FOIA This! Using FOIA to Report on Ransomware

Ransomware is huge news because of the WannaCry cyber-attack which recently hit institutions in some 150 countries.

Even before it happened, requests for government information had revealed computer security vulnerabilities. But in the aftermath of the latest attack, there are opportunities to use national freedom of information laws to develop news stories.

The early warning about vulnerabilities came via an FOI request in the UK by Motherboard. Back in September 2016, reporter Joseph Cox noted that, “Hospitals across England are running thousands of out-of-date Windows XP machines, potentially putting patient data and other sensitive information at risk.”

Post attack, here are a few suggestions for promising FOI requests in this area:

How Many Attacks?

By asking a basic question, the Netherlands-based NL Times learned that two Dutch government institutions and a company in the energy sector were infected with ransomware. The NL Times’ Janene Pieters wrote about the information obtained from the National Cyber Security Center by applying FOI.

An FOI request in the UK by SentinelOne, a security firm, found that Imperial College Healthcare in London was hit with ransomware 19 times over 12 months, according to an article in InfoSecurity magazine. The article also also noted that 30 percent of National Health Service Trusts have suffered a ransomware attack. According to an April 2017 article in InfoSecurity, Duo Security found that 70 percent of UK universities have fallen victim to phishing attacks.

What’s the Cost?

Eric Lacy and Steven R. Reed, from Michigan’s Lansing State Journal, used an FOI inquiry to find out that security costs of the local Board of Water & Light are running at around $2 million following a cyber-attack. The paper is still trying to find out if a ransom was paid to hackers.

Are We Prepared?

A request to 429 local authorities in the UK showed that over 50 percent of local councils will make no further investment in disaster recovery this year – and that 4 percent will decrease investment. The research also raised questions about the readiness of disaster recovery plans.

Other Cybercrime Twists

The Financial Times learned via FOI that foreign governments are asking the UK for lots of aid in fighting cyber crime.

Have an example of enterprising use of FOI/RTI laws around the world? Send us an mail.

Toby McIntosh is the editor of FreedomInfo.org, a nonprofit website based in Washington, DC, that covers international transparency laws. After 39 years at Bloomberg BNA, he semi-retired in 2014. He has filed numerous US FOI requests and has written about FOI policies worldwide. He is a steering committee member of FOIANet, an international network of FOI advocates.