seems only the Mercy Hospital in Cork notified data subjects that their data was accessed, and only those whose data was placed on the “dark web” were notified. This falls […]

By |2022-06-12T23:47:11+01:00June 7th, 2022|

HSE Data Breach – September Update (is the truth starting to come out?)

On the 15th May 2021 the Data Protection Officer (DPO) for the HSE made a data breach notification to the Data Protection Commission. In that notification he said that a day earlier the HSE suffered a data security breach of its IT systems.

After some difficulty we have obtained the official data breach notification pursuant to the Freedom of Information Act. In the notification to the Data Protection Commission the stark facts were set out bluntly; approximately 4.9 million people had been affected by the breach, and the data disclosed to certain nefarious actors included

  1. Data Subject Identity data (name, surname, […]
By |2021-09-30T10:00:16+01:00September 29th, 2021|

HSE Cyber Attack – July Update

It remains something of a surprise to us that there has been so little media coverage of late of the HSE Cyber Attack. Almost two months has now passed since the hacking incident and it appears that health services are still greatly affected and the Health Service Executive remains remarkably reticent to say what happened. They are even slower to say what is being done to remediate matters. We have spoken to a great many people about their experiences since the Cyber attack, and the following seems to be current position:

Health Services

From a health care point of view it seems […]

By |2021-07-08T23:07:32+01:00July 8th, 2021|

HSE Cyber Attack – A guide to the Law

Following from our blog post this day last week two things became immediately obvious; firstly people were very interested in the issue, and secondly, no one really understood the Law surrounding the GDPR, and the potential exposure the HSE has created for the Irish State.

We have now written as well researched and cited a guide on the law as we possibly can given the time frame allowed. We will convert this into a HTML page in due course, but for now it may be downloaded here.

As always, please do not hesitate to contact us if you have any queries, […]

By |2022-12-04T23:06:44+00:00May 24th, 2021|

HSE Cyber Attack – Open Letter to Minister Donnelly

Mondays blog post generated quite a response. Although we were not named by Minister Donnelly, we must assume we (and no doubt other colleagues) were being referred to on the 20th May in his Newstalk interview (HSE cyber attack: ‘Distasteful’ legal firms ‘licking their lips’ at thoughts of suing State | Newstalk)

We were afforded the right of reply, which we did this morning (Solicitor ‘astounded’ at Donnelly claim lawyers licking lips over HSE cyber attack | Newstalk).

We have now taken it upon ourselves to send an open letter to Mr. Donnelly, calling on him to inform individual data […]

By |2021-07-08T22:57:52+01:00May 21st, 2021|

HSE Cyber Attack

As experts in Data Protection we have got numerous phone calls in the past few days in relation to the HSE Cyber Attack. Many people are genuinely worried what the implication of this attack are for them. For now, it is too early to say with any degree of certainty, but as time passes the true cost and implications of this attack will become clear.

It appears at this stage that hackers have got access to certain health data relating to individuals. How they got his would be speculation at this stage, however the very fact the HSE system was compromised […]

By |2022-12-04T23:07:44+00:00May 17th, 2021|
Go to Top