Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

€2 a Month €5 a Month One-off amount
File photo Shutterstock/PabloLagarto
High Court

HSE secures orders to get details of those who downloaded cyber attack information

The orders were secured against Chronicle Security Ireland Ltd and its US-based parent Chronicle LLC.
10.01pm, 29 Jun 2021
21.4k

THE HIGH COURT has ordered that the HSE be provided with details of people who uploaded and downloaded confidential material taken in the recent cyber attack onto a internet security’s firm’s web-service.

The orders were secured against Chronicle Security Ireland Ltd and its US-based parent Chronicle LLC, in respect of material downloaded onto its malware analysis service ‘VirusTotal’. Both companies are owned by Google.

The order was made today by Mr Justice Senan Allen. The judge said he was satisfied from the evidence put before the court to grant the orders sought by the HSE.

The judge noted that was no opposition from the defendants to the making of order, which is known as a ‘Norwich Pharmacal’ order.

The order requires the defendants to provide information about subscribers who uploaded or downloaded the material onto ‘VirusTotal’ which is a service designed to screen documents to ensure they are virus-free.

The information includes subscriber details including email addresses, phone numbers, IP addresses or physical addresses.

Through their lawyers Chronicle said they were neither opposing nor objecting to the making of the order sought by the HSE.

Chronicle said while it wanted to assist the HSE as much as they can. For data protection reasons it could not hand over any subscriber details in the absence of a court order.

Seeking the order, Jonathan Newman SC, with Michael Binchy BL for the HSE, submitted that the orders sought could be made.

Such orders counsel said should be made sparingly, but in this instance, there has been a “clear breach” of the HSE’s confidentiality and rights.

Previously the High Court heard that sometime in May approximately 27 files stolen from the HSE were downloaded onto ‘VirusTotal’.

The material included sensitive patient information including correspondence, minutes of meetings, and corporate documents, the HSE claims.

That material was downloaded 23 times by ‘VirusTotal’ subscribers before it was removed by Chronicle on 25 May.

In a sworn statement to the court, the HSE’s National Director for Operation Performance and Integration Joe Ryan said it became aware of an article published by the Financial Times last month, which referred to some stolen data, and a link used to access the stolen data online.

The HSE sought the return of the data referred to in the article and an explanation as to the location of the link referred to in the article.

Ryan said the FT indicated it had obtained the stolen data from a confidential source which it refused to reveal.

Following the cyber attack, the HSE obtained a High Court order on 20 May that restraining any sharing, processing, selling or publishing of data stolen from its computer systems.

When the FT received a copy of the order the HSE obtained on 20 May it handed over the information obtained from the source to the HSE’s cyber security advisors, Ryan said.

Ryan said that following an analysis of the material received from the FT it was discovered that the stolen documents were uploaded on ‘VirusTotal’

After contacting the defendants, Ryan said the stolen material was deleted from the ‘VirusTotal’ platform.

Comments are closed for legal reasons.

Author
Aodhan O Faolain
Send Tip or Correction
Read Next
More Stories
Related Tags