By: Sean Treacy – estimated reading time: 4 minutes
Conti Ransomware Attack on Ireland’s HSE: Five Years Later, Legal Cases Continue.
The 2021 Conti ransomware attack on Ireland’s Health Service Executive (HSE) remains one of the most significant cyberattacks ever carried out against a national healthcare system.
Almost five years later, legal proceedings arising from the breach are still ongoing, with many affected individuals continuing to seek compensation through the courts.
The incident has also generated important legal questions, with aspects of related litigation reaching the Court of Justice of the European Union (CJEU), highlighting the wider implications of data protection and cyber liability across the EU.
Legal Proceedings Continue
Many claims against the HSE remain active, and progress through the Irish court system has been slow.
In correspondence dated 25 February 2026, one solicitor advised a client:
“There is a process going forward where pleadings are exchanged between our office and the HSE solicitors before we can get to a point of obtaining a trial date for you in Cork Circuit Court. That process is likely to take approximately 18 months from now to see through. I will let you know in time once we have a trial date.”
For many victims, this means their cases may not be heard until nearly seven years after the original cyberattack.
What Happened?
The Conti ransomware attack struck the HSE on 14 May 2021, forcing Ireland’s public healthcare system to shut down much of its IT infrastructure.
The attack is widely regarded as the largest cyberattack ever carried out against an Irish state agency and one of the most serious attacks on a national health service anywhere in the world.
Systems across the country were encrypted, healthcare services were severely disrupted, and sensitive patient and staff information was compromised.
How the Attack Occurred
Investigations found that the attackers had gained access to HSE systems several weeks before deploying the ransomware.
The initial compromise is believed to have occurred in March 2021, when a phishing email containing a malicious Microsoft Excel attachment was opened by an employee.
Once inside the network, the attackers reportedly spent weeks moving through HSE systems using tools such as Cobalt Strike, identifying valuable data before launching the ransomware on 14 May.
The malware encrypted files using the .FEEDC extension while simultaneously stealing large volumes of sensitive information.
Independent reviews later identified several factors that contributed to the success of the attack, including weaknesses in patch management, outdated security controls, and insufficient network monitoring.
One frequently cited statistic from the PwC review indicated that approximately 30,000 Windows devices across seven HSE systems had not received critical security updates.
Immediate Impact
To contain the attack, the HSE shut down its national IT network.
The consequences were immediate and widespread:
- Hospitals reverted to paper records.
- Thousands of appointments and procedures were cancelled.
- Cancer treatments and radiotherapy services experienced significant disruption.
- Laboratory and diagnostic services were affected.
- Healthcare staff were forced to operate without many essential digital systems.
The attack occurred during the COVID-19 pandemic, placing additional pressure on already stretched healthcare services.
Ransom Demand
The Russia-linked Conti ransomware group, believed to be associated with the cybercriminal organisation Wizard Spider, demanded approximately $20 million (€19 million) in exchange for decryption keys and a promise not to release stolen data.
The Irish Government refused to pay the ransom.
Although Conti later provided a free decryption tool, the group continued to threaten the publication and sale of stolen information.
The Data Breach
Beyond disrupting healthcare services, the attack exposed sensitive personal information belonging to patients and HSE employees.
Compromised data included medical records and personal information, some of which later appeared online or was threatened for publication on criminal websites.
The Department of Health was also affected by the cyberattack.
Recovery Costs
Recovering from the attack proved to be a lengthy and expensive process.
Estimates for the overall cost have varied considerably, ranging from over €100 million for immediate recovery and system restoration to figures approaching €600 million when longer-term impacts are included.
A comprehensive independent review by PwC, published in December 2021, identified significant weaknesses in cybersecurity governance, patch management, monitoring, and incident response.
The attack prompted major investment in cybersecurity across Ireland’s healthcare sector.
Compensation for Victims
More than four and a half years after the attack, the HSE announced a compensation scheme in December 2025, offering €750 to eligible individuals whose personal data had been compromised.
For many claimants, however, accepting this payment required withdrawing ongoing legal proceedings.
Individuals pursuing court action also faced court registration costs of approximately €140, while legal correspondence seen by some claimants indicated solicitor fees and VAT could exceed €1,600.
Some victims have argued that the compensation offered does not adequately reflect the seriousness of the breach or the potential long-term consequences of having highly sensitive medical and personal information exposed.
Greatest Financial Beneficiaries – Legal Firms
The greatest financial beneficiaries of these proceedings may ultimately be the legal professionals rather than the individuals whose sensitive personal and medical data was exposed. When legal fees exceed the compensation offered to claimants, it is understandable that many victims question whether the system is delivering meaningful justice.
International Criminal Investigation
The cyberattack also became part of a wider international investigation into the Conti ransomware operation.
In 2025, Oleksii Lytvynenko, a Ukrainian national arrested in Cork, was extradited from Ireland to the United States to face allegations connected with the broader Conti cybercrime network. He was not prosecuted in Ireland.
US authorities allege that the Conti operation targeted more than 1,000 organisations worldwide, extorting at least $150 million before the group effectively disbanded in 2022.
A Landmark Cybersecurity Case
The HSE attack has become a defining case in the history of ransomware attacks against critical national infrastructure.
It exposed the vulnerability of healthcare systems to organised cybercrime and prompted renewed attention to cybersecurity investment, incident preparedness, and data protection across Europe.
Nearly five years after the attack, legal proceedings continue, and many claimants still face lengthy waits before their cases reach trial.
Key Takeaways
- The Conti ransomware attack on Ireland’s Health Service Executive occurred on 14 May 2021.
- The cyberattack caused nationwide disruption to healthcare services and compromised sensitive patient and staff data.
- Recovery has cost hundreds of millions of euro and prompted significant cybersecurity reforms.
- Compensation offers announced in late 2025 have been criticised by some claimants as being insufficient.
- Legal proceedings remain ongoing, with some trial dates not expected for at least another 18 months.
- The case continues to shape discussions around cybersecurity, data protection, and accountability for critical public infrastructure.



