Recovered Tusla data from cyberattack being assessed by agency

Files were part of wider attack on HSE in August 2021 when ransom was demanded

Tusla the Child and Family Agency is reviewing confidential material which has been restored to it by gardaí investigating the cyberattack on the HSE earlier this year.

The agency did not explicitly say if the material contained confidential client details but material it had stored on HSE servers* appears to have been among that stolen by hackers who broke into the HSE system last May and were subsequently reported to have demanded €20million to restore data and IT services.

At the time there was considerable concern that a large number of HSE patient records and patient confidentiality had been compromised.

It seems that files generated by Tusla but in the hands of the HSE at the time of the cyber attack were among those stolen.

Gardaí working with international police services including Interpol have now returned an amount of material to Tusla.

Tusla chief executive of Tusla Bernard Gloster said the review of the stolen data would be “thorough” and “once completed we will take all steps to communicate with and support any people affected”.

Tusla said there had been “ no indication to date that this material has been published online or used for criminal purposes”.

It is likely that the review will take up to four months but the agency said it cannot be certain of the timeframe at this stage.

“In addition to this investigation we have spent the recent months making major improvements to our systems and a full plan of work is scheduled for 2022, ” the agency said.

On May 14th 2021, the HSE was subjected to a serious criminal cyber attack, through the infiltration of IT systems using Conti Ransomware. With more than 80 per cent of IT infrastructure impacted, the loss of key patient information and diagnostics, and severe impacts on the health service the attack resulted in widespread concern for confidential patient records as well as the ongoing provision of care.

The Garda, National Cyber Security Centre, Interpol and the Irish Defence Forces have been investigating.

*This aricle was amended on December 23rd, 2021