breakingnews.ie
Darragh Mc Donagh

It has now emerged that a second ransomware attack took place last February

There is no evidence that patients’ data was stolen during a second ransomware attack targeting Health Service Executive (HSE) systems earlier this year, the authority has said.

Earlier this week, the HSE began offering compensation to victims of a cyberattack that caused widespread disruption in May 2021, costing the agency an estimated €102 million.

It has now emerged that a second ransomware attack took place last February, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the midlands.

IT systems were fully recovered following the cyberattack and there was no evidence that data had been exfiltrated, according to HSE records obtained under the Freedom of Information Act.

A ransomware attack occurs when malicious software locks or encrypts a victim’s computer systems, blocking access until a ransom is paid. Some attacks involve a threat to leak stolen data.

A spokeswoman for the HSE did not respond when asked whether the health authority had paid a ransom following the February cyberattack.

“The HSE manages and responds to thousands of cyber threats annually, taking appropriate action to ensure awareness of current threats, while maintaining the ability to deliver healthcare services securely and reliably, regardless of the evolving threat landscape,” she said.

The spokeswoman said HSE systems were not “directly” impacted by the February ransomware attack.

“The HSE has invested significantly in cyber remediation since the cyberattack in May 2021. Multiple ongoing programmes of work are focused on addressing all issues highlighted in the wake of the attack,” she added.

The original ransomware attack occurred when an employee clicked on a malicious MS Excel file that was attached to a phishing email on March 18th, 2021.

This enabled the hackers to gain access to the HSE’s IT environment, where they continued to operate undetected for more than eight weeks before detonating the ransomware on May 14th.

The attack caused widespread disruption and some information relating to patients was illegally accessed and copied.

Last year, the HSE said it had written to 90,936 people affected by the cyberattack. It has reportedly offered compensation of €750 to more than 600 individuals who took legal action over the breach.

A subsequent investigation found that the HSE was operating a frail IT system and did not have adequate cyber expertise or resources prior to the attack. The attack is estimated to have cost the HSE €102 million.

Meta has been fined €251 million (around $263 million) in the European Union for a Facebook security breach that affected millions of users, which the

The Irish Data Protection Commission (DPC) has fined Meta €91 million for a 2019 incident wherein the company stored millions of Facebook and Instagram passwords in plain text.

An investigation has been launched after a data breach led to the details of current and former Police Ombudsman staff members being accidently released.

The Police Ombudsman (PONI) has apologised for the data leak incident involving 160 current and former staff.

The signees, which already included about a dozen other nations, agree to establish “robust guardrails and procedures" around spyware, while preventing the export of technology that will be used for malicious cyber activity.

The Irish Data Protection Commission (DPC) fined TikTok €345 million ($368 million) for violating the privacy of children.

The decision is one of the most consequential issued under the E.U.’s landmark data-protection law and creates a new business headwind for the social media giant.