Case Study 7 - Sector Specific Attacks Clause Samples

Case Study 7 - Sector Specific Attacks. The healthcare sector has long been “cyber insecure”. According to ABI Research, millions of health records have been breached since 2010. Ransomware is high on the list of threats and over 50% of global targets have targeted the sector in the past two years despite warnings from security experts. Here we look at the known impacts of cyber incidents in the first quarter of 2017. 2.3.1.1 Malware Attack on German Hospital Facilities SIGNIFICANCE: The incident is symptomatic of economic impacts and impacts on society when a healthcare facility suffers a cyber-attack. The healthcare industry faces its own unique set of cyber security challenges as it is pushed by multiple compliance and regulatory requirements but also under pressure to cut costs while improving patient outcomes. Digitisation is a double-edge sword. On one hand, it improves patient care and overall efficiency. On the other, it may increase risk exposure as by storing more individual healthcare data in more places and on more devices. VICTIM: Lukas Hospital in Neuss, Germany32. INCIDENT & METHODOLOGY: In February 2017, the hospital suffered a Ransomware DDoS attack on its IT system. Almost immediately the hospital reports the cyber incident to Germany’s State Criminal Investigation Office for advice on how to deal with an anonymous email address to stop the ransomware, which had taken control of the IT system. IMPACT: Damage caused is both economic and societal. At the time of the incident being made public, the hospital had been without email access for over 3 weeks. Business as usual means using pen, paper and fax machines while IT professionals work to disentangle the system’s network. A considerable back log of notes to be entered into the EMR system has been another effect. Impacts to society include the delay of certain surgeries, and could also include potential loss of data not backed up before the attack. SOURCE(S): Various media reports, e.g. ZDNet33. 29 ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇.▇▇/article/petya-malware-ransomware-attack-outbreak-june-2017. 30 ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇.▇▇/technology/0/ransomware-does-work/. 31 See, for example, ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇.▇▇/news/2017-05-18/adylkuzz-cyberattack-could-be-far- worse-than-wannacry:-expert/8537502. 32 ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/healthcare-information-technology/2-weeks-into- ransomware-lockdown-german-hospital-awaits-instructions-from-hackers.html. 2.3.1.2 Attacks on UK Healthcare Sector