Irish High Court serves HSE hackers an injunction to block data leak

A view of the Irish High Court building in Dublin

The Irish High Court has issued an injunction against the hackers responsible for last week’s cyber attack on Ireland’s national health and social services provider, the Health Service Executive (HSE).

Responsibility for the attack has been attributed to the Conti hacking group, which had signed off on the ransomware notes as the “Contilocker gang”, demanding a payment of $19,999,000 (over £13 million). The Irish government has so far refused to pay the ransom demand.

Ransomware gangs pretend to delete stolen data to extort victims twice, report warns Defend your organisation from evolving ransomware attacks Four ransomware resiliency challenges you can combat with confidence

The Conti hacking group, which was previously blamed for an attack against the Scottish Environment Protection Agency (SEPA) on Christmas Eve, provided the HSE with a free decryption tool earlier this week, adding that “it will sell or publish a lot of private data if [the HSE] will not connect us [sic] and try to resolve the situation”.

This prompted the HSE to apply for an injunction against the hacking collective, with the Irish High Court ordering the hackers to cease sharing the stolen data, giving them 42 days to identify themselves and enter an appearance to the proceedings, according to the Irish Times.

The legal document aims to prevent the group from selling, processing, publishing, or sharing the stolen HSE data, which includes private medical information related to HSE patients, as well as payroll and HR data of its employees.


Four ransomware resiliency challenges you can combat with confidence

The benefits of a multi-layered security solution


However, with no postal or email address attributed to the off-the-radar cyber criminals, the injunction had to be posted onto a website on the dark web thought to be associated with the hacking group.

Although it's an uncommon practice, securing a court injunction against anonymous hackers has precedent, most notably in the case of a cyber attack against London-based shipping company Clarkson PLC in 2017, as well as a second case involving a company who opted to remain anonymous, referred to in court documents by the acronym PLM in 2018.

On Thursday, the HSE released a statement detailing the impact of the ransomware attack, saying that it had had “a significant impact on hospital appointments”, with continued “major disruptions”.

“Slow but steady progress is being made in assessing the impact and beginning to restore HSE IT systems. This work will take many weeks and we anticipate major disruption will continue due to the shutdown of our IT systems,” the Irish health service provider added.

Sabina Weston

Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.

Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.