Cloud Hosting

THE HIGH COURT has ordered that the HSE be provided with details of people who uploaded and downloaded confidential material taken in the recent cyber attack onto a internet securitys firms web-service.

The orders were secured against Chronicle Security Ireland Ltd and its US-based parent Chronicle LLC, in respect of material downloaded onto its malware analysis service VirusTotal. Both companies are owned by Google.

The order was made today by Mr Justice Senan Allen. The judge said he was satisfied from the evidence put before the court to grant the orders sought by the HSE.

The judge noted that was no opposition from the defendants to the making of order, which is known as a Norwich Pharmacal order.

The order requires the defendants to provide information about subscribers who uploaded or downloaded the material onto VirusTotal which is a service designed to screen documents to ensure they are virus-free.

The information includes subscriber details including email addresses, phone numbers, IP addresses or physical addresses.

Through their lawyers Chronicle said they were neither opposing nor objecting to the making of the order sought by the HSE.

Chronicle said while it wanted to assist the HSE as much as they can. For data protection reasons it could not hand over any subscriber details in the absence of a court order.

Seeking the order, Jonathan Newman SC, with Michael Binchy BL for the HSE, submitted that the orders sought could be made.

Such orders counsel said should be made sparingly, but in this instance, there has been a clear breach of the HSEs confidentiality and rights.

Previously the High Court heard that sometime in May approximately 27 files stolen from the HSE were downloaded onto VirusTotal.

The material included sensitive patient information including correspondence, minutes of meetings, and corporate documents, the HSE claims.

That material was downloaded 23 times by VirusTotal subscribers before it was removed by Chronicle on 25 May.

In a sworn statement to the court, the HSEs National Director for Operation Performance and Integration Joe Ryan said it became aware of an article published by the Financial Times last month, which referred to some stolen data, and a link used to access the stolen data online.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

The HSE sought the return of the data referred to in the article and an explanation as to the location of the link referred to in the article.

Ryan said the FT indicated it had obtained the stolen data from a confidential source which it refused to reveal.

Following the cyber attack, the HSE obtained a High Court order on 20 May that restraining any sharing, processing, selling or publishing of data stolen from its computer systems.

When the FT received a copy of the order the HSE obtained on 20 May it handed over the information obtained from the source to the HSEs cyber security advisors, Ryan said.

Ryan said that following an analysis of the material received from the FT it was discovered that the stolen documents were uploaded on VirusTotal

After contacting the defendants, Ryan said the stolen material was deleted from the VirusTotal platform.

Comments are closed for legal reasons.

Read more:
HSE secures orders to get details of those who downloaded cyber attack information - TheJournal.ie