Hacking victims who had their personal information stolen during the HSE ransomware attack last year have not been told they were targeted.
It’s a legal requirement for the health authority’s IT management to inform them under GDPR rules. The HSE said in a statement that it was taking time to get through all of the affected data.
The cost of repairing the damage caused by the attack has so far topped €600million and it will cost more to finish the repairs and put new safeguards in place. A spokesman for the HSE said: “The HSE has been reviewing the data that was illegally accessed and copied to allow us to notify individuals as required and is in the process of verifying the identity of the relevant individuals for notification purposes.
Read more: 'Russian cyber terrorists' suspected of being behind major cyber attack at The Coombe
“This is taking time due to the volume of data impacted and the importance of ensuring we are notifying the correct people. This process is well advanced and we anticipate being in a position to notify relevant data subjects as soon as possible. The HSE is taking every step necessary to minimise the impact of this data breach and to safeguard individuals’ personal data against any potential future unauthorised activity.
“Our cyber security experts are continuing to monitor the internet and the dark web for illegally accessed information. They are looking for any signs of it being published or used and we will act immediately if they see any evidence of this.”
The issue was raised at the launch of European Cyber Security month by the Justice Minister and junior minister with special responsibility for eGovernment, Ossian Smyth. The launch took place at the National Cyber Security Centre where Smith was asked about the HSE lapse.
He said: “The HSE is working with the Data Protection Commissioner on that and I understand that there’s a legal requirement for the HSE to file reports with the DPC after there’s been a breach, and then to work with the DPC to inform people about their risk, about what data may have been extracted about them, what’s missing and so on. So I think that’s something that the HSE takes very seriously.”
READ NEXT:
Easy shower tip only takes minutes and could save Irish families hundreds a year
Cherry Orchard arrests update as three teens charged and one referred to youth programme
Switching Ulster Bank and KBC: Phoneline opens for vulnerable customers to help move account
Injured dog rescued by Dublin Fire Brigade and DSPCA after getting trapped under Luas tram
New Covid symptom to watch out for as 'twindemic' expected to sweep Ireland
Sign up to the Dublin Live Newsletter to get all the latest Dublin news straight to your inbox.