[BreachExchange] HSE to spend €1MILLION contacting individuals whose personal data stolen in cyber attack

[Terrell Byrd]

https://www.thesun.ie/news/8514795/hse-spend-1million-contacting-individuals-stolen-data-cyber-attack/

THE HSE is set to spend €1million contacting individuals whose personal
data was stolen in the cyber attack that crippled the national health
service last year.

A call centre and support infrastructure is expected to be established this
summer as the HSE begins to process of notifying patients and other
individuals that their details were among those compromised in the
ransomware attack.

The health authority is currently seeking tenders from service providers to
establish systems for the notification of affected data subjects, and the
management of related queries.

The value of the contract is estimated at €1million excluding VAT,
according to tender documents published by the HSE.

The ransomware cyber attack that was detected last May has already cost the
health service almost €43million and this could eventually rise to
€100million, the HSE revealed last month.

A spokeswoman for the health authority said: “The HSE is working closely
with the Data Protection Commissioner, An Garda Síochána and out cyber
security advisors to manage the process.

"The notification of affected parties is expected to take between 12 and 16
weeks, as it is necessary to first review the stolen data and identify all
of the relevant individuals.

“The HSE has put a process in place around this work, which is ongoing.
This tender for data subject notification is part of that process."

The successful contractor will be expected to establish a call centre,
develop customer-relationship-management systems, and manage follow-on
activities associated with the process.

Last month, the HSE told Aontú TD Peadar Tóibín that €12.7million had been
spent on ICT infrastructure since the cyber attack, along with €5.5million
on cyber or strategic partner support.

It had also invested €15.3million on vendor support for applications, and
€8.4million on Microsoft Office 365.

He said: “There has been another cost of this crisis, which the Government
and HSE must also quantity – the cost in relation to health and lives.

“How many people had hospital appointments cancelled or postponed?How many
people died as a result of this cyber attack?” he asked.

“There needs to be accountability here, and we need to ensure that nothing
of this nature ever happens again.”

The ransomware attack occurred last year after a HSE worker opened a file
attached to a phishing email.

It “detonated” on May 14, leading to an immediate crisis throughout the
health service.

A PwC report commissioned by the HSE subsequently identified the “frail”
nature of the IT system used by the health service as a key weakness, and
recommended a multi-year programme of investment in IT and cybersecurity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220316/e764961e/attachment.html>