Sensitive data belonging to 520 patients and corporate documents have been illegally accessed following the cyber attack on the health service, the HSE has said.
The HSE said the data includes sensitive patient information, minutes of meetings and correspondence with patients.
The ransomware attack has resulted in the HSE having to close down all its IT services, causing widespread delays and the cancellation of thousands of appointments at hospitals across the country.
In a statement on Friday, the HSE said: “Recently a news publication wrote a story saying they had seen HSE data that had been illegally accessed.
“We informed the publication of the court order we obtained in relation to this matter last week and asked them to supply it to us, and they agreed.”
Last week the HSE secured high court injunctions restraining people from sharing, processing, selling or publishing data stolen from its computer systems in the cyberattack.
Due to the ransomware attack on our IT systems, there continues to be disruption to our services. More details on service disruptions here: https://t.co/xihKOwb4KO pic.twitter.com/OT8uvCsyfd
— HSE Ireland (@HSELive) May 27, 2021
“We have examined it and can confirm it is HSE data relating to approx 520 patients, as well as some corporate documents,” the statement said.
“The HSE’s data protection office has followed the appropriate procedures, including notifying the relevant health service providers and the Data Protection Commission.
“The process of notifying the patients involved has commenced. This will involve some further analysis of the data, and we will do this as quickly as possible.”
On Thursday HSE boss Paul Reid said the total cost of the cyberattack would cost in excess of 100 million euro.
Up to 7,000 outpatient appointments a day are being lost as a result of the attack by a criminal gang that has played havoc with the health service, the chief executive said.
Speaking on Thursday, Mr Reid said 100 million euro would be “a small enough figure” when it comes to the total cost of dealing with the attack.
Our hospitals & health services remain under extreme pressure and dealing with a higher level of risk every day. It's still hard to rationalise an attack on a health system. We're making progress but this will take some time yet. We appreciate everyone's understanding. @HSELive
— Paul Reid (@paulreiddublin) May 24, 2021
He said: “There’s a number of costs that we will incur by purely getting the systems back up, and secondly, upgrading some systems during this process.
“There’s a resource cost with all of that.
“Then there will be the costs based on our services and the impact on trying to recover services.
“I said at the outset this will be in the tens of millions.
“And there’s no doubt that 100 million would be a small enough figure in terms of the total costs of this.”
HSE chief operations officer Anne O’Connor said that outpatient services are currently operating at about 50% capacity, meaning around 7,000 appointments a day are being lost.
But she said this is only one area affected, and it will be some time before the impact across all patient groups is clear.
Mr Reid warned that disruption will continue for “some time to come”.
He said: “The risks to our health service right now are carried across all aspects of healthcare.
“Therefore, in any analysis or any judgment of what the risks are in the health system right now, they’re extremely red hot.
“We are truly sorry for patients who are suffering this impact and the impact it’s having on those patients.”
He added: “I just want to say to all of those people and patients, we are doing the very best we can to mitigate and minimise the disruption.
“But the reality is, there will be disruption for some time to come just yet.”