HSE to ‘robustly’ defend 400 lawsuits brought about by 2021 cyberattack
The HSE has been sued more than 400 times in the fall-out from the massive cyberattack which brought its systems to a halt in 2021, but said it will defend those claims “robustly”.
The vast majority of the lawsuits—398 of 404—are linked to GDPR or data protection claims, with the remainder filed as personal injury actions.
The health service was brought to a shuddering halt by the cyberhack in May 2021, carried out by a Russian international criminal organisation, with the vast majority of the HSE’s electronic systems and networks rendered unusable.
In the aftermath, the HSE came in for sustained criticism for the vulnerability of its IT defences, something it was claimed had been raised repeatedly with the organisation in the years preceding the attack.
The number of claims received to date as a result of the attack has not yet finalised as new actions continue to be taken.
In an update for the Public Accounts Committee, the HSE said the nature of the attack on a public body had been “unprecedented”, and that as such “it will defend these claims robustly”.
It said that a lack of case law precedents for the various actions meant an absence of “clearly defined legal principles” by which the HSE’s potential liability and the subsequent quantum of any damages awarded could be assessed, meaning it “is not possible at this stage to estimate the prospective outlay” which may result from that litigation.
Legal questions in terms of liability and damages relating to GDPR in other EU countries have been referred to the Court of Justice of the EU (CJEU), it said, adding that those claims are of direct relevance to the HSE. The HSE said the Irish claims should not be heard before certainty is received from the European court.
“These questions are directly relevant to the claims against the HSE. It is important that the issues in these preliminary references are clarified by the CJEU before the claims against the HSE proceed,” it said, adding that it had applied for a stay on proceedings in one lead case of the 404 lodged at Dublin’s Circuit Court pending the CJEU’s decisions in the European cases.
Such a stay means the proceedings in those cases are effectively paused until the CJEU issues its judgments.
Given that the stay has been granted, the HSE said it would be applying for similar stays in all the other cases, adding that the “majority” of the claimants had agreed, with “correspondence ongoing” in the remainder.
Early this year, the HSE said that about 100,000 notifications were to be delivered to patients whose data had been breached as a result of the attack.
Last month, the Irish Examiner revealed that the HSE is to spend €33m centralising and refining its response to cyber security incidents via a number of new public contracts.
Would you like a lunchtime summary of content highlights on the Irish Examiner website? Delivered straight to your inbox at 1pm each day.
News Related-
Pedestrian in his 70s dies after being struck by a lorry in Co Laois
-
Vermont shooting updates: Burlington police reveal suspect’s eerie reaction to arrest
-
Grace Dent says her ‘heart is broken’ as she exits I’m A Celebrity early
-
Stromer’s ST3 Urban E-Bike Goes Fancy With Minimalist Design, Modern Tech
-
Under-pressure Justice Minister announces review of the use of force for gardaí
-
My appearance has changed because of ageing, says Jennifer Lawrence
-
Man allegedly stabbed in the head during row in Co Wexford direct provision centre
-
Children escape without injury after petrol bomb allegedly thrown at house in Cork City
-
Wexford gardai investigating assault as man is bitten in the face during Main Street altercation
-
Child minder’s husband handed eight year sentence for abusing two children
-
The full list of the best London restaurants, cafes and takeaways revealed at the Good Food Awards
-
Mazda CEO Says EVs 'Not Taking Off' In The U.S.—Except Teslas
-
Leitrim locals set up checkpoint to deter asylum seekers
-
Ask A Doctor: Can You Get Shingles More Than Once?