Data Protection Commission Inquiry Update

Media Statement

In December 2019, eleven Primacare GP practices were the victims of a criminal ransomware cyberattack. These Primacare practices were acquired by Centric Health in 2016 and at the time of the attack were in the process of being integrated into Centric Health’s IT infrastructure. The ransomware attack restricted access to patient data in the affected practices for a short period of time, however, there is no evidence to suggest that any patient data was read or copied by the criminals.

Immediately following the attack, we made every possible effort to regain access to the data as quickly as possible. While this work was being done, data belonging to some patients was inadvertently deleted and we notified all of these patients at that time.

We apologise to all our patients impacted by this incident for any upset that might have been caused. We want to reassure them that the lost data was rebuilt and importantly, there was no adverse impact on their health care.

At the time of the cyberattack, we immediately informed the Data Protection Commissioner (DPC). Centric Health cooperated fully with the DPC investigation and note the findings of the report published by the DPC today.

We want to assure our patients that we take our responsibility to protect their data and ensure the security of our IT systems very seriously. We are doing everything we can to mitigate against any potential future criminal attack. We continue to invest significantly in our cybersecurity and data protection processes and procedures and are operating in line with international best practice in these areas.

We would like to apologise once again for any upset caused. If any of our patients has a concern or query about this issue, please contact us at 1800 121 950 or email patientsupport@centrichealth.ie.