Published: 12 July 2022
Liability Case Study: Vet Clinic Cyber Attack
Case study from Delta Insurance New Zealand
A recent cyber-attack on a veterinary clinic, which was the subject of a Delta cyber-insurance claim relating to technology failure, raises some interesting lessons.
The attack, thought to be out of China, involved encryption of the clinic’s files – both financial and relating to the clinic’s animal patients – and a ransom demand. The main issue with the attack arose over the failure of the clinic’s IT system to back-up the files; the files were meant to be backed-up to two separate hard-drives, but one had been corrupted 12 months before the attack and not repaired in the interim, while the second hard drive was also encrypted by the attackers’ malware.
Unavailability of the animal records was potentially disastrous; lack of that information could lead to animals dying, leading to a significant impact on the clinics’ reputation and ability to service and retain their clients.
The insured party was responsible for the clinic’s IT system and while backups were the clinic’s responsibility, the insured party was contracted to monitor the backups. Technical liability for any losses incurred through the attack were thus shared.
Expert investigation of the attack to attempt to recover the files was unsuccessful and the only recourse in the end was to pay the ransom, which was negotiated down to $4000 – and paid by the insured party. The ransom cost was reimbursed by the insurance, which in addition met the investigation and rectification costs of the attack.