An independent US -based internet security journalist has refused to respect an order ordered by the United Kingdom Court that was asked after reporting them on a recent internet attack on the UK private health care giant HCRG.
The Pinsent Mason law firm, which served the February 28 court order on behalf of HCRG, requested that Databreaches.net “remove” two items referring to the Ransomware attack on HCRG.
The announcement of the legal firm for Databreaches.net, which Techcrunch has seen, stated that the accompanying order was “taken from HCRG” to the High Court of Justice in London to “prevent the publication or detection of confidential stolen data during a recent internet ransomware”.
The firm’s letter says that if databreaches .net does not obey the order, the site may be found in the court, which “may result in imprisonment, a criminal fine or have seized your assets.”
Databreaches.net, led by a journalist who operates under the nickname of the DOE objection, refused to remove the posts, and also published details of the order in a blog post on Wednesday.
The dispute, citing a letter from their Covington & Burling legal firm, said they would not respect the order on the grounds that Databreaches.net is not subject to the jurisdiction of the UK Order and that reporting is legal on the basis of the first change in the United States, where Databreaches.net is based.
The dispute also noted that the text of the court order does not specifically appoint databreaches.net nor refers to the specific articles in question.
Legal threats and requests are not uncommon in internet security journalism, as reporting often involves disclosing information that companies do not want to be made public. But legal orders and requirements are rarely published on the risks or fear of legal consequences.
Details of the Order offer a rare overview of how the UK law can be used to issue legal requirements to remove published stories that are critical or shameful for companies.
The letter of the legal firm also confirms that HCRG was hit by an “Ransomware Internet Attack”.
HCRG, formerly known as Virgin Care and one of the largest independent health care providers in the UK, confirmed on February 20 that he was investigating an internet security incident after the Ransomware Madusa gang took responsibility for the violation, saying she had stolen 2 terabytes of company systems. HCRG has more than 5,000 employees and covers half a million patients across the UK.
When reached by Techcrunch, HCRG spokesman Alison Klabacher said: “We can confirm that we have taken legal actions that aim to prevent the republic of data from being achieved by the criminal group to minimize the potential risk for those who may have been affected.”
“We are investigating the incident with the support of external specialists and will notify (and have notified) anyone affected as necessary based on our investigation,” the HCRG spokesman added.
A Pinsent Masons spokesman, the legal firm representing HCRG, did not comment until the time of publication.
According to the legal request, Pinsent Mason mentioned two posts published in Databreaches.net, who reported that the Ransomware Medusa gang had received loans to HCRG online and that the criminal gang was threatening to publish personally identifiable information and sensitive health data if HCRG did not pay a Ransom. The gang posted some photos of the stolen data on its dark web flow site as evidence of their claims.
Posts published in Databreaches.net contain many of the same information that Techcrunch and other exits have confirmed and reported independently.
According to Dissent, the Pinsent Masons sent the order to Databreaches.net Domain the domain recorder, who in turn warned that Databreaches. The domain recorder later returned the course and refused to suspend Databreaches.net, the objection said.
HCRG has not yet publicly disclosed the violation on its website. Dissent said in their blog post on Wednesday that in the absence of HCRG updates, many of the details about HCRG Internet attack have been covered by independent journalists, including the SurpectFile online security blog, which breaks new details regarding HCRG Cyberattack.
The dispute said the court order otherwise “would prevent the public from discovering that the violation was serious with many affected people” and “could open the door for widespread censorship of journalists in the UK or elsewhere.”
“Journalists with any connection with the United Kingdom may be by email to demand that they remove past reports of data stolen from the UK entities, or they can be banned from any future reporting on any data stolen by a UK entity,” Dissent said.
