Two weeks ago, Rehab Group informed the Data Protection Commission that it had been the victim of a cyber-attack on some of its IT systems. 

Since then, we have deployed our full resources and engaged external, specialist expertise to undertake a forensic investigation of the nature and extent of the attack on our data servers. This team of experts continue to work through the investigation and are supporting us to bring our systems safely back online. 

We have also engaged with the National Garda Cyber Crime Bureau and the National Cyber Security Centre from the outset and will continue to do so.  We are communicating information as the position becomes clearer to advise and educate our stakeholders following this callous attack on our organisation.

In recent days, this ongoing investigation revealed that some data has been accessed externally from some of our systems. We have updated the Data Protection Commission on this development today.  Our Serious Incident Management Team is working hard, in tandem with the experts to determine what data has been accessed. This could potentially involve employees and people who use our services. We are working hard to ascertain to what extent the accessed data comprises personal data, and to whom such personal data may relate.

We have further enhanced our monitoring capabilities since the attack and to date, there is no evidence that any data from our organisation has been used inappropriately. There is also no evidence that some recently reported scams are linked to this cyber-attack. Unfortunately these scams reflect the nature of the cyber-security environment we are operating in, where these events are becoming more common-place. 

The people who use, work and live in our services remain our number one priority. There has been no disruption to services to date because of this attack, and we will work to ensure this remains the case. We will continue to engage with our employees, people who use our services and key stakeholders throughout the coming days and weeks to ensure everyone remains updated and is fully informed of any significant changes arising from our continued investigation. 

We continue to urge everyone to take the usual precautions and never disclose personal details if they receive unsolicited contact from an unknown source.