Republic of Ireland news

Tusla to contact 20,000 people whose data was compromised in 2021 cyber attack

Tusla is to begin contacting around 20,000 people whose data was compromised in the 2021 HSE cyber attack (PA)
Gráinne Ní Aodha, PA

Tusla is to begin contacting around 20,000 people whose data was compromised in the 2021 HSE cyber attack.

The child and family agency said there was no indication the data had been published online, but they would continue to monitor the situation.

It said that some people who use Tusla's services and a “small number” of its employees had their information illegally accessed and copied.

For staff, this could include HR information such as leave requests and travel expenses, said Kate Duggan, deputy chief executive of Tusla and its national director of service and integration.

“In relation to members of the public, this is relating to anything from referral letters, to reports, to email correspondence,” she told RTE Radio.

“And when we talk about 20,000 individuals, it may not be, or won't be a whole file relating to an individual, it may be one document, one letter, one report. But that's not to say that (it doesn't) contain very sensitive information.”

Tusla said the type of information involved includes names, addresses, phone numbers, referrals and correspondence with service users.

The State agency is to begin contacting people whose information was illegally accessed and copied during the cyber attack, a process expected to be completed by November.

Ms Duggan offered an apology to those affected, and said Tusla would continue to monitor the situation with the assistance of cyber-security experts.

“There is also no evidence that any of the Tusla information has been involved in scams or other fraudulent activity,” she said in a statement.

“We sincerely regret the impact this criminal cyber attack has had on people who have been involved with Tusla services, and on our teams across the country, and we will be apologising to each person we write to as part of our notification process.

“We have worked hard to create a process that is transparent, empathetic and supportive for those who have been affected, and we will offer each person we write to the choice to call our dedicated team for support and guidance, or, to meet face-to-face with a case worker, should they wish to do so.

“We acknowledge that it has taken some time for the commencement of this notification programme, however, it was crucial that each record that was affected by the cyber attack was carefully reviewed to identify the people affected. We also have to ensure that letters are being sent to verified addresses.

“Notifications will continue over the coming months, and we ask for understanding and patience as we continue to work through this complex process.”

The ransomware attack, which took place during the pandemic, resulted in the HSE having to close down its IT services, and made files and documents inaccessible to Tusla for a time.

Hospitals across the country experienced widespread delays, while appointments and surgeries were cancelled for weeks as a result of the attack.

The incident has cost the HSE more than 50 million euro to date to fix, with further state investment of 675 million euro estimated to be required over the next seven years to maintain the health systems' cyber security.

The HSE is working to notify around 113,000 people whose information was illegally accessed by April; around 32,000 people have been contacted so far.

Tusla said in a statement: “All IT systems that support Tusla services were restored by June 30, 2021, and much of Tusla's IT infrastructure has since completed a migration to Tusla-owned and secured systems, of which cyber-security is a cornerstone.

“Tusla has worked closely with An Garda Siochana, the National Cyber Security Centre, and various other specialist national and international agencies to strengthen our IT security and we continue to assess our systems for vulnerabilities.”

Tusla added that at the start of 2022, a 13 million euro investment in cyber-security infrastructure was made across its device, email, and network security.

Republic of Ireland news