Accessibility Settings

color options

monochrome muted color dark

reading tools

isolation ruler



FOIA This! Using FOIA to Report on Ransomware

Ransomware is huge news because of the WannaCry cyber-attack which recently hit institutions in some 150 countries.

Even before it happened, requests for government information had revealed computer security vulnerabilities. But in the aftermath of the latest attack, there are opportunities to use national freedom of information laws to develop news stories.

The early warning about vulnerabilities came via an FOI request in the UK by Motherboard. Back in September 2016, reporter Joseph Cox noted that, “Hospitals across England are running thousands of out-of-date Windows XP machines, potentially putting patient data and other sensitive information at risk.”

Post attack, here are a few suggestions for promising FOI requests in this area:

How Many Attacks?

By asking a basic question, the Netherlands-based NL Times learned that two Dutch government institutions and a company in the energy sector were infected with ransomware. The NL Times’ Janene Pieters wrote about the information obtained from the National Cyber Security Center by applying FOI.

An FOI request in the UK by SentinelOne, a security firm, found that Imperial College Healthcare in London was hit with ransomware 19 times over 12 months, according to an article in InfoSecurity magazine. The article also also noted that 30 percent of National Health Service Trusts have suffered a ransomware attack. According to an April 2017 article in InfoSecurity, Duo Security found that 70 percent of UK universities have fallen victim to phishing attacks.

What’s the Cost?

Eric Lacy and Steven R. Reed, from Michigan’s Lansing State Journal, used an FOI inquiry to find out that security costs of the local Board of Water & Light are running at around $2 million following a cyber-attack. The paper is still trying to find out if a ransom was paid to hackers.

Are We Prepared?

A request to 429 local authorities in the UK showed that over 50 percent of local councils will make no further investment in disaster recovery this year – and that 4 percent will decrease investment. The research also raised questions about the readiness of disaster recovery plans.

Other Cybercrime Twists

The Financial Times learned via FOI that foreign governments are asking the UK for lots of aid in fighting cyber crime.

Have an example of enterprising use of FOI/RTI laws around the world? Send us an mail.

Toby McIntosh is the editor of, a nonprofit website based in Washington, DC, that covers international transparency laws. After 39 years at Bloomberg BNA, he semi-retired in 2014. He has filed numerous US FOI requests and has written about FOI policies worldwide. He is a steering committee member of FOIANet, an international network of FOI advocates.

Republish our articles for free, online or in print, under a Creative Commons license.

Republish this article

Material from GIJN’s website is generally available for republication under a Creative Commons Attribution-NonCommercial 4.0 International license. Images usually are published under a different license, so we advise you to use alternatives or contact us regarding permission. Here are our full terms for republication. You must credit the author, link to the original story, and name GIJN as the first publisher. For any queries or to send us a courtesy republication note, write to

Read Next

Case Studies

Governments Delay Access to Information Due to COVID-19

Governments around the world, some which have sent workers home, are announcing interruptions in responding to freedom of information requests. Journalists are being told to expect delays in more than a dozen countries. But press freedom advocates warn that countries are taking big steps backward just when the free flow of information is most needed. GIJN’s Toby McIntosh rounds up some of the nations which have been affected.

Case Studies

FOIA This! — Requests Uncover Green News

Freedom of information requests have fueled recent environmental stories around the world. GIJN’s Resource Center director, Toby McIntosh, put together a round-up of a few that might stimulate your investigative thinking.

Case Studies

How They Did It: Reuters’ Database of Taser Deaths

A team of Reuters reporters, editors and data analysts reviewed the results of hundreds of autopsies and filed hundreds of public records requests involving deaths by Taser in the US. The result? Not only did the investigation catalogue 1,005 deaths, but it ended up building the most comprehensive database ever on Taser-related deaths.