A hospital's electronic health record system goes offline for four hours during a ransomware incident, blocking clinicians from reading patient charts. Which pillar of the CIA triad is most directly impacted by this outage?
- AAvailability, because authorised users were unable to access the data when needed. Correct
- BConfidentiality, because clinicians could not see records they are authorised to view.
- CIntegrity, because the records could not be trusted to be accurate during the outage.
- DNon-repudiation, because the source of the records could not be verified during the outage.
Why A is correct: Availability is the assurance that authorised users can reach systems and data when required. A four-hour outage that blocks clinical access is the textbook impact on availability.
Why B is wrong: Confidentiality concerns unauthorised disclosure, not denial of access to authorised users. The incident may also affect confidentiality if data was exfiltrated, but the four-hour read outage described is fundamentally an availability problem, so this is the wrong best fit.
Why C is wrong: Integrity concerns unauthorised modification or corruption of data. The scenario describes inability to reach the records, not altered content, so integrity is a tempting but incorrect choice.
Why D is wrong: Non-repudiation prevents a party from denying an action they performed and is usually achieved through digital signatures and logging. It is not the pillar harmed by a system being offline, so this option is incorrect.