A Relevant Ransomware Scenario: The Targeting of Municipal Governments and Healthcare Providers

One of the cyber scenarios highlighted in the Cyber Law Toolkit describes the potential use of ransomware against municipal governments and healthcare providers. Given the pandemic and recession constraints in today’s world, this scenario and its potential implications are more relevant than ever and worthy of consideration by legal, business, and information technology professionals.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Developed through a project run by a consortium of five partner institutions: Czech National Cyber and Information Security Agency (NCISA), International Committee of the Red Cross (ICRC), NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE), University of Exeter, and Wuhan University, the Cyber Law Toolkit is designed to help legal practitioners with a working knowledge of international law consider precise and practical cyber scenarios based on real-life examples. One of the cyber scenarios highlighted in the Cyber Law Toolkit describes the potential use of ransomware against municipal governments and healthcare providers. Given the pandemic and recession constraints in today’s world, this scenario and its potential implications are more relevant than ever and worthy of consideration by legal, business, and information technology professionals.

Extract from the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE)*

Scenario 14: Ransomware Campaign

Municipal governments and health care providers in one State fall victim to a ransomware campaign launched by a non-State group in a second State. The ransomware campaign disables municipal and health care services in the first State. The scenario explores how the ransomware campaign may be classified under international law. It first considers whether the campaign is a breach of an international obligation attributable to a State. It then discusses the possible legal responses available to the victim State.

Scenario Facts

A previously unknown strain of ransomware is directed toward several municipal governments and a variety of health care services providers in State A through the use of phishing emails. Upon opening the emails by government and health care services employees, computer systems are affected. In a major metropolitan city in State A, the local court is forced offline because the ransomware has encrypted its computer systems and the police are forced to revert to using pen and paper to issue traffic citations. Moreover, police are unable to effectuate warrants and ongoing investigations into crimes must be postponed. Thousands of computers at the State A Department of Transportation stop working. Processing of applications for drivers’ licenses and permit renewals is halted. City authorities refuse to pay ransom to the attackers and are forced to spend considerable sums to repair and restore the affected computer systems.

The same ransomware infects hospital systems in a separate city in State A. Doctors are unable to access patient data stored digitally. Staff resort to using paper charts, transmitting messages in person and being able to perform only basic treatment without access to X-rays or ultrasound scans. The health records system of a major company incorporated in State A is also infected, leaving thousands of patient medical files inaccessible. The inaccessibility of patient data coupled with the disruption to the hospital computer systems results in the inability of the medical staff to perform critical surgeries. Patients are admitted to the emergency rooms when absolutely necessary, but cannot be operated on in a timely manner, resulting in several otherwise preventable injuries, but fortunately no loss of life. Lesser harm is caused to patients who cannot be given necessary medication because their medical records are inaccessible. A significant economic loss is caused by the need to reroute patients to other hospitals.

After several weeks, the ransomware attacks stop.

Authorities in State A determine that the ransomware was created by a group of hackers in State B. The hackers’ relationship to State B is not clear. However, the methodology utilized by the hackers bears a striking similarity to a previous cyber operation attributed to State B. Moreover, State B, while formally denying any involvement in the incidents, praises the actions of the hackers as a just and foreseeable reaction to what State B characterizes as State A’s foreign policy misdeeds. State A and State B have strained relations.

State A indicts the hackers, but State B does not cooperate in extraditing the hackers to State A for prosecution under criminal laws of State A for several reasons. Firstly, State B is prohibited by its constitution from extraditing its citizens for criminal prosecution in other States. Secondly, relations between State A and State B are such that, even in the absence of the foregoing reasons, State B would be disinclined to co-operate with State A. Finally, State media in State B has lauded the actions of the hackers as a just response to State A’s purported misdeeds.

Scenario Examples

Legal Analysis

The analysis in this scenario focuses on the legal qualification of the ransomware attacks from the perspective of international law. In particular, it examines whether the relevant conduct is attributable to State B and whether it amounts to a breach of an international obligation owed by State B to State A. It then discusses the possible legal responses available to the State A.

For the complete and detailed legal analysis with discussions of key terms, considerations, and checklists, visit the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDOE) blog at Cyberlaw.CCDCOE.org.

Read the complete scenario overview at Scenario 14: Ransomware Campaign


About the Cyber Law Toolkit and Project

The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia, and the project is run by a consortium of five partner institutions: Czech National Cyber and Information Security Agency (NCISA), International Committee of the Red Cross (ICRC), NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE), University of Exeter, and Wuhan University. The project team consists of Dr. Kubo Mačák (Exeter), General Editor, Mr. Tomáš Minárik (NCISA), Managing Editor, and Ms. Taťána Jančárková (NATO CCDCOE), Scenario Editor. The individual scenarios and the Toolkit have been reviewed by a team of more than 20 external experts and peer reviewers. The Toolkit is an interactive resource that is continuously developed and updated.

Learn more about the toolkit and project at Cyber Law Toolkit


Additional Reading

Source: ComplexDiscovery

* Redistributed with Permission Under the Creative Commons Attribution-ShareAlike 4.0 License

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during the last two years with 334 individual responses, the semi-annual eDiscovery Pricing Survey highlights pricing on selected collection, processing, and review tasks. The aggregate results of all surveys as shared in the provided comparative charts may be helpful for understanding pricing and its impact on purchasing behavior on selected services over time.



Access the Results Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

A Cybersecurity Self Check? Medical Facilities Best Practice Test Criteria for Article 32 GDPR

According to the publishers, this paper is an aid to quickly...

Classifications, Concerns, and Concepts: Reference Architectures and the Industrial Internet of Things

The expected disruptive developments collectively referred to as the Internet of...

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

An eDiscovery Market Size Mashup: 2018-2023 Worldwide Software and Services Overview

The annual eDiscovery Market Size Mashup estimates the combined worldwide eDiscovery...

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during...

A Pandemeconomic Indicator? Summer 2020 eDiscovery Pricing Survey Results

Based on the complexity of data and legal discovery, it is...

COVID-19 Constrained? The Impact of Six Issues on the Business of eDiscovery

In the spring of 2020, 51.2% of respondents viewed budgetary constraints...

A Cause to Pause? eDiscovery Operational Metrics in the Spring of 2020

In the spring of 2020, 150 eDiscovery Business Confidence Survey participants...

eDiscovery Mergers, Acquisitions, and Investments in Q1 2020

From HaystackID and Everlaw to Cellebrite and Carbonite, ComplexDiscovery findings, data...

eDiscovery Technology Provider Everlaw Raises $62M

"Everlaw is changing the way legal teams uncover the truth buried...

OpenText Buys Secure Information Exchange and Unified Communications Leader XMedius

“We welcome XMedius’s customers, strong partner network and employees to OpenText,"...

TCDI Receives Private Equity Investment from Trivest Partners

“We are excited to partner with TCDI and Bill Johnson to...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...

Five Great Reads on Data Discovery and Legal Discovery for March 2020

From business continuity considerations to cybersecurity attacks, the March 2020 edition...

Five Great Reads on Data Discovery and Legal Discovery for February 2020

From cyber operations to pricing data points on eDiscovery, the February...