Total Tests:

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

By Tom Jowitt for Silicon UK
Wednesday, March 27, 2024

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier this month.

Should pay?

Meanwhile Dr Ilia Kolochenko, CEO at ImmuniWeb and adjunct Professor of cybersecurity at Capital Technology University, noted that in certain cases it may be a lesser of two evils to pay the ransom, despite official advice being firmly against that position.

“This is why enacting legislation that would flatly ban payment of ransom is highly undesirable and can cause more harm than good,” noted Dr Kolochenko. “Whilst, I share the FBI’s firm position that payment of ransom subsidises cybercrime and provokes new cyberattacks, there are cases when an isolated payment of ransom will be the lesser of all evils.”

“While it is unclear how many individuals are impacted by the attack and what kind of sensitive medical data has been stolen, the mere size of the dump implies quite catastrophic and unrepairable damage to some individuals,” said Dr Kolochenko.

“For instance, if an HIV status, sexual health or terminal cancer diagnosis is publicly revealed, it can ruin people’s careers or even provoke suicide,” Dr Kolochenko warned. “Under such extreme pressure, payment of ransom may be well justified. Having said this, payment will, of course, not guarantee that the data will never be leaked elsewhere but it will at least reduce such risk.”

“Finally, the best and most sustainable solution is to enact, help to comply with, and enforce cybersecurity legislation like EU’s DORA or NIS 2 Directive,” Dr Kolochenko concluded. “Otherwise, we are treating the symptoms, not the disease.” Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential