While the data breach in itself was not likely to cause harm to people, the non-availability of a functioning healthcare systems for an extended period of time is likely to have real consequences for real people. We know for a fact the following issues have presented themselves:

  1. Appointments have been cancelled leading to additional pain, suffering and worry.
  2. Important scans, blood tests and other services the HSE usually offer were curtailed with a consequent risk of a late diagnosis for patients.
  3. Access to patient medical files has been severely curtailed and the information available to doctors restricted.

It is firstly hoped that no one will suffer a personal injury as a result of this data breach, however given the length of time the IT system has been affected, this is possibly a naive hope. The longer the breach continues, and the longer normal healthcare facilities continue to be unavailable, the greater the chance there is that people will get injured. This may be as a result of not getting proper treatment, scans or tests not being completed in a timely manner (or at all), or other issues arising due to the non-availablily of a functioning healthcare system. If a court concludes these issues arose due to negligence (or due to a breach of the GDPR), it is likely recovery will be possible in accordance with the Judicial Council Guidelines for personal injury.