The Health Service Executive has secured injunctions from the High Court restraining any sharing, processing, selling or publishing of data stolen from its computer systems in the recent cyber attack.
The court was told that all of the HSE's data is potentially compromised by the attack and that the main purpose of the orders is to put legitimate information service providers such as Google and Twitter on notice of a legal prohibition on the sharing and publication of the HSE information.
Mr Justice Kevin Cross said the practical effect of the injunctions may be that the authorities in the country concerned will hopefully co-operate with the order and use their full resources to track down the perpetrators.
It was also expected other non-criminal actors will abide by the orders with the effect the mischief intended by the hackers will be minimised, he added.
The intended defendants now have 42 days to enter an appearance to the proceedings, after which the matter will return before the court.
The orders were sought against "persons unknown" who are responsible for accessing the HSE's IT system and planting a ransomware note on it on 14 May.
They also apply to anyone with knowledge of them.
HSE Chief Executive Paul Reid told the court in a sworn statement he feared all of the organisation's data "is potentially compromised".
The orders were sought by the HSE as part of planned proceedings for damages for breach of confidential information, fraud and deceit, conspiracy and conversion of the data which is believed to have been accessed by hackers based in Russia.
In a sworn statement, HSE CEO Paul Reid said he was advised it is "highly likely" data has been stolen and an investigation is ongoing to determine the extent of the theft.
He said: "This is a matter of grave concern for the HSE given the potential and imminent risk of publication of confidential medical and personal data relating to individuals contained on the HSE database system."
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
He said he was "extremely concerned" to read media reports of the alleged sharing of confidential medical data online and there were serious concerns the perpetrators of the attack will use the internet to begin drip feeding stolen confidential and highly sensitive medical data to third parties.
The Interim Chief Information Officer of the HSE, Fran Thompson, in his affidavit said the investigation into the hacking is ongoing but it has been established the hackers had access to the HSE system for one to two weeks before the cyber-attack was triggered on 14 May last.
He said one of the Ransomware notes stated: "YOU SHOUD BE AWARE! Just in case, if you ignore us. We've downloaded your data and are ready to publish." He was also aware of reports of samples of files being offered by the "Contilocker Team" for the purpose of seeking to demonstrate they hold HSE data.
Mr Justice Cross said the application was legally unusual as the courts here generally do not make orders against persons unknown.
However he was satisfied there is no legal impediment and the orders are necessary.
He said it was clear that "as the world knows", there has been a substantial hacking of the HSE undertaken by anonymous sources for the purposes of blackmail, "always the remedy of a coward", he said.
This was a "particularly heinous" form of blackmail where those responsible were seeking to put pressure on the HSE and the authorities to give in to the blackmailers demands, including by hoping patients with sensitive medical data stored on the HSE system will add to those pressures.
The consequences of the blackmailers actions are "particularly cruel" at this time of a worldwide pandemic which is putting strain on the ability of the HSE and other agencies to treat patients, including some suffering from serious and life threatening conditions.
He said it would be inconceivable if the law was impotent or tied by excessive rules from attempting to stop this "outrage".
While the identities of the perpetrators are unknown, it is known they are responsible for hacking and accessing of HSE data and planting the ransomware note, which stated they could be contacted via an electronic link provided.
