Data protection remains a priority. We need to take all steps necessary to protect the privacy of our service users. Click here for data protection guidance.
Please do not share patient information on personal email or WhatsApp. Click here for guidance on using WhatsApp.
Processing requests for records under the FOI Act and Data Protection Acts are affected by the cyber attack.
Your personal data
There is evidence to suggest that a significant amount of personal data of HSE patients and service users has been potentially compromised as a result of this attack.
We are working around the clock to establish the extent of the data compromised and to restore data from backups. This process is progressing well, but it will take some time to fully complete the exercise.
Once the attack was identified, we pursued all legal avenues open to us to stop anyone using, sharing, publishing, disclosing or trading personal data online or elsewhere. This included securing a High Court Injunction prohibiting any use of the stolen data.
We have engaged specialist expertise to monitor online activity relating to the stolen data and will seek to shut down all such avenues as quickly as possible.
If you are approached by an individual who has used or is threatening to use your data for fraud or other criminal purposes please contact An Garda Siochana.
If you receive any data that appears to relate to this incident do not share as it is illegal to do so.
Accuracy of healthcare data
We are implementing an extensive process to ensure our systems are restored as soon as possible. We are prioritising the data provided to health care providers so they can restore services as quickly as possible.
Cyber attack and the Data Protection Commission
We have reported the cyber attack to the Data Protection Commission in line with our obligations under the General Data Protection Regulation (GDPR) and the Data Protection Acts.
We are also cooperating with An Garda Síochana and the National Cyber Security Centre.
Identified personal data breaches will be investigated and notified in accordance with GDPR requirements.