Over the weekend, Northern Irish health trusts were on high alert after the XP95 hacker group claimed to have accessed hundreds of thousands of files.
A recruitment platform used by Northern Ireland’s health trusts has reportedly suffered a cyberattack from the relatively new hacker group XP95, which is claiming to have accessed hundreds of thousands of files.
With headquarters in Dublin and offices in Belfast, Toronto and Melbourne, BBC NI reported over the weekend that it has seen an email from Healthdaq’s data protection officer, saying it had become aware of unauthorised access to data held on its platform on 30 March, and that the issue had been contained.
“The incident has been identified as a confidentiality breach involving unauthorised access and extraction of data,” BBC NI quoted the email, which said that names, contact details, CVs, forms of government ID and in some cases even health data could be among the data that was stolen.
The cited email went on to warn that the nature of the data stolen meant that there was a risk of misuse, from identity theft to fraud. According to the BBC, the health trusts have warned all staff to be aware of a potential cyber incident and to be extra vigilant.
Healthdaq confirmed to SiliconRepublic.com that “Healthdaq has been the victim of a cybersecurity incident”.
“The incident has been reported to the relevant regulatory and law enforcement authorities including the Garda National Cyber Crime Bureau,” it said, adding that because the incident is the subject of an active criminal investigation, it could not make any further comments at this time.
According to threat intelligence firm Red Piranha, the XP95 ransom actor was first observed on March 4, and its first known attack was on Eholo Health, a Spanish mental health SaaS platform serving more than 10,000 psychologists across Spain and Andorra.
“The actor’s BreachForums profile was freshly created at the time of first appearance, with no prior references in threat intelligence reporting linking XP95 to any known organised group or prior campaigns,” said Red Piranha in a threat intelligence report from early March.
“Unlike conventional ransomware operators, XP95 does not deploy encryption malware,” it said. “The group operates a pure exfiltration-and-extortion model: sensitive data is stolen from the victim environment, a proof-of-compromise sample is published on a Tor-hosted data leak site (DLS) and cross-posted to BreachForums, and a ransom demand is issued with a hard payment deadline.”
Should the ransom not be paid, XP95 then threaten to publicly release the stolen dataset or put it up for sale. Reporting suggests that Healthdaq has indeed received a ransom request.
Updated 1.50pm 14 April 2026: The story has been updated to incorporate a comment from Healthdaq.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.






















