The US-based independent cybersecurity journalist refused to comply with the UK court order injunction sought after reports of a recent cyberattack at UK private health giant HCRG.
Pincent Mason, a law firm that served as a February 28th court order on HCRG, requested that two articles be “delete” referencing ransomware attacks against HCRG.
The law firm's notice to Databreaches.net seen by TechCrunch said that the attached injunction was “acquired by the HCRG” at the High Court in London to “prevent the disclosure or disclosure of sensitive data stolen during a recent ransomware cyberattack.”
The company's letter states that if Databreaches.net is in breach of the injunction, the site could be found in court light empty.
Databreaches.net, run by journalists operating under the pseudonymous challenge DOE, refused to delete the post and released details of the injunction in a blog post Wednesday.
The dissent, citing letters from law firms Covington and Burling, said databreaches.net was not subject to a UK injunction and would not comply with the order on the grounds that reporting is legal under the first amendment in the US based on Data Abreaches' net.
The dissent also noted that the text of the court order did not specifically name databreaches.net or reference the specific article in question.
Legal threats and demands are not uncommon in cybersecurity journalism. This is because reports often reveal information that companies don't want to be made public. However, injunctions and legal claims are rarely made public about risks and fears about legal implications.
The injunction details provide rare insight into how to use UK law to issue legal requests to remove published stories that are important or embarrassing to businesses.
The law firm's letter confirms that HCRG has been hit by a “ransomware cyberattack.”
HCRG, formerly known as Virgin Care and one of the UK's largest independent healthcare providers, confirmed on February 20 that it is investigating a cybersecurity case after the Medusa ransomware gang claimed liability for the violation. HCRG has over 5,000 employees, covering 500,000 patients in the UK.
When HCRG spokesman Alison Klabacher said when he reached TechCrunch, “we can see that we have taken legal action aimed at preventing the republication of data accessed by criminal groups to minimize the potential risk to those who may have been affected.”
“We are investigating the incident with the support of external experts and notifying (and notifying) those affected as necessary based on the investigation,” an HCRG spokesman added.
A spokesman for Pinsent Masons, a law firm representing HCRG, did not provide comment until publication.
According to legal demand, Pinsent Mason cited two posts published on databreaches.net. This reported that the Medusa ransomware gang trusted the HCRG cyber attack and threatened to release a federal confederation of personally identifiable information and sensitive health data if HCRG fails to pay the ransom. The gang released theft data on its dark web leak site, with some screenshots of the stolen data, as evidence of their claims.
Posts published on databreaches.net contain much of the same information that TechCrunch and other outlets independently reviewed and reported.
According to the opposition, Pincent Mason sent an injunction to the DataBreaches.net domain registrar, which resulted in DataBreaches.net warning that the web domain would be interrupted if the post was not deleted. The domain registrar later reversed the course and opposed it, refusing to suspend Databreaches.net.
HCRG has not yet published any violations of its website. Dissent said in a blog post Wednesday that, in the absence of updates from HCRG, much of the details about HCRG's cyberattacks are covered by independent journalists, including the cybersecurity blog SuspectFile, which recorded new details about HCRG cyberattacks.
Opponents said the court's injunction “will prevent the public from knowing that many people are likely to be affected, and “can open the door to widespread censorship for journalists in the UK or elsewhere.”
“Journalists with ties to the UK may be emailed to injunctions requiring that they delete past reports of data stolen from UK entities or may ban future reports of data stolen from UK entities,” the objection said.