The Garda investigation into the cyber-attack that paralysed the HSE during the Covid-19 Pandemic and illegally accessed details of over 100,000 patients and staff is ongoing.

Breda Crehan Roche, Chief Officer, Community Healthcare West, said because the criminal investigation was ongoing it limited the amount of information the HSE can share in the public domain about the data that was illegally hacked in the 2021 cyber-attack.

In response to Galway County Councillor Evelyn Parsons (Ind), Ms Crehan Roche confirmed that 100,000 people all over the country have been contacted by letter by the HSE to inform them their information was illegally accessed and copied during the cyber-attack.

She said the HSE has reviewed thousands of documents that were illegally accessed and copied during the cyber-attack, and notified people on how this might impact them. The exact number of people impacted in the West was not known.

Ms Crehan Roche said the aim of the cyber-attack was, “to disrupt our health services and computer systems by encrypting them, to illegally access and copy data, and demand a ransom”.

She said the cyber-attack stopped once the HSE became aware of it, and it responded with other State agencies.

She insisted that “no ransom was paid by the HSE or the State”.

Ms Crehan-Roche said this was not unique to the HSE, and said it had happened in other organisations including universities. Apart from a “small amount of data” referred to in an article in the Financial Times in May 2021, specialist security partners of the HSE have been monitoring the internet and dark web since the cyber-attack and they have seen “no evidence” that the illegally accessed and copied data has been published online or used for any criminal purposes.

“Our cyber security experts are continuing to monitor the internet and the dark web for illegally accessed information and the HSE will act immediately if we see any evidence of this,” said Ms Crehan Roche.

She would not be drawn on media reports highlighted by Councillor Parsons that the cost of the cyber-attack to the HSE could be between €50m and €101m initially, with a further €600m investment required after that.

“We sincerely regret the impact the cyber-attack has had on our health service, our patients and our teams nationwide,” added Ms Crehan Roche.