HSE takes action against man who leaked patient information to Wikileaks
The HSE has secured High Court orders preventing an IT worker from distributing highly confidential and sensitive information about hospital patients.
It is alleged that Neill Bradley had distributed confidential information he obtained from the HSE's computer servers during the course of his now former employment with a third party contracted by the HSE to perform certain IT services.
The information includes patient's personal data and medical databases allegedly sent by Mr Bradley to Wikileaks the non-profit organisation that publishes news leaks provided by anonymous source founded by Australian internet activist Julian Assange.
The orders were granted last week by Mr Justice Tony O'Connor, who said he was satisfied that Mr Bradley had gained access to private and sensitive data through his former employment, which he threatened to facilitate the dissemination of patients details and private records.
The judge noted that the defendant in one post on social media had referred to information he obtained, which Mr Bradley knew should be kept secure, as being "stolen. "
The HSE launched proceedings against Mr Bradley following a probe it commenced after becoming aware of a potentially serious data breach from posts on social media of screenshots of the HSE's internal servers.
The HSE claims the posts appeared on three twitter accounts it says were set up and controlled by Mr Bradley.
Through those accounts Mr Bradley allegedly sent messages to a senior official at the HSE, as well as posting to the social media accounts of Taoiseach Leo Varadkar, Ministers Simon Harris and Pascal Donohoe, media figures and Dr Tony Holohan.
In his communications, Mr Bradley made allegations of a cover-up and a scam by the HSE and said he would make public data from over a dozen Irish hospitals, it is claimed.
It is also claimed that he used various hashtags on his posts including #covid19 #lockdown ireland #notmytaoiseach #MAGA and #mediascum.
The HSE said during previous employment as a systems administration Mr Bradley was given access to its servers and patient databases to carry out tasks his previous employer was contracted to do.
That firm's role was to maintaining and servicing a 'smart' automated system used to dispense, record and manage medication given to patients at various hospitals called Omnicell.
The system is used in many hospitals throughout the state.
Since becoming aware of the situation the HSE, in co-operation with Mr Bradley's previous employer, who terminated his employment after learning of the HSE's concerns, have taken steps to secure the servers and prevent the information from being published.
These steps include having posts on the pastebin.com site and links to the confidential material removed.
The HSE also sought and obtained court orders, including in junctions to prevent him from attempting to post more links to confidential information.
The injunction is to remain in place pending the outcome of any full hearing of the matter.
The application for the injunctions was initially heard in camera, meaning that the proceedings were in private. The Judge subsequently lifted the in camera ruling allowing the media to report on the case.
In its action the HSE, represented by Eoin McCullough SC, Joe Jeffers Bl instructed by Philip Lee solicitors sought the orders against Mr Bradley with an address at Carrigeen Hill, Conna, Co Cork. Mr Bradley had been informed of the application against him.
However he did not attend, nor was he represented during, the court hearings.
Mr Justice O'Connor in making the orders said Mr Bradley would be given the chance to advance a defence to the HSE's claims at a full hearing of the action.
The injunction restrains Mr Bradley and any person to whom he has communicated or may communicate the confidential information from disseminating publishing, communicating by any means, or using any of said information through specific twitter handles and email addresses attributed to him.
The order also restrains the defendant, and anyone who received the confidential information from him, from destroying or deleting the information.
He must also deliver up all documents, records and devices containing the confidential information to the HSE's solicitors for forensic analysis.
The court further restrained Mr Bradley from leaving Ireland until he has complied with the order to deliver up the confidential information, and hand over his passport to An Garda Síochana, who will retain it until further order.
The HSE's solicitors were given permission to notify the Department of Foreign affairs, An Garda Síochana, authorities at all points of exit from the State about the court's orders.
Mr Justice O Connor said that Mr Bradley had said in another tweet that he had sold his house and was moving about Europe in a camper van to "ply my skills elsewhere."
The judge also noted the HSE's lawyers undertaking to give the Data Protection Commissioner, the Minister for Health and the Attorney General copies of the order and the documents put before the court during the application if requested by those parties.