Children’s Health Ireland data notification programme and cyber-attack 2021
Tuesday 15th November 2022
The HSE cyber-attack in May 2021 impacted upon Children’s Health Ireland ‘s ICT systems and also impacted on service delivery.
The HSE Cyber-attack resulted in a data breach. As some of its systems are shared with the HSE, Children’s Health Ireland are also impacted by this data breach with approximately 2,500 individuals affected
Children’s Health Ireland is working closely with the HSE in managing this data breach. This includes thoroughly examining and verifying the Children’s Health Ireland data and the individuals impacted, and developing a secure process to ensure appropriate notifications to affected patients and staff can be made. This process is ongoing.
The HSE has been monitoring the internet including the web since the cyber-attack and has seen no evidence at this point that the illegally accessed and copied data has been used for any criminal purposes or been published online. The HSE obtained a High Court order on May 20 2021 restraining any sharing, processing, selling or publishing of data illegally accessed and copied from the HSE and Children’s Health Ireland computer systems.
Following funding made available by the HSE, CHI have replaced a significant amount of aging IT equipment and PCs and this process continues. We have also adopted recommendations from the HSE’s Cyber Security advisors on improvements to internal processes. All new Children’s Health Ireland systems are being procured with even greater levels of security built in by design.
The secure process for the notification of impacted individuals is due to begin in November and will work on a phased basis. The HSE will begin its notification programme in November 2022, and Children’s Health Ireland will begin notifying from January 2023.
Children’s Hospital Ireland will continue to work with the Data Protection Commissioner.
To CHI stakeholders: Children’s Health Ireland do not have any information for staff or families at this time and we ask that patients and families do not contact Hospitals or CHI directly. If you are not contacted by Children’s Health Ireland in January 2023, your data, held by CHI, was not impacted by this data breach. We are sorry for any inconvenience caused.
For more information on the HSE Cyber- attack visit www.hse.ie