Hi, 
Guest
Pic
Sign In

gpdiscussion@centricgpforum.com

Centric GP Forum

View all threads

FW: Important - Update on DPC decision regarding ransomware attack on Primacare server

PC
Paul Carroll
Fri, Feb 24, 2023 5:06 PM

Hi everyone
Apologies for those of you who have already seen this, but I know some of you don’t use Centric Health email addresses, so there’s a chance this may have passed you by.
The Data Protection Commission decision regarding the cyberattack on a small number of our former Primacare practices in 2019 is now out there in the Big Wide World, as seen in this Irish Times article today:
https://www.irishtimes.com/business/2023/02/24/centric-health-fined-460000-over-2019-ransomware-attack/#
Please see Aodha’s letter below and the attached media statement if you need any more info.  If you want to know more then please email me directly pcarroll@churchtownmedical.iemailto:pcarroll@churchtownmedical.ie or feel free to post into this thread.
Have a great weekend!
Kind regards

Paul

Dr Paul Carroll  MBBS FRACGP MICGP
General Practitioner

Churchtown Medical
96/98 Churchtown Road Upper
Churchtown
Dublin 14

Phone: (01) 298 8945                    Fax: (01) 296 0549
Mobile 087 7813357
Email: pcarroll@churchtownmedical.iemailto:pcarroll@churchtownmedical.ie
Web:  www.churchtownmedical.iehttp://www.churchtownmedical.ie/

[Churchtown Medical]

From: Aodha OConnor Aodha.OConnor@centrichealth.ie
Sent: Friday, February 24, 2023 8:44 AM
To: #DL-AllStaff allstaff@centrichealth.ie
Subject: Important - Update on DPC decision regarding ransomware attack on Primacare server

Dear Colleagues
I am writing this morning to update you on the final decision of the Data Protection Commission (DPC) with regard to a ransomware attack on a Primacare server in December 2019 which will be published by the DPC this morning.
In their final decision, the DPC is critical of the setup and procedures we had in place at that time to deal with a ransomware attack and have imposed a fine of €460,000 on Centric Health.
This issue arose in December 2019 when a Primacare server which had data relating to eleven Primacare GP practices, was the victim of a criminal ransomware attack. At the time of the attack, 7 of the practices had not been fully integrated into our central IT infrastructure and so were more acutely affected. These practices were Citywest Medical, Manor Mills Medical, Tyrellstown Medical, Applewood Medical, Lusk Medical, Griffeen Medical and Woodstown Medical.
The attack restricted access to patient data and we made every possible effort to regain access to that data as quickly as possible. While this work was being done, some data belonging to 2,500 patients was inadvertently deleted.
While disruptive, the swift and decisive action taken by the teams in the affected practices enabled us to rebuild the missing data and we engaged directly with those patients at that time such that we are confident that there was no adverse impact on patient care.
At the time of the cyberattack, we immediately informed those patients whose data had been inadvertently deleted, An Garda Siochana and the DPC, who subsequently launched an investigation which has just now concluded. We cooperated fully with the DPC on their investigation over the last 3 years.
It is likely that the decision will be reported by media, so we have prepared a number of supports for you should any of your patients have questions about the decision. This information has been shared with your Practice Manager and is also available on Centric World. I have attached the press release that we will issue in response to the DPC decision for your information.
Note all press queries should be directed to Q4PR who are supporting us on this and contact details have been provided to your Practice Manager.
We are asking any patient with any further concerns to email their concern to patientsupport@centrichealth.iemailto:patientsupport@centrichealth.ie or call 1800 121 950 and we will engage directly with them.
As I am sure you know, we take our responsibility to protect patient data and ensure the security of our IT systems very seriously across all practices and we are doing everything we can to mitigate against any potential future criminal attack. We continue to invest in our cybersecurity and data protection processes and procedures and are operating in line with international best practice.
As part of this, it is important that you continue to take part in the ongoing cybersecurity training and daily monitoring for phishing emails because by doing so, each of you play your part in strengthening Centric Health’s overall cyber resilience.
If you have any questions or concerns about any of this, please reach out to me, your Manager, Regional Manager or anyone else on the Leadership Team.
Regards
Aodha

Hi everyone Apologies for those of you who have already seen this, but I know some of you don’t use Centric Health email addresses, so there’s a chance this may have passed you by. The Data Protection Commission decision regarding the cyberattack on a small number of our former Primacare practices in 2019 is now out there in the Big Wide World, as seen in this Irish Times article today: https://www.irishtimes.com/business/2023/02/24/centric-health-fined-460000-over-2019-ransomware-attack/# Please see Aodha’s letter below and the attached media statement if you need any more info. If you want to know more then please email me directly pcarroll@churchtownmedical.ie<mailto:pcarroll@churchtownmedical.ie> or feel free to post into this thread. Have a great weekend! Kind regards Paul Dr Paul Carroll MBBS FRACGP MICGP General Practitioner Churchtown Medical 96/98 Churchtown Road Upper Churchtown Dublin 14 Phone: (01) 298 8945 Fax: (01) 296 0549 Mobile 087 7813357 Email: pcarroll@churchtownmedical.ie<mailto:pcarroll@churchtownmedical.ie> Web: www.churchtownmedical.ie<http://www.churchtownmedical.ie/> [Churchtown Medical] From: Aodha OConnor <Aodha.OConnor@centrichealth.ie> Sent: Friday, February 24, 2023 8:44 AM To: #DL-AllStaff <allstaff@centrichealth.ie> Subject: Important - Update on DPC decision regarding ransomware attack on Primacare server Dear Colleagues I am writing this morning to update you on the final decision of the Data Protection Commission (DPC) with regard to a ransomware attack on a Primacare server in December 2019 which will be published by the DPC this morning. In their final decision, the DPC is critical of the setup and procedures we had in place at that time to deal with a ransomware attack and have imposed a fine of €460,000 on Centric Health. This issue arose in December 2019 when a Primacare server which had data relating to eleven Primacare GP practices, was the victim of a criminal ransomware attack. At the time of the attack, 7 of the practices had not been fully integrated into our central IT infrastructure and so were more acutely affected. These practices were Citywest Medical, Manor Mills Medical, Tyrellstown Medical, Applewood Medical, Lusk Medical, Griffeen Medical and Woodstown Medical. The attack restricted access to patient data and we made every possible effort to regain access to that data as quickly as possible. While this work was being done, some data belonging to 2,500 patients was inadvertently deleted. While disruptive, the swift and decisive action taken by the teams in the affected practices enabled us to rebuild the missing data and we engaged directly with those patients at that time such that we are confident that there was no adverse impact on patient care. At the time of the cyberattack, we immediately informed those patients whose data had been inadvertently deleted, An Garda Siochana and the DPC, who subsequently launched an investigation which has just now concluded. We cooperated fully with the DPC on their investigation over the last 3 years. It is likely that the decision will be reported by media, so we have prepared a number of supports for you should any of your patients have questions about the decision. This information has been shared with your Practice Manager and is also available on Centric World. I have attached the press release that we will issue in response to the DPC decision for your information. Note all press queries should be directed to Q4PR who are supporting us on this and contact details have been provided to your Practice Manager. We are asking any patient with any further concerns to email their concern to patientsupport@centrichealth.ie<mailto:patientsupport@centrichealth.ie> or call 1800 121 950 and we will engage directly with them. As I am sure you know, we take our responsibility to protect patient data and ensure the security of our IT systems very seriously across all practices and we are doing everything we can to mitigate against any potential future criminal attack. We continue to invest in our cybersecurity and data protection processes and procedures and are operating in line with international best practice. As part of this, it is important that you continue to take part in the ongoing cybersecurity training and daily monitoring for phishing emails because by doing so, each of you play your part in strengthening Centric Health’s overall cyber resilience. If you have any questions or concerns about any of this, please reach out to me, your Manager, Regional Manager or anyone else on the Leadership Team. Regards Aodha
Attached image
DPCDecisionMediaStatement24.02.23.docx (20.29 KB)
Empathy v1.0   2024 ©Harmonylists.com