HSE Ransomware Attacks – What do we do now?

GDPR and.... (1)

Monday 24th May 2021 marks the date that criminal hackers of the HSE IT system will upload personal data to the dark web. The Irish government have said they have not, nor will be paying a ransom. So what should we expect to happen now?

Personal information such as your full name, address, telephone number and PPS number may be uploaded and these could be sold to criminals for fraud. It is important now that we all remain vigilant so as not to fall for any email phishing attempts or phone and text scams that come through.

Phishing is an attempt to steal financial information by sending an email or message which purports to be a trusted source and dupes the victim into opening the email or message. It is understood to be the cause of the HSE ransomware attack.  The damage occurs when the victim receives a link to their computer in the form of a message or an email and they click on the link or download an attachment. This may send a virus to their computer or further encourages them to change passwords or to part with financial information.

If you receive an email that you are suspicious of, try looking at the email closely; you can use your mouse to hover over the sender’s details and check if it comes from a personal account and not the entity name in question.

The email may also look like it has been sent from within your organisation. In all these cases, if in doubt, delete.

Text messaging scams are becoming more sophisticated with some appearing beside genuine texts received from your bank, for example.  The message here is that your bank will never ask you to verify any details over text or ask you to change your passwords. Do not clink on the links from within these texts.

Should you receive a call from someone purporting to be your GP, your bank, a utility company or social welfare (to name but a few), the safest thing to do is to tell them that you are going to verify call and hang up. If they are genuine, they won’t mind. Do not give any financial information, card numbers, CCV numbers over the phone on the back of one of these phone calls. Verify the call by ringing a number from your own records – do not ring the caller back on the number they used.

Finally, it is worthwhile reviewing the safety features of your social media and email accounts. If you don’t already have it in place, multi-factor authentication is a good way of further protecting your data. It means that if someone is trying to use your accounts, then you will be notified.

Anyone suspecting their data has been uploaded to the web, should contact the HSE or the Gardaí and should you think of anyone that may benefit from hearing this information, please forward it on.

Subscribe to our Newsletter

Stay up-to-date with the latest in GDPR regulations news, best practices and more.

Share this post with your network

Free Download:
GDPR Compliance Checklist

Our free comprehensive checklist covers everything from auditing and inventory to implementation and ongoing compliance.