Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

The information accessed included names, addresses, mobile phone numbers, Alamy Stock Photo

HSE says 20 people's data breached in cyber-attack on third party recruitment software

Analysis of the attack determined that “no more than 20 people” had their information accessed.

A CYBER-ATTACK ON a software for the Health Service Executive’s recruitment system, ran by an external operator EY, has lead to information relating to “no more than 20 individuals” being accessed, the HSE said today.

The attack occurred yesterday evening and was directed towards software that “an external partner” of the HSE, EY, were using to automate a recruitment system for the HSE. 

A spokesperson for the HSE said it was alerted to a cyber-attack on the technology software EY were using in the process – MoveIT.

“This attack was criminal in nature and international in scale,” the spokesperson added.

Analysis of the attack determined that “no more than 20 people” had their information accessed which included names, addresses, mobile phone numbers, place on the panel and general information on the jobs being advertised.

HSE CEO Bernard Gloster said there’s “no evidence” at this point that any data has been published or has appeared on the dark web, which is being monitored by EY.

Gloster said: “A number of significant facts are important here including no patient data was involved, the attack was not in the HSE ICT environment, there is no evidence as of yet of this data appearing on the dark web which is being monitored by EY and the exposure for the HSE appears to be quite small.”

“We are actively keeping the matter under review,” he added.

No other other personal identification data or financial data was accessed by the cyber-attack.

The HSE said: “The HSE is in contact with relevant authorities and is informing the Data Protection Commission. Contact will be made shortly with those individuals whose data was accessed.”

Gloster said: “Any breach is regrettable but unfortunately a feature of international criminal activity in recent years.”

In May 2021, the HSE was targeted by a criminal cyber-attack where ransomware was used to disrupt the health service and its computer systems to illegally access and copy data.

Over 113,000 people were impacted by the attack which began after one employee clicked a link when struggling to access a non-functioning computer The Journal found. 

The HSE said last year that it has been monitoring the internet including the dark web since the cyber-attack and saw no evidence that the illegally accessed and copied data was used for any criminal purposes or been published.

The Journal has contacted EY for a comment.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
6 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds