Data belonging to people applying for health service jobs have been hacked, in the latest cyber-attack to hit the Health Service Executive.
The HSE said information relating to “no more than” 20 people involved in recruitment processes has been illegally accessed, according to a preliminary analysis, and its exposure is “quite low”.
“The HSE became aware on Thursday evening that an external partner (EY) working with us on a project to automate part of our recruitment process was alerted to a cyber-attack on the technology product MoveIT which they were using to support this work,” a spokesman said. “This attack was criminal in nature and international in scale.”
He said HSE teams together with EY have worked closely over the last number of hours to determine the impact on its data.
“This analysis has determined that is it likely that information relating to no more than 20 individuals involved in recruitment processes was accessed. The data on these recruitment panels is comprised of names, addresses, mobile number, place on the panel and more general information on the posts being recruited.
“Importantly no other personal identification data or financial data is included.”
“The HSE is in contact with relevant authorities and is informing the Data Protection Commission. Contact will be made shortly with those individuals whose data was accessed.”
In 2021, the personal data of 100,000 people was accessed in a cyberattack in the HSE’s IT systems. The cyberattack led to months-long disruption across the health services and has cost the HSE €90 million so far to remedy. Up to 100 people whose data was accessed are suing for damages.