US sends Garda medical data stolen in May cyberattack

HSE still monitoring dark web and elsewhere but no sign data used for ‘criminal purposes’

The data set includes HSE corporate information, commercial data and general non-personal administrative data.
The data set includes HSE corporate information, commercial data and general non-personal administrative data.

The US justice department has sent a copy of medical data stolen from the Health Service Executive computer systems earlier this year to gardaí.

The information, now under analysis by health authorities, is thought to contain a mix of personal data including phone numbers and email addresses, and medical information such as records, notes and treatment histories.

It is unclear how the information, which has been confirmed as being part of last May's data hack, came into the hands of US law enforcement officials. On Monday, the HSE said it was subsequently passed on to the Garda National Cyber Crime Bureau last Friday under a mutual legal assistance treaty (MLAT) processed by the US courts.

Not published online

The data set also includes HSE corporate information, commercial data and general non-personal administrative data.

READ MORE

The HSE said it had continued to monitor online activity including on the dark web since the cyberattack but had seen no evidence that the stolen data in question had been published online or used “for any criminal purposes”.

However, it said it was now reviewing the material to identify any individuals whose personal data had been stolen and would notify “affected individuals as required following engagement with the DPC [Data Protection Commissioner]”.

“This could take 12-16 weeks due to the volume of this data. We are at a very early stage of assessing the data received and don’t yet know the numbers of individuals impacted,” it said.

Specialist monitoring

The office of the DPC has been appraised of the situation.

"We will continue to work with our technical experts and An Garda Síochána and have seen no evidence of inappropriate use of stolen or copied data. We will continue to monitor the internet, including the dark web and social media outlets via specialist monitoring services," it said.

Separately, a spokesman for the Coombe Women and Infants University Hospital in Dublin, which was subject to a cyberattack on its IT systems last week, said patient services were continuing as normal but declined to comment on any aspect of the attack itself.

Mark Hilliard

Mark Hilliard

Mark Hilliard is a reporter with The Irish Times