The Health Service Executive has confirmed that some sensitive patient data stolen during the cyberattack on its systems three weeks ago has been leaked on the dark web.
The data contained corporate documents and private information related to roughly 520 patients.
The HSE told the Financial Times that the data included minutes of meetings and correspondence with patients in addition to sensitive information.
It has now begun notifying the patients involved in the leak.
The Financial Times first reported details of the leak almost two weeks ago, stating that 27 files containing the medical records of 12 individuals had been leaked on the dark web.
However, the HSE has now confirmed that a significantly higher number of patients were affected by the data leak. It also confirmed for the first time that the leaked data came from HSE servers.
"This data was the initial small tranche of data that was previously reported on, and we are not aware of any further attempted publication of our data," a HSE spokesperson said.
"We apologize for the inconvenience caused to our patients and service users. The HSE is working with An Garda Síochána on this criminal investigation."
The cybercriminal gang behind the ransomware attack on the HSE servers has threatened to publish more than 700 gigabytes of stolen data on the dark web if the HSE does not pay a €16.4 million ransom.
The Irish Government has repeatedly stated that it will pay no ransom.
HSE CEO Paul Reid said that the cyberattack will cost the health service at least €100 million.
Reid said that this figure was at the lower end of estimates and said that the HSE would have to pay significant fees to upgrade to Microsoft 365 and restore its networks. Reid additionally said that disruption caused to patients as a result of the attack would result in significant costs.
The cyberattack, which took place on May 13, has resulted in the cancelation of roughly 7,000 appointments per day over the last three weeks, while the HSE is still "a long way" from restoring its systems.