The US-based independent cybersecurity journalist refused to comply with the UK court order injunction sought after reports of a recent cyberattack at UK private health giant HCRG.
Pincent Mason, a law firm that served as a February 28th court order on HCRG, requested that two articles be “delete” referencing ransomware attacks against HCRG.
The law firm’s notice to Databreaches.net, seen by TechCrunch, said that the attached injunction was “acquired by the HCRG” to prevent disclosure of confidential data stolen at the High Court in London.
The company’s letter states that if Databreaches.net is in breach of the injunction, the site could be found in court light empty.
Databreaches.net, run by journalists operating under the pseudonymous challenge DOE, refused to delete the post and released details of the injunction in a blog post Wednesday.
The dissent cited a letter from law firm Covington & Burling, saying databreaches.net is not subject to a UK injunction and does not comply with the order on the grounds that reporting is legal under the first amendment in the US, based on which Databreaches.net.
The dissent also noted that the text of the court order did not specifically name databreaches.net or reference the specific article in question.
Legal threats and demands are not uncommon in cybersecurity journalism. This is because reports often reveal information that companies don’t want to be made public. However, injunctions and legal claims are rarely made public about risks and fears about legal implications.
The injunction details provide rare insight into how to use UK law to issue legal requests to remove published stories that are important or embarrassing to businesses.
The law firm’s letter confirms that HCRG has been hit by a “ransomware cyberattack.”
HCRG, formerly known as Virgin Care and one of the UK’s largest independent healthcare providers, confirmed that it is investigating a cybersecurity case on February 20th after the Medusa ransomware gang claimed liability for the violation. HCRG has over 5,000 employees, covering 500,000 patients across the UK.
When HCRG spokesman Alison Klabacher said when he reached TechCrunch, “we can see that we have taken legal action aimed at preventing the republication of data accessed by criminal groups to minimize the potential risk to those who may have been affected.”
“We are investigating the incident with the support of external experts and notifying (and notifying) those affected as necessary based on the investigation,” an HCRG spokesman added.
A spokesman for Pinsent Masons, a law firm representing HCRG, did not provide comment until publication.
According to legal demand, Pinsent Mason cited two posts published on Databreaches.net. This reported that Medusa Ransomware Gang trusted the HCRG cyberattack and that criminal gangs threatened to release a federal confederation of personally identifiable information and sensitive health data if HCRG fails to pay the ransom. The gang released theft data on its dark web leak site, with some screenshots of the stolen data, as evidence of their claims.
Posts published on databreaches.net contain much of the same information that TechCrunch and other outlets independently reviewed and reported.
According to the opposition, Pincent Mason sent an injunction to the DataBreaches.net domain registrar, which resulted in DataBreaches.net warning that the web domain would be interrupted if the post was not deleted. The domain registrar later reversed the course and opposed it, refusing to suspend Databreaches.net.
HCRG has not yet published any violations of its website. In a blog post Wednesday, Dissent said in a blog post that, in the absence of updates from HCRG, much of the details about HCRG’s cyberattacks are covered by independent journalists, including the cybersecurity blog SuspectFile, which recorded new details about the HCRG cyberattacks.
Opponents said the court’s injunction “will prevent the public from knowing that many people are likely to be affected, and “can open the door to widespread censorship for journalists in the UK or elsewhere.”
“Journalists with ties to the UK may be emailed to injunctions requiring that they delete past reports of data stolen from UK entities or may ban future reports of data stolen from UK entities,” the objection said.