HSE Data Breach: HSE to notify over 100,000 people after 18 months that they have been targets of a Cyber Attack

Some 18 months after the HSE data was breache, HSE has only recently started to contact the 100,000 people who were targets of the cyber attack and had their data stolen.

What is the effect of HSE data breach?

Since dealing with data breach claims, we have seen first-hand the effects of lost or stolen data. It often takes several months for the full impact of a data breach to become apparent. However, nearly 18 months since the HSE data was breached, the affected parties who may suffer financial losses and emotional damage is only now being communicated too.

 It is possible that the HSE has known for a long time that an individual’s personal data was compromised by Russian hackers, but they are giving themselves until April 2023 to notify the individuals. In order to prevent future unauthorised use of individuals’ personal information, the HSE is taking every step necessary to minimise the impact of this HSE data breach. It certainly stretches the common understanding of the word “undue delay”.

During the launch of European Cyber Security Month, Justice Minister and junior minister with special responsibility for eGovernment Ossian Smyth raised the issue about HSE data breach. One of the personnel responsible for damage control of HSE data breach was addressed at the National Cyber Security Centre. On May 20th, 2021, HSE obtained a High Court order for restraining any processing, selling or sharing of stolen data, and the order still remains in place to date.

HSE Response: “Our cyber security experts are continuing to monitor the internet and the dark web for illegally accessed information. They are looking for any signs of it being published or used and we will act immediately if they see any evidence of this.”

According to national media over 94,000 patients and HSE service users and 18,200 members of the staff will be contacted to communicate about the data breach to the affected parties. Taking into account the case of health services of Mercy Hospital in Cork who informed people of bare facts that their data was leaked onto the dark web in a matter of weeks after the cyber attack, that brings up the question of what is taking HSE so long?

According to Irish Times on HSE data breach, the child and family agency TUSLA, also previously indicated about their data being stolen, and if that so then the number of entities that are affected by this cyber attack could be even higher.

WHAT IS “GDPR”?

In today’s world HSE is obliged to ” communicate about personal data breach to the affected parties with undue delay” (Article 34 GDPR)

GDPR is a regulation in EU law for data protection and privacy in the European Union. The General Data Protection Regulation is an important component to protect and uphold the EU privacy law, data protection laws and human rights law.

In simpler terms, GDPR provides a legal framework for keeping your and everyone’s personal data private and safeguard it from being stolen or gathered without consent. GDPR requires companies to have robust processes, systems and firewalls for handling and storing personal information.

What do I do if I received a letter from HSE that my data was breached?

It is advisable to seek legal advice on your rights under the GDPR legislation, and to understand the implications this breach may have on you and your family. Our expert team of solicitors has successfully provided compensation for clients who suffered a data breach. Fill out the form below for a free consultation with no obligation.

What exactly is a data breach?

In 2017, it was officially announced data to be considered the world’s most valuable commodity, even surpassing oil. In today’s time it is considered to be the peak of social media and technology, where data breaches have become an increasingly discussed topic in the news, but what exactly does data breach mean?

In a data breach, sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, sold, or used by an unauthorised party. There are several types of data breaches, such as sending your medical records to the wrong person, which results in stress and embarrassment, or criminals gaining access to your online information and using it for fraud, and causing you financial loss.

Your data has value, and after a breach, you may receive hundreds of junk and spam mail that can be frustrating and stressful.

How can I find out if I have suffered a data breach?

By law, any company that has suffered a data breach and is aware of the breach where your sensitive information/data has been compromised is required to write to you and inform you that they have breached your data. If the company is public then the ICO will report the breach on their website too.

What is the effect of a data breach?

Since dealing with data breach claims, we have seen first-hand the effects of lost or stolen data. It often takes several months for the full impact of a data breach to become apparent, with financial losses following three to six months after the data breach.

WHAT IS “GDPR”?

GDPR is a regulation in EU law for data protection and privacy in the European Union. The General Data Protection Regulation is an important component to protect and uphold the EU privacy law, data protection laws and human rights law.

In simpler terms, GDPR provides a legal framework for keeping yours and everyone’s personal data private and safeguard it from being stolen or gathered without consent. GDPR requires companies to have robust processes and systems with impenetrable firewalls for handling and storing personal information.

Types of data breach claims

Not sure if you have suffered a data breach? There are a range of data loss scenarios, for which you can claim compensation, including:

  • Inadvertent or deliberate loss, hacking or leaking of your data
  • Sale or leak to a third party without your permission
  • Misuse of your data not in line with what you agreed to when you shared your data
  • Leak of data due to a business company data leak
  • Stolen identity to create new documents e.g. credit cards

Have you suffered a breach in one of these areas?

9 KEY WARNINGS TO KNOW IF YOUR DATA HAS BEEN BREACHED!

Privacy and Data breaches occur nearly on a daily basis, and if you aren’t keeping up with the latest news in the tech world, you might be the next victim. Here are some key ways to identify the threat in order to protect your data from being stolen, breached or deleted.

  1.     You get a ransomware E-mail/Message for an access requests from an unknown
  2.     You get a fake antivirus message about your data security or pop-ups that says “require your immediate attention”
  3.     You see random spam pop-ups asking for your social security numbers
  4.     You have unwanted browser tools or plug-ins
  5.     Your internet searches are redirected to a shady webpage
  6.     Your friends/colleagues receive an invitation email from you that you have not sent
  7.     Your get an unknown message to send account details to prevent it from being breached
  8.     Antimalware, Task Manager or Registry Editor is disabled
  9.     You observe unwanted software being installed on your device

HERE IS WHAT YOU MUST DO AGAINST CYBER CRIMINALS!

Stay up to date: The landscape of cyber threat is constantly growing, so it is very important that your organisation grows as well and take precautions in order to protect and safeguard personal data. And you must take measures as well by making sure your passwords are complex and change after a few months to prevent data theft. You must also have up-to-date antivirus to protect your personal data from being breached or used for other purposes.

Consider additional protection: You can install anti-virus software, firewall and anti-spyware to protect your personal data from being leaked. And if you believe you have fallen victim to a cyberattack, you may want to consider consulting to data protection and breach legal services to help you exercise your legal rights, that can get you the right compensation for your loss and best possible outcome. At Gibson and Associates, our experts  are ready to evaluate your cyber vulnerabilities and provide you with appropriate legal advice and services to help you recover from your cyber attack by suggesting the best possible outcomes.

PREVENTION IS THE BEST COURSE OF ACTION!