Statement: CHI data breach - May 2021
Statement: Children’s Health Ireland data breach notification process and HSE Cyber-Attack May 2021
Jan. 30, 2023
All CHI locations
- Children’s Health Ireland (CHI) has begun the data breach notification process for individuals whose data was illegally accessed and copied during the HSE Cyber-Attack in May 2021
- If you do not receive a letter from Children’s Health Ireland, your data, held by CHI, was not impacted by this data breach.
- The CHI individuals whose data was illegally accessed and copied are patients, their families, and CHI staff members.
- Approximately 2,200 CHI individuals will be notified from January 2023. This will take 6-8 weeks.
The HSE Cyber-Attack in May 2021 impacted Children’s Health Ireland‘s ICT systems.
CHI informed the Data Protection Commission at the time that it was also impacted by the data breach. The HSE started their phased data breach notification process in November 2022 informing individuals whose data was illegally accessed and copied. HSE link.
CHI is commencing its data breach notification process from January 30th by sending letters to affected individuals on a phased basis. CHI is notifying affected individuals on the types of personal data that was illegally accessed and copied during the attack. The number of impacted patients, their families, and CHI staff members from CHI is approximately 2,200. Of the people notified; approximately 25% are staff members and the remainder are patients and families. We are very sorry for any inconvenience or stress that the Cyber-Attack has caused.
CHI has worked closely with the HSE in managing this data breach. This includes examining and verifying the Children’s Health Ireland data and the individuals impacted and developing a secure process to ensure appropriate notifications to affected patients, their families and staff can be made.
The HSE has been monitoring the internet including the Dark Web since the Cyber-Attack and has seen no evidence at this point that the illegally accessed and copied data has been used for any criminal purposes or been published online. The HSE obtained a High Court order in May 2021 restraining any sharing, processing, selling or publishing of data illegally accessed and copied from the HSE and Children’s Health Ireland computer systems.
Important Information: We ask that patients and families do not contact hospitals or CHI directly on this matter. If you do not receive a letter from Children’s Health Ireland your data, held by CHI, was not impacted by this data breach.
For more information on the HSE Cyber-Attack in May 2021 visit www.hse.ie