HSE Data Breach2021-07-05T09:51:11+01:00

In May 2021 it became known that a data breach had occurred on HSE IT systems. The scale of the breach was unclear at the start,but it has since become quickly eviden than the personal details of most service users of the HSE has been exfiltrated by “hackers”, and the entire Irish Heath System disrupted. It is almost unquestionably the biggest Ransomware or hacking event that has occurred in the World and is a truly exceptional event; the consequences of which we have not grasped as yet. The purpose of this document is to give people information about their legal rights following the attack on the HSE IT Systems.

On the 17th May 2021 we first published a short blog post on our website stating that people adversely affected by the hacking event may be entitled to claim compensation. This drew a strong reaction from the Minister for Health who accused law firms of “potentially licking their lips at the thought of being able to sue the State”, and that any effort to sue the state should be regarded as “distasteful”. Further discussions on various media outlets indicated as a high a level of ignorance of Data Protection law as that exhibited by the Minister.

This firm responded in an appropriate manner to the outrageous comments of the Minister, and we further note the Law Society of Ireland further called on the Minister to apologise to the profession as a whole. Such an apology has not been forthcoming at the time of writing. Despite the Ministers comments, (and a certain amount of hate directed towards us, which thankfully pales in comparison to the supportive comments received both publicly and privately), it is our view that as Solicitors with particular expertise in the area of Data Protection is it our duty to inform and assist members of the public in understanding the Law as it applies to this incident in as fair and impartial a manner as possible. This duty is thrown into sharper relief when it appears that neither the HSE nor Minister for Health appeared to be aware of the rights enjoyed by Data Subjects at the commencement of this debacle.

At this point we can say with certainty that a great many people have state able claims which can be made against the HSE for the events that occurred, and we are inviting people who are worried about the consequences of this data breach to contact us.

1411, 2022

HSE Data Breach – November 2022 update

By |November 14th, 2022|Categories: Firm News, HSE Data Breach, Legal Updates|Comments Off on HSE Data Breach – November 2022 update

On the 5th April 2002 a hacker gained access to the Stephen P. Teale Data Center in California. The nondescript data centre was used by the state to process personal data relating to state employees. In total it is said that private information relating to 265,000 state employers was compromised on that day. The existence of hack was not made public by officials until the 24th May that year. On 6th June 2002, the Californian Senate Committee on Privacy, held an informational hearing on the incident to explore why the breach was not disclosed in a more proactive [...]

706, 2022

HSE Hack – 12 months none the wiser

By |June 7th, 2022|Categories: Firm News, HSE Data Breach, Legal Updates|Comments Off on HSE Hack – 12 months none the wiser

We have been a little quiet with our updates on this in the last number of months. It remains something of a mystery to us why 12 months after the hack the HSE has not informed any service users that they data may have been accessed in the course of the attack. The obligation to notify data subjects of a breach is a requirement of the GDPR. To date it seems only the Mercy Hospital in Cork notified data subjects that their data was accessed, and only those whose data was placed on the “dark web” were notified. [...]

2909, 2021

HSE Data Breach – September Update (is the truth starting to come out?)

By |September 29th, 2021|Categories: Firm News, HSE Data Breach, Legal Updates, Uncategorized|Comments Off on HSE Data Breach – September Update (is the truth starting to come out?)

On the 15th May 2021 the Data Protection Officer (DPO) for the HSE made a data breach notification to the Data Protection Commission. In that notification he said that a day earlier the HSE suffered a data security breach of its IT systems. After some difficulty we have obtained the official data breach notification pursuant to the Freedom of Information Act. In the notification to the Data Protection Commission the stark facts were set out bluntly; approximately 4.9 million people had been affected by the breach, and the data disclosed to certain nefarious actors included Data Subject Identity [...]

807, 2021

HSE Cyber Attack – July Update

By |July 8th, 2021|Categories: HSE Data Breach, Legal Updates|Comments Off on HSE Cyber Attack – July Update

It remains something of a surprise to us that there has been so little media coverage of late of the HSE Cyber Attack. Almost two months has now passed since the hacking incident and it appears that health services are still greatly affected and the Health Service Executive remains remarkably reticent to say what happened. They are even slower to say what is being done to remediate matters. We have spoken to a great many people about their experiences since the Cyber attack, and the following seems to be current position: Health Services From a health care point [...]

1706, 2021

HSE Cyber Attack – Update

By |June 17th, 2021|Categories: HSE Data Breach|Comments Off on HSE Cyber Attack – Update

On the 25th May 2021 we wrote a letter to Stephen Donnelly, Minister for Health. It was a follow up letter to the open letter we sent on the 21st May 2021. To date we have not received any response from Minister Donnelly, the HSE or any member of the Government. Given that the HSE and Minister for Health have abdicated any responsibility for the Data Breach and its horrifying ongoing sequelae, we think it incumbent on us as Solicitors and Data Protection professionals to take a stand. To complement the legal guide we published on the [...]

2405, 2021

HSE Cyber Attack – A guide to the Law

By |May 24th, 2021|Categories: HSE Data Breach|Comments Off on HSE Cyber Attack – A guide to the Law

Following from our blog post this day last week two things became immediately obvious; firstly people were very interested in the issue, and secondly, no one really understood the Law surrounding the GDPR, and the potential exposure the HSE has created for the Irish State. We have now written as well researched and cited a guide on the law as we possibly can given the time frame allowed. We will convert this into a HTML page in due course, but for now it may be downloaded here. As always, please do not hesitate to contact us if you [...]

Go to Top