Wed, 10 Dec, 2025 - 12:58

HSE confirms second ransomware attack but 'no evidence' patient data was stolen

It has now emerged that a second ransomware attack took place last February
HSE confirms second ransomware attack but 'no evidence' patient data was stolen

Darragh Mc Donagh

There is no evidence that patients’ data was stolen during a second ransomware attack targeting Health Service Executive (HSE) systems earlier this year, the authority has said.

Earlier this week, the HSE began offering compensation to victims of a cyberattack that caused widespread disruption in May 2021, costing the agency an estimated €102 million.

It has now emerged that a second ransomware attack took place last February, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the midlands.

IT systems were fully recovered following the cyberattack and there was no evidence that data had been exfiltrated, according to HSE records obtained under the Freedom of Information Act.

A ransomware attack occurs when malicious software locks or encrypts a victim’s computer systems, blocking access until a ransom is paid. Some attacks involve a threat to leak stolen data.

A spokeswoman for the HSE did not respond when asked whether the health authority had paid a ransom following the February cyberattack.

“The HSE manages and responds to thousands of cyber threats annually, taking appropriate action to ensure awareness of current threats, while maintaining the ability to deliver healthcare services securely and reliably, regardless of the evolving threat landscape,” she said.

The spokeswoman said HSE systems were not “directly” impacted by the February ransomware attack.

“The HSE has invested significantly in cyber remediation since the cyberattack in May 2021. Multiple ongoing programmes of work are focused on addressing all issues highlighted in the wake of the attack,” she added.

The original ransomware attack occurred when an employee clicked on a malicious MS Excel file that was attached to a phishing email on March 18th, 2021.

This enabled the hackers to gain access to the HSE’s IT environment, where they continued to operate undetected for more than eight weeks before detonating the ransomware on May 14th.

The attack caused widespread disruption and some information relating to patients was illegally accessed and copied.

Last year, the HSE said it had written to 90,936 people affected by the cyberattack. It has reportedly offered compensation of €750 to more than 600 individuals who took legal action over the breach.

A subsequent investigation found that the HSE was operating a frail IT system and did not have adequate cyber expertise or resources prior to the attack. The attack is estimated to have cost the HSE €102 million.

More in this section

Man (20s) released from detention after arrest in connection with fatal Drogheda collision Man (20s) released from detention after arrest in connection with fatal Drogheda collision
Man told gardaí he killed his girlfriend, referring to 'the killing of Lucifer' Man told gardaí he killed his girlfriend, referring to 'the killing of Lucifer'
School bus drivers accused of colluding to 'load the dice' on pricing, court hears School bus drivers accused of colluding to 'load the dice' on pricing, court hears
HSEransomwareData Protectionmidlandscyberattackpatient data
HSE confirms second ransomware attack but 'no evidence' patient data was stolen

Kneecap collaborate with Galway distillery to release own Poitín naggins

READ NOW

Latest

Latest National News