What happened:
A patient at the hospital died en route to another hospital when ransomware debilitated the hospital where she was to get her surgery.
Allegations have been made in the U.S. that deaths resulted from ransomware attacks in hospitals, but this is the first case that is uncontested.
Your risk assessment process needs to consider the kinds of harm we can create that go beyond confidentiality breaches. What other harms can we cause our customers or the public?
What does this mean to you?
It’s time to stop thinking of cybersecurity incidents as simply confidentiality breaches.
As the public and your customers become more dependent on technology, what kinds of harms could you cause?
Evaluate these impacts – other than confidentiality – in your risk assessment.