Every meaningful attack targets one or more elements of the CIA Triad. DAD is the adversarial mirror — mapping attacks directly to what they compromise.
Only authorized parties access the data.
Data is accurate and unmodified.
Systems accessible when needed.
Unauthorized exposure of sensitive data to unintended parties.
Unauthorized modification of data — records, transactions, config.
Making systems or data unavailable to legitimate users.
An attacker exfiltrates patient medical records and dumps them publicly online. The healthcare provider faces legal liability, compliance violations, and loss of patient trust — all from a single disclosure event.
An attacker modifies patient records — changing medications, allergies, or diagnoses. The next clinician who reads those records may administer the wrong treatment. This alteration attack can be life-threatening.
A fully paperless medical facility is hit with ransomware. EHR systems go offline. Staff cannot access any patient history. The entire facility stalls — appointments cancelled, care degraded, safety at risk.