Security Breach at External Provider
The Irish Health Service Executive (HSE) has officially suspended the issuance of physical medical, GP visit, and long-term illness cards following a cyberattack on an external service provider responsible for card production. The incident, confirmed on July 10, 2026, prompted the immediate activation of HSE cyber security protocols.
While the HSE clarified that its own internal computer systems were not compromised, it acknowledged that a limited number of HSE records were accessed during the breach. The executive has since reported the incident to the Data Protection Commissioner (DPC), which is currently assessing the situation.
Impact on Service Delivery
The HSE has emphasized that despite the pause in physical card production, there is no reduction in the healthcare services available to citizens. Eligibility for medical cards and health schemes remains unchanged, and the processing of new applications continues as normal.
“The HSE has ensured that there is no reduction or change in the service that people receive,” a spokesperson stated. For those requiring immediate documentation, the HSE is providing provisional replacement certificates. Additionally, adult European Health Insurance Cards (EHIC) remain accessible via the official HSE Health App on mobile platforms.
Healthcare providers, including GPs and pharmacies, continue to verify patient eligibility through existing digital channels, ensuring that patient access to subsidized care remains uninterrupted. Individuals with specific concerns regarding their card status are encouraged to contact the HSE inquiry line at 0818 224 478.

