The HSE has to be given details of those who uploaded and downloaded confidential material taken in the recent cyberattack onto an internet security firm's web service, the High Court has ordered.
The orders were secured against ChronicleSecurity Ireland Ltd and its US-based parentChronicle LLC, in respect of material downloaded onto its malware analysis service 'VirusTotal'. Both companies are owned by Google.
The order was made on Tuesday by Mr Justice Senan Allen. The judge said he was satsified from the evidence put before the court to grant the orders sought by the HSE.
The judge noted that was no opposition from the defendants to the making of order, which is known as a 'Norwich Pharmacal' order.
Virus
The order requires the defendants to provide information about subscribers who uploaded or downloaded the material onto 'VirusTotal' which is a service designed to screen documents to ensure they are virus free.
The information includes subscriber details including email addresses, phone numbers, IP addresses or physical addresses.
Through their lawyers Chronicle said they were neither opposing nor objecting to the making of the order sought by the HSE.
Chronicle said while it wanted to assist the HSE as much as they can, for data protection reasons it could not hand over any subscriber details in the absence of a court order.
Seeking the order Jonathan Newman SC, with Michael Binchy Bl for the HSE, submitted the orders sought could be made.
Such orders counsel said should be made sparingly, but in this instance, there has been a “clear breach” of the HSE's confidentiality and rights.
Stolen files
Previously the High Court heard that sometime in May approximately 27 files stolen from the HSE were downloaded onto 'VirusTotal'.
The material included sensitive patient information including correspondence, minutes of meetings, and corporate documents, the HSE claims.
That material was downloaded 23 times by 'VirusTotal' subscribers before it was removed by Chronicle on May 25th last.
In a sworn statement to the court, the HSE's National Director for Operation Performance and Integration Joe Ryan said it became aware of an article published by the Financial Times last month, which referred to some stolen data, and a link used to access the stolen data online.
The HSE sought the return of the data referred to in the article and an explanation as to the location of the link referred to in the article.
Mr Ryan said the Financial Times indicated it had obtained the stolen data from a confidential source which it refused to reveal.
Following the cyberattack, the HSE obtained a High Court order on May 20th last that restraining any sharing, processing, selling or publishing of data stolen from its computer systems.
Source
When the Financial Times received a copy of the order the HSE obtained on May 20th it handed over the information obtained from the source to the HSE's cybersecurity advisors, Mr Ryan said.
Mr Ryan said that following an analysis of the material received from the Financial Times, it was discovered that the stolen documents were uploaded on 'VirusTotal'.
After contacting the defendants, Mr Ryan said the stolen material was deleted from the 'VirusTotal' platform.