Health Service Ireland (HSE) has become the latest victim of the MOVEit supply chain cyber attack launched against document transfer service MOVEit.
The attack was launched by ransomware gang Clop, who were able to infiltrate MOVEit by exploiting a zero-day vulnerability that allowed the group to hack into the company networks and steal data.
Professional services partnership EY was also affected by the attack, leading to a breach. HSE was working with EY to automate its recruitment process using software provided by MOVEit.
On June 8, HSE was alerted to the fact that EY had been impacted by the cyber attack and investigated the impact of it on HSE and its data.
HSE determined, following an investigation and analysis of the attack, that “no more than 20 individuals involved in the recruitment process” were affected by the data breach, according to the Cyber Security Hub.
The data hackers potentially accessed includes the names, addresses, mobile numbers and position of those on the recruitment panel, as well as more general information about the job roles to be filled. No other personal or financial information was accessed during the attack.
HSE is working with the Irish Data Protection Commission (DPC) and other relevant authorities and is in the process of contacting those affected by the breach.
Cyber attacks are becoming increasingly common in the health sector, with the most notable in the last 12 months being the Advanced ransomware attack on the NHS.