An Irish court has ordered VirusTotal to provide the information of subscribers who downloaded or uploaded confidential data stolen from Ireland’s national health care service during a ransomware attack.
The orders were secured against Chronicle Security Ireland Ltd and its US-based parent Chronicle LLC, in respect of material downloaded onto its malware analysis service ‘VirusTotal’. Both companies are owned by Google.
The stolen material included sensitive patient information including correspondence, minutes of meetings, and corporate documents, the HSE claims.
It has since been deleted from the service provided by Chronicle, whose ultimate parent is the internet giant Google. However, the HSE says that the material was downloaded 23 times before it was removed on May 25 last.
The order requires the defendants to provide information about subscribers who uploaded or downloaded the material onto ‘VirusTotal’ which is a service designed to screen documents to ensure they are virus-free.
The information includes subscriber details including email addresses, phone numbers, IP addresses, or physical addresses.
