IT firms ordered to hand over details of those who downloaded information stolen in HSE cyberattack
The HSE has to be given details of those who uploaded and downloaded confidential material taken in the recent cyberattack onto an internet security firm's web service, the High Court has ordered.
The HSE has to be given details of those who uploaded and downloaded confidential material taken in the recent cyberattack onto an internet security firm's web service, the High Court has ordered.
The orders were secured against ChronicleSecurity Ireland Ltd and its US-based parent Chronicle LLC, in respect of material downloaded onto its malware analysis service 'VirusTotal'. Both companies are owned by Google.
The order was made on Tuesday by Mr Justice Senan Allen. The judge said he was satisfied from the evidence put before the court to grant the orders sought by the HSE.
The judge noted was no opposition from the defendants to the making of order, which is known as a 'Norwich Pharmacal' order.
The order requires the defendants to provide information about subscribers who uploaded or downloaded the material onto 'VirusTotal', which is a service designed to screen documents to ensure they are virus free.
The information includes subscriber details, including email addresses, phone numbers, IP addresses or physical addresses.
Through their lawyers, Chronicle said it was neither opposing nor objecting to the making of the order sought by the HSE.
Chronicle said while it wanted to assist the HSE as much as it could, for data protection reasons it could not hand over any subscriber details in the absence of a court order.
Seeking the order, Jonathan Newman SC, with Michael Binchy Bl for the HSE, submitted the orders sought could be made.
Such orders should be made sparingly, but in this instance, there has been a "clear breach" of the HSE's confidentiality and rights, counsel said.
Previously, the High Court heard that some time in May, 27 files stolen from the HSE were downloaded onto 'VirusTotal'.
The material included sensitive patient information including correspondence, minutes of meetings, and corporate documents, the HSE claims.
That material was downloaded 23 times by 'VirusTotal' subscribers before it was removed by Chronicle on May 25 last.
In a sworn statement to the court, the HSE's national director for Operation Performance and Integration Joe Ryan said it became aware of an article published by the last month, which referred to some stolen data, and a link used to access the stolen data online.
The HSE sought the return of the data referred to in the article and an explanation as to the location of the link referred to in the article.
Mr Ryan said the indicated it had obtained the stolen data from a confidential source which it refused to reveal.
Following the cyberattack, the HSE obtained a High Court order on May 20 last restraining any sharing, processing, selling or publishing of data stolen from its computer systems.
When the received a copy of the order the HSE obtained on May 20, it handed over the information obtained from the source to the HSE's cyber security advisers, Mr Ryan said.
Mr Ryan said that following an analysis of the material received from the FT, it was discovered the stolen documents were uploaded on 'VirusTotal'
After contacting the defendants, Mr Ryan said the stolen material was deleted from the 'VirusTotal' platform.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
