×

Irish Information Security Forum

HSE Data Leak

 

The Health Service Executive (HSE),  the publicly funded organisation responsible for Ireland's public health and social care services, has recently been at the center of a significant data leak.

 

In December 2021, Aaron Costello, a security researcher and principal SaaS security engineer at AppOmni, discovered a misconfiguration in HSE’s COVID Vaccination Portal². This misconfiguration inadvertently leaked the private information of more than a million Irish citizens². The leaked data included full names, vaccination status, the type of vaccine received, and more².

 

Upon discovering the leak, Costello reported his findings to the HSE and assisted the organisation with fixing the misconfiguration². The HSE, after conducting an investigation, did not find any evidence that any information was accessed by unauthorized individuals with malicious intent². The incident was not disclosed to the authorities or public until recently².

 

The HSE confirmed the leak but assured that there were no logs of anyone else accessing the data².

 

hse logo"Security considerations were at the forefront of the Covax deployment. However, when a system of this nature is put together under time pressure, misconfigurations can occur. We remediated the misconfiguration on the day we were alerted to it"². 

 

 

References


(1) Massive data leak in Irish Health Service Executive uncovered. https://cybernews.com/security/irish-health-service-executive-data-leak/.

(2) undefined. https://www.itpro.com/security/data-protection/openais-irish-data-processing-move-could-ward-off-regulatory-scrutiny.
(3) HSE hack: Sensitive data from 520 patients leaked online. https://www.thejournal.ie/hse-hack-data-5451581-May2021/.
(4) Patient data from HSE hack has appeared on the dark net, Minister confirms. https://www.thejournal.ie/several-weeks-before-hse-system-is-back-5442378-May2021/.

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter