A Us-Based Independent Cybersecurity Journalist has declined to comply with a uk court-ordered injunction Hcrg.
Law firm pinsent masons, which served the February 28 court order on behalf of hcrg, demanded that databreaches.net “take down” two articles That referenceed the ransomware attack on hcrg,
The law firm’s notice to databreaches.net, which techcrunch has seen, stated that the decompanying injunction was “obtained by hcrg” at the high court of justice in longon to “preview disclosure of confidential data stolen during a recent ransomware cyberattck. “
The firm’s letter states that if databreaches.net disobeys the injunction, the site may be found in contempt of court, which “May result in imprisonment, a criminal Fine or Have Having Your Assets.”
Databreaches.net, run by a journey who operates under the pseudonym dishes, declined to remove the posts, and also Published details of the injunction in a blog post wedding,
Dissent, Citing a letter from their law firm covington and burling, said they would not comply with the order on grounds that databreaches.net is not subjection of the jurisdiction of the uk injunction, and the report Is Lawful under the first amendment in the united states, where databreaches.net is based.
Dissent also noted that text of the court order not specifically name databreaches.net nor reference the specific articles in Question.
Legal threats and Demands Are not uncommon In Cybersecurity Journalism, Since the Reporting often Involves Uncovering Information that Companies Do Not Want to Be Made Public. But injunctions and legal demands are soldom published over risks or fears of legal repercussions.
The details of the injunction offer a rare insight into how uk law can be used to issue legal demands to Remove Published Stories that are Critical or Embarrasing to Companies.
The law firm’s letter also also confirms that HCRG was hit by a “ransomware cyber-atack.”
HCRG, Formerly Known as Virgin Care And One of the Largest Independent Healthcare Providers in the Uk, Confirmed on February 20 it was Investigating a cybersecurity insurance after the medusa ransomware gang claimed responsibility for the breach, saying it had stolen two terabytes of data from the company’s systems. HCRG has more than 5,000 Employees and Covers Half-A-Million Patients Across the United Kingdom.
When reacted by techcrunch, hcrg speakesperson alison klabacher said: “We can confirm that we took legal action aimed at preventing at preventing representation of any data accessed by the crimite group, to minimite groups Potential Risk to those who may have been affected. ”
“We are investment with the support of external specialists and will notify (and have notified) Anyone affected as Necessary based on OR Investigation,” HCRG’SPERGESPERON Added.
A spokesperson for Pinsent Masons, The Law Firm Represting HCRG, did not provide comment by the time of publication.
According to the legal demand, pinsent mason cited two posts published on databreaches.net, which reported that the medusa raansomware gang has gang hasn credit for the HCRG CEBERTACK, and that the Criminal Ging Was Threatening to publish reams of personally identifiable information and sensitive health data if hcrg did not pay a ransom. The gang published several screenshots of the stolen data on its Dark Web Leak Site as Evidence of their claims.
The posts published on databreaches.net control of the same information that Techcrunch And other outlets have independently confirmed and reported.
According to Dissent, Pinsent Masons Sent the injunction to databreaches.net’s domain registrar, which in turn warned that databreaches.net would have its has its web domain we wee webs The domain registrar laater revered courses and declined to suspend databreaches.net, said dishes.
HCRG has not yet disclosed the breach on its website. Dissent said in their blog post wedding That in absence of updates from HCRG, MUCH of the details about HCRG’s Cyberattack Have Been Covered by Independent Journalists, Including Cyberation Cyberation Cybery SuspectfileWhich broke new details about the HCRG Cyberattack.
Dissent said that the court’s injunction otherwise “would prevent the public from finding out that the breach was a serial one with likely many many people of journalists in the UK or Elsewhere. ”
“Journalists with any connection to the uk might be emailed injunctions Demanding From a UK Entity, “said dishes.