Wed, 10 Dec, 2025 - 12:58

HSE confirms second ransomware attack but 'no evidence' patient data was stolen

It has now emerged that a second ransomware attack took place last February
HSE confirms second ransomware attack but 'no evidence' patient data was stolen

Darragh Mc Donagh

There is no evidence that patients’ data was stolen during a second ransomware attack targeting Health Service Executive (HSE) systems earlier this year, the authority has said.

Earlier this week, the HSE began offering compensation to victims of a cyberattack that caused widespread disruption in May 2021, costing the agency an estimated €102 million.

It has now emerged that a second ransomware attack took place last February, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the midlands.

IT systems were fully recovered following the cyberattack and there was no evidence that data had been exfiltrated, according to HSE records obtained under the Freedom of Information Act.

A ransomware attack occurs when malicious software locks or encrypts a victim’s computer systems, blocking access until a ransom is paid. Some attacks involve a threat to leak stolen data.

A spokeswoman for the HSE did not respond when asked whether the health authority had paid a ransom following the February cyberattack.

“The HSE manages and responds to thousands of cyber threats annually, taking appropriate action to ensure awareness of current threats, while maintaining the ability to deliver healthcare services securely and reliably, regardless of the evolving threat landscape,” she said.

The spokeswoman said HSE systems were not “directly” impacted by the February ransomware attack.

“The HSE has invested significantly in cyber remediation since the cyberattack in May 2021. Multiple ongoing programmes of work are focused on addressing all issues highlighted in the wake of the attack,” she added.

The original ransomware attack occurred when an employee clicked on a malicious MS Excel file that was attached to a phishing email on March 18th, 2021.

This enabled the hackers to gain access to the HSE’s IT environment, where they continued to operate undetected for more than eight weeks before detonating the ransomware on May 14th.

The attack caused widespread disruption and some information relating to patients was illegally accessed and copied.

Last year, the HSE said it had written to 90,936 people affected by the cyberattack. It has reportedly offered compensation of €750 to more than 600 individuals who took legal action over the breach.

A subsequent investigation found that the HSE was operating a frail IT system and did not have adequate cyber expertise or resources prior to the attack. The attack is estimated to have cost the HSE €102 million.

More in this section

CC John McGuirk criticised by judge after adjournment of libel action against Paddy Cosgrave
Plans to be lodged for 223-bedroom hotel in Rathmines Plans to be lodged for 223-bedroom hotel in Rathmines
Media regulator opens Meta probe over Facebook and Instagram algorithms Media regulator opens Meta probe over Facebook and Instagram algorithms
HSEransomwareData ProtectionMidlandscyberattack
Man speaks of 'horror film' attack when younger brother stabbed him and his brother

Man speaks of 'horror film' attack when younger brother stabbed him and his brother

READ NOW

Sponsored Content

Your local hearing care experts in Cork Your local hearing care experts in Cork
AF The College Green Hotel Dublin March 2026 The College Green Hotel: A refined address in the heart of Dublin
SETU and Glassworks set to accelerate innovation SETU and Glassworks set to accelerate innovation

Latest

EL car logoThe Echo logo
The Echo paper

DELIVERED TO YOUR HOME FOR FREE

FREE HOME DELIVERY SERVICE

The Echo paper
SIGN UP TODAY
Contact Us Cookie Policy Privacy Policy Terms and Conditions

© Examiner Echo Group Limited

Add Echolive.ie to your home screen - easy access to Cork news, views, sport and more