In December 2021, Aaron Costello, a security researcher and principal SaaS security engineer at AppOmni, discovered a misconfiguration in HSE’s COVID Vaccination Portal². This misconfiguration inadvertently leaked the private information of more than a million Irish citizens². The leaked data included full names, vaccination status, the type of vaccine received, and more².
Upon discovering the leak, Costello reported his findings to the HSE and assisted the organisation with fixing the misconfiguration². The HSE, after conducting an investigation, did not find any evidence that any information was accessed by unauthorized individuals with malicious intent². The incident was not disclosed to the authorities or public until recently².
The HSE confirmed the leak but assured that there were no logs of anyone else accessing the data².
"Security considerations were at the forefront of the Covax deployment. However, when a system of this nature is put together under time pressure, misconfigurations can occur. We remediated the misconfiguration on the day we were alerted to it"².
References
(1) Massive data leak in Irish Health Service Executive uncovered. https://cybernews.com/security/irish-health-service-executive-data-leak/.
(2) undefined. https://www.itpro.com/security/data-protection/openais-irish-data-processing-move-could-ward-off-regulatory-scrutiny.
(3) HSE hack: Sensitive data from 520 patients leaked online. https://www.thejournal.ie/hse-hack-data-5451581-May2021/.
(4) Patient data from HSE hack has appeared on the dark net, Minister confirms. https://www.thejournal.ie/several-weeks-before-hse-system-is-back-5442378-May2021/.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more