The first Law Update of 2024 is here, and our first focus of the year spotlights Healthcare and Lifesciences, a sector that is undergoing significant growth and development across the MENA region.
Our focus provides an insight into some of the most important regulatory updates across the region, such as the UAE’s groundbreaking law on the use of human genome, Kuwait’s resolution on nuclear and radioactive materials, the new regulations for healthcare services in Qatar, Egypt’s healthcare regulatory framework, and the impact of the Saudi Civil Transactions Law on the healthcare and life sciences sector … and there is so much more!
Beyond the healthcare pages our lawyers share with you multi-sector insights where you will discover articles on Dubai’s DIFC regulatory framework for startups, Bahrain’s commercial agencies law, and we also shed light on Kuwaiti civil code and the advantages of setting up a joint stock company in Saudi Arabia.Read the full edition
Haroun Khwaja - Senior Counsel - Digital & Data
June – July 2017
Today, it is not unheard of for commercial and industrial companies to come under the same level of sophisticated attack that was once reserved for states. The increasing use and reliance on technology and the proliferation of new technological devices have made us more vulnerable now than ever before. To make matters worse, sophisticated crime syndicates are using encryption to hide their activity. Consequently, any company, government entity, non-profit organisation, or individual that uses computer systems or the Internet is susceptible to a cyber attack. The drivers for these crimes are varied and include extortion, commercial sabotage, hacktivism, cyber spying, cyber terrorism, and cyber warfare. There is particular concern about the vulnerability of the healthcare sectors in many countries as they process vast amounts of sensitive personal data.
Attacks in the Middle East
The Middle East has long been a target for various types of cyber attacks.
The Shamoon attack on oil giant Saudi Aramco in 2012, described by former US defence secretary Leon Panetta as the most destructive cyber attack on a private business then seen to date, is believed by US officials to have been the work of hackers working on behalf of the Iranian government. In that attack, the virus crippled 35,000 computers at Saudi Aramco within hours by overwriting the master boot record and rendering their computers inoperable. Earlier this year, the Saudi government warned organisations in the Kingdom to be on the alert for variants of the Shamoon virus, following attacks on various ministries and government agencies. Given the continued conflicts in the region, such attacks are expected to increase.
At the time of writing, the WannaCry ransomware hack has indiscriminately hit 200,000 targets in at least 150 countries. Ransomware is a type of malicious software that blocks access to a computer system until a sum of money is paid. According to Symantec, Saudi Arabia is the most targeted country for ransomware attacks in the Middle East and Africa region, followed by the UAE.
Potential losses resulting from cyber attacks
The frequency and severity of cyber attacks increases year-on-year, and it is now imperative that organisations take a proactive strategy to manage them. Such strategies need to be targeted to ensure:
Protecting against, and recovering from, cyber attacks
A multi-pronged approach should be taken to deal with this threat in a way that covers all bases, including:
Customers should review their existing IT contracts to ensure they contain sufficient obligations on the technology vendor or IT service provider to comply with the measures above. Where the contract does not address these issues, the customer should seek to raise these concerns with vendors and service providers with a view to having terms amended to address these types of essential concerns.
Organisations can no longer afford to ignore cyber security threats and must put in place systems and processes to defend against and recover from cyber attacks. The recent global Wannacry ransomware hacks are a clear reminder of this. Financial institutions, healthcare providers, government agencies, airlines and online businesses are particularly vulnerable and should undertake an internal review to identify and address any weaknesses.