An independent U.S.-based cybersecurity journalist refused to comply with a British court order injunction that they sought after a recent report of a cyberattack by British private healthcare giant HCRG.
Law firm Pinsent Masons serves on behalf of HCRG in a February 28 court order requiring DataBreaches.net to “removal” Two articles Quote Ransomware attacks HCRG.
TechCrunch saw the DataBreaches.net notice issued by law firms said the accompanying injunction was “acquired by HCRG” in London’s High Court to “prevent publication or disclosure of confidential data published or disclosed in recent ransomware cyberattacks.”
The company’s letter states that if Databreaches.net does not comply with the injunction, the location can be found in a court of contempt, “can result in jail, criminal fines, or seizure of your assets.”
Databreaches.net, run by reporters who operate with different visions under a pseudonym, refuses to delete posts or refuses to Details of the ban were posted in Wednesday’s blog post.
Objection, citing letters from its law firm Covington & Burling, said they would not comply with the orders of DataBreaches.net, that DataBreaches.net is not subject to the jurisdiction of the UK ban, and that the report is legal under the First Amendment where the United States’ First Amendment is located.
Dissidents also pointed out that the text of the court order was not specifically named databreaches.net or referenced to specific articles related to it.
Legal Threats and need yes Not uncommon In cybersecurity journalism, because reports often involve discovering information that companies do not want to disclose. However, injunctions and legal requirements are rarely issued due to risks or concerns about the impact on the law.
The details of the ban provide rare insight into how UK law is used to issue legal requirements to eliminate published stories that are crucial or embarrassing to the company.
The law firm’s letter also confirmed that HCRG was hit by a “ransomware cyber attack.”
HCRG, formerly known as Virgin Care, is one of the largest independent healthcare providers in the UK and was confirmed on February 20 Investigate cybersecurity incidents After Medusa ransomware gang was responsible for the breach, he said it stole 2 data from the company’s system. HCRG has more than 5,000 employees and has 500,000 patients in the UK.
“We can confirm that we have taken any data we have taken to prevent access from criminal groups to minimize potential risks for those who may be affected,” said Alison Klabacher, a spokesman for HCRG.
A spokesperson for HCRG added: “We are supporting the investigation of the incident with external experts and based on our investigation notification (and have notified) anyone affected.”
A spokesperson for Pinsent Masons, a law firm representing HCRG, did not comment when it was published.
Pinsent Mason, as required by law, cites two articles published on Databreaches.net, which reports that if HCRG does not pay for HCRG, the Medusa ransomware gang gained credibility for the HCRG cyber attack and that the criminal gang threatens to publish personally identifiable information and sensitive health data. The gang posted several screenshots of stolen data on its dark web leak site to prove its claim.
Posts posted on dataabreaches.net contain Most of the same information TechCrunch and other media have independently confirmed and reported.
According to objection, Pinsent Masons sent the ban to DataBreaches.net’s domain name registrar, which in turn warned that DataBreaches.net would suspend its web domain if the post was not deleted. Dissidents said the domain name registrar later reversed the course and refused to suspend databreaches.net.
HCRG has not disclosed the violation publicly on its website. Dissidents say Their blog post Wednesday Many details about HCRG cyberattacks have been introduced by independent journalists in the absence of HCRG updates, including cybersecurity blogs suspiciouswhich breaks new details about HCRG cyberattacks.
Dissidents said the court’s injunction would otherwise “will ” prevent the public from discovering that the violation is serious and that many people may be affected” and “can open the door to extensive scrutiny of journalists in the UK or elsewhere. ”
Dissidents said: “Reporters with any connection to the UK may send an injunction via email asking them to delete reports of data stolen from British entities in the past or any reports of data that may be stolen from any future reports on British entities.”
