HSE Restores Web Services Three Months After January Cyber Event

The Health Service Executive (HSE) is working to restore significant web services over three months after a cybersecurity incident in late January affected subsites for the National Cancer Control Centre (NCCC), the National Ambulance Service (NAS), and Cork University Hospital (CUH), among others.

The HSE detected «unexpected activity» on an external vendor-managed web server used for publications and content. This server was outside the main HSE network. Approximately 20 percent of the affected pages, which provide information on specific branch organizations, remain unavailable. While some, like CUH and Cork University Maternity Hospital, have been restored, sites for NAS, NCCC, Children First National Office, and the Medicine Management Programme are still offline.

This incident follows a major ransomware attack in May 2021 that shut down HSE systems, encrypted 80 percent of its IT environment, and compromised patient data for over 90,000 people. That recovery took four months and cost over €50 million. A review criticized the HSE for a lack of preparedness and reliance on a «frail IT estate» with legacy systems.