Irish Health Service Offers Compensation to Victims of 2021 Ransomware Attack
The Irish Health Service Executive (HSE) has begun offering €750 in compensation to individuals whose personal data was compromised during the major ransomware attack in May 2021. The attack, attributed to the Russia-linked Conti ransomware group, forced the HSE to shut down its IT infrastructure, severely disrupting hospital operations and leading to the exposure of sensitive patient information online. Legal representatives for over 100 affected individuals have confirmed receipt of the compensation offer, which also includes €650 to cover legal costs. This marks the first public acknowledgment by the HSE of the need to compensate victims, with approximately 620 legal proceedings currently underway and nearly 91,000 individuals notified of the breach.
Investigations into the incident revealed that the HSE's IT systems were outdated and lacked adequate cybersecurity measures, contributing to the scale of the breach. Since the attack, the HSE has reportedly invested in strengthening its cyber defense capabilities. The compensation offer is intended as a "full and final settlement" for those pursuing legal action, and payments are expected to be processed within 28 days of acceptance. The incident remains the largest cyberattack on a health service computer system in Ireland's history, highlighting the critical need for robust cybersecurity in healthcare organizations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
HSE begins offering €750 compensation to affected individuals
In December 2025, the HSE began offering €750 ex gratia payments to people whose data was compromised in the 2021 cyberattack. The offer was presented as compensation for the distress caused by the breach.
Conti ransomware attacks Ireland's HSE and steals patient data
The Irish Health Service Executive was hit by a Conti ransomware attack in 2021, disrupting health services and resulting in the theft of sensitive personal and medical data affecting patients and staff.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Conti Ransomware Crippled Ireland’s Health Service and Exposed Stolen Data
Ireland’s Health Service Executive (HSE) was hit by a major **Conti ransomware** attack that forced the shutdown of national health IT systems, disrupted hospital clinics, maternity services, radiology, GP referrals, and parts of Covid-19 testing and contact tracing, while emergency care and the vaccination programme continued. Irish officials said the attack began early on a Friday morning, described it as one of the most serious cybercrime incidents ever faced by the state, and confirmed the government would **not pay** a bitcoin ransom. Investigators also examined related hostile activity, including an attempted intrusion at the Department of Health and earlier distributed denial-of-service activity, while Gardaí, the National Cyber Security Centre, Defence Forces, Europol, and outside cybersecurity experts joined the response. The attackers were reported to have demanded about **$20 million** and claimed to have stolen roughly **700 GB** of data, raising fears that patient and employee information could be leaked on dark-web extortion sites. Recovery was expected to take weeks as the HSE rebuilt systems and shifted many services to manual processes, while the health service sought court injunctions to restrain the sharing of hacked data. The financial fallout later climbed to about **$600 million**, and the long tail of the breach continued years later, with the HSE offering compensation to some victims affected by the system-wide cyberattack.
May 26, 2026
Healthcare Organizations Face Legal and Notification Fallout From Ransomware-Linked Data Theft
**Norton Healthcare** agreed to pay **$11 million** to settle a class-action lawsuit tied to a 2023 **ALPHV/BlackCat** ransomware-related data theft that reportedly involved **4.7 TB** of stolen data and impacted nearly **2.5 million** people. The preliminary settlement provides for reimbursement claims (up to **$2,500** for unreimbursed expenses), compensation for time spent responding to the incident (up to **$80**), and **three years of medical identity monitoring**, pending final court approval. Separately, Ohio-based **Kettering Health** began notifying current and former patients and affiliates about a **May 2025** ransomware and data theft incident claimed by the **Interlock** cybercrime group. Reporting indicates Interlock publicly listed Kettering Health on its leak site and claimed roughly **941–950 GB** of data, and Kettering previously warned patients about **scam calls** from fraudsters impersonating medical bill collectors seeking credit card payments—activity consistent with post-breach social engineering and fraud attempts.
Mar 21, 2026
Impact and Response to the Change Healthcare Ransomware Attack
A ransomware attack on Change Healthcare, a major processor of health insurance claims, exposed the personal health information of over 190 million people and caused widespread disruption across the U.S. healthcare system. Hospitals and clinics were unable to process claims or receive payments, leading to severe cash-flow crises that threatened their operations. In response, the Centers for Medicare and Medicaid Services implemented the Change Healthcare/Optum Payment Disruption Accelerated and Advance Payment program, providing $3.3 billion in emergency relief, though only 11% of hospitals received funds, with rural and unaffiliated hospitals being less likely to benefit. Research from the University of Minnesota analyzed the effectiveness of this relief program and highlighted areas for improvement in future emergency funding responses. The American Hospital Association reported that the Change Healthcare incident was the largest single healthcare data breach in recent years, accounting for the majority of the 259 million records compromised in 2024. The breach underscored the vulnerability of healthcare data, particularly when stored unencrypted and managed by business associates rather than hospitals themselves. The incident has prompted calls for improved asset inventories, better tracking of business associates, and stronger data protection measures to mitigate the risk of similar large-scale breaches in the future.
Mar 21, 2026