Cork patients 'frustrated' at HSE delay in resolving cyberattack cases

The HSE is expected to argue a stay should be granted pending decisions on certain cases in the Court of Justice of the European Union as happened with a recent case in Dublin.

“Our argument is we are much further along the line, and our argument would be this isn’t a minor thing,” Mr O’Dowd said. “The person’s details were put up on the Dark Web, and we would be saying it’s purely a delaying tactic. A lot of what they’re seeking to rely on in the European Court isn’t relevant.” 

It is now over two years since the attack. Mr O'Dowd said: “It is really frustrating and I think a lot of what people are frustrated about is the fact they were only notified so late about it as well.” 

He added: 

They got these letters, and people are only still getting them in dribs and drabs two years later. And that really frustrates people, more than anything else. 

The HSE has written to about 100,000 people alerting them data was accessed, and has said it has “no evidence that any of the illegally accessed information has been used in scams or fraud".

Mr O'Dowd added: “A huge amount of people have enquired, and we have issued proceedings in respect of quite a number of them at this stage.” Dublin District Court heard in May up to 100 people are suing for damages as their data was shared online following the cyberattack.

On Friday, Tánaiste Micheál Martin said the full effects of the cyberattack were not disclosed at the time, saying the Government did not wish to give succour to the gang involved.

He said the attack, carried out by the Conti gang, was devastating and illustrates the new risks facing Ireland. He was speaking during the second day of the Consultative Forum on International Security in Galway.

June 8 cyberattack

Meanwhile, the 20 people whose data was hacked during a smaller cyberattack on the HSE this month have still not been informed. 

On June 8, the HSE was alerted by its partner consultancy firm EY that a joint recruitment process project had been hacked. They said the attack on the technology product MoveIT was “criminal in nature and international in scale”.

“Contact will be made shortly with those individuals whose data was accessed,” a HSE spokeswoman said. “We are not aware of any further issues since the attack.” 

It emerged last week the document transfer service MoveIT was also hacked during a cyberattack on Irish communications regulator ComReg.

Both cyberattacks are understood to be linked to widely reported global attacks by ransomware gang CL0P. On June 16, the US State Department's Rewards for Justice program offered rewards of up to €10m for information linking CL0P to national governments.