article featured image


On Tuesday, the High Court of Ireland has issued an order asking Chronicle Security Ireland and Chronicle LLC, both owned by Google, to reveal the private details of subscribers who downloaded or uploaded confidential data stolen from Ireland Health Service Executive (HSE) during a cyberattack.

On May 14th, Ireland’s Health Service Executive (HSE), the country’s publicly funded healthcare system, had to shut down all of its IT systems following a ransomware attack.

The Conti ransomware gang, who was responsible for the incident, threatened to use all the data stolen from HSE during the attack if a ransom of $20 million won’t be paid.

Conti threat actor declared to have stolen 700GB of sensitive patient and employee information such as contracts, correspondence, and corporate documents.

In order to show that they are responsible for the ransomware attack, the threat actors posted a link to a file in their ransomware negotiation chat that they stated included samples of the stolen data.

Stolen Ireland Health Service Executive HSE Information Uploaded to VirusTotal

This sample contained 27 files stolen from the Ireland Health Service Executive HSE including patient data, which was later uploaded to the VirusTotal, a service created to check for viruses that the user’s own antivirus may have missed or to verify against any false positives.

The data was downloaded 23 times by VirusTotal users before it was taken off by Chronicle on May 25th last.

The 27 files include the personal records of 12 individuals. One file reviewed by the FT includes admission records and laboratory results for a man who was admitted to the hospital for palliative care.

The broad details in that file matched a subsequent death notice seen by the FT.


In addition to scanning files, VirusTotal behaves as a container of uploaded files enabling subscribers to search for and download files to analyze for their own security research or upgrade their security software.

Nevertheless, when a file is uploaded to VirusTotal, it would permit any other subscriber to download and see the private information.

Following the Conti ransomware attack, the Irish High Court immediately reacted to the situation and had issued an order to prevent the cybercriminals from selling, sharing, or publishing the stolen data with anyone by requiring those who possessed any to return it to the Ireland Health Service Executive HSE.

The private information includes email addresses, phone numbers, IP addresses, or physical addresses.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *