Organizations Are Ill-Prepared for Cyberattacks, Says Cyber Law Expert
Nimrod Kozlovski, partner at Israel-based law firm Herzog, Fox, Neeman, and lecturer at Tel Aviv University spoke Monday at Calcalist’s Cyber 2020 conference
Kozlovski mentioned two events he was involved with: a big financial firm that got a threat that included a list of some 50 major clients, complete with bank account and deposit information, and a hospital doctor that paid a $500 ransom to hackers that blocked access to his computer, where patient medical files were stored. The doctor failed to report the incident until he realized the medical data was now scrambled, confusing the file of a five-year-old patient with that of a 70-year-old man, Kozlovski said.“That is where we come in,” Kozlovski said. With the financial firm, we had to run a process of forensics, to figure out the seriousness and extent of the event, he said. “Was it just a printout that somebody failed to shred and ended up in the wrong hands, a contained computer breach, or did someone still the company’s complete client list?” The latter of which would require involving the police and the Israeli Internal Security Service (Shin Bet), he said.
With the hospital, the most important thing was to figure out if the two incidents were in fact related because the blunder could also have been caused by human error, Kozlovski said.”If someone did manage to hack the medical registry, they can encrypt it and change it, which means patients might receive treatment based on the wrong medical data,” he said. “No doctor would dare treat a patient when there is reason to believe the data has been tainted.”