NHS Scotland Confirms Clinical Data Published By Ransomware Gang
Wednesday, March 27, 2024
NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier this month.
Should pay?
Meanwhile Dr Ilia Kolochenko, CEO at ImmuniWeb and adjunct Professor of cybersecurity at Capital Technology University, noted that in certain cases it may be a lesser of two evils to pay the ransom, despite official advice being firmly against that position.
“This is why enacting legislation that would flatly ban payment of ransom is highly undesirable and can cause more harm than good,” noted Dr Kolochenko. “Whilst, I share the FBI’s firm position that payment of ransom subsidises cybercrime and provokes new cyberattacks, there are cases when an isolated payment of ransom will be the lesser of all evils.”
“While it is unclear how many individuals are impacted by the attack and what kind of sensitive medical data has been stolen, the mere size of the dump implies quite catastrophic and unrepairable damage to some individuals,” said Dr Kolochenko.
“For instance, if an HIV status, sexual health or terminal cancer diagnosis is publicly revealed, it can ruin people’s careers or even provoke suicide,” Dr Kolochenko warned. “Under such extreme pressure, payment of ransom may be well justified. Having said this, payment will, of course, not guarantee that the data will never be leaked elsewhere but it will at least reduce such risk.”
“Finally, the best and most sustainable solution is to enact, help to comply with, and enforce cybersecurity legislation like EU’s DORA or NIS 2 Directive,” Dr Kolochenko concluded. “Otherwise, we are treating the symptoms, not the disease.” Read Full Article
CPO Magazine: UK and US Blame China’s State-Sponsored Hackers for Parliament Cyber Espionage, Cyber Attacks on Energy Industry
Solicitors Journal: SEC settles charges against investment advisers for AI misrepresentation