HSE hack victims who had personal information stolen have not been told they were targets - Dublin Live
HSE hack victims who had personal information stolen have not been told they were targets
The issue was raised at the launch of European Cyber Security month
Hacking victims who had their personal information stolen during the HSE ransomware attack last year have not been told they were targeted.
It’s a legal requirement for the health authority’s IT management to inform them under GDPR rules. The HSE said in a statement that it was taking time to get through all of the affected data.
The cost of repairing the damage caused by the attack has so far topped €600million and it will cost more to finish the repairs and put new safeguards in place. A spokesman for the HSE said: “The HSE has been reviewing the data that was illegally accessed and copied to allow us to notify individuals as required and is in the process of verifying the identity of the relevant individuals for notification purposes.
Read more: 'Russian cyber terrorists' suspected of being behind major cyber attack at The Coombe
“This is taking time due to the volume of data impacted and the importance of ensuring we are notifying the correct people. This process is well advanced and we anticipate being in a position to notify relevant data subjects as soon as possible. The HSE is taking every step necessary to minimise the impact of this data breach and to safeguard individuals’ personal data against any potential future unauthorised activity.
“Our cyber security experts are continuing to monitor the internet and the dark web for illegally accessed information. They are looking for any signs of it being published or used and we will act immediately if they see any evidence of this.”
The issue was raised at the launch of European Cyber Security month by the Justice Minister and junior minister with special responsibility for eGovernment, Ossian Smyth. The launch took place at the National Cyber Security Centre where Smith was asked about the HSE lapse.
The issue was raised at the launch of European Cyber Security month
Hacking victims who had their personal information stolen during the HSE ransomware attack last year have not been told they were targeted.
It’s a legal requirement for the health authority’s IT management to inform them under GDPR rules. The HSE said in a statement that it was taking time to get through all of the affected data.
The cost of repairing the damage caused by the attack has so far topped €600million and it will cost more to finish the repairs and put new safeguards in place. A spokesman for the HSE said: “The HSE has been reviewing the data that was illegally accessed and copied to allow us to notify individuals as required and is in the process of verifying the identity of the relevant individuals for notification purposes.
Read more: 'Russian cyber terrorists' suspected of being behind major cyber attack at The Coombe
“This is taking time due to the volume of data impacted and the importance of ensuring we are notifying the correct people. This process is well advanced and we anticipate being in a position to notify relevant data subjects as soon as possible. The HSE is taking every step necessary to minimise the impact of this data breach and to safeguard individuals’ personal data against any potential future unauthorised activity.
“Our cyber security experts are continuing to monitor the internet and the dark web for illegally accessed information. They are looking for any signs of it being published or used and we will act immediately if they see any evidence of this.”
The issue was raised at the launch of European Cyber Security month by the Justice Minister and junior minister with special responsibility for eGovernment, Ossian Smyth. The launch took place at the National Cyber Security Centre where Smith was asked about the HSE lapse.