This week, Health-ISAC®’s Hacking Healthcare® examines the recent cyber incident at famed British car manufacturer Jaguar Land Rover. What has unfolded in since their initial public acknowledgement of the incident in early September has provided a window into the complexities of modern supply chains and offered up an interesting test case for government support of victims of cyberattacks. Join us as we examine the incident and its effects before assessing what it could mean in the health sector context.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
PDF Version:
Text Version:
Welcome back to Hacking Healthcare®.
Jaguar Land Rover Hack Highlights Modern Supply Chain Complexities and Offers Test of Government Support
Let’s start with what happened. On September 2, JLR posted a brief statement that they had been impacted by a cyber incident.[i] They noted that while they had taken “immediate action to mitigate [the cyber incident’s] impact by proactively shutting down [their] systems” and that while they were “working at pace to restart [their] global applications in a controlled manner,” their “retail and production activities have been severely disrupted.”[ii] Over the next few weeks, several official follow-up posts reiterated JLR’s commitment to recovering in a “controlled and safe manner” while informing customers and suppliers that the scope of the incident was wider than initially believed. As JLR’s public estimates on when they would restart production continued to slip, problems began to mount.
Supply Chain Harms
News reports estimate that JLR employs around 30,000 individuals directly and that their supply chain, which includes around 700 firms, is estimated to account for another 100,000-120,000 individuals.[iii][iv] With JLR not able to produce cars for weeks, purchases from suppliers, some of which only produce for JLR, were halted. This extended production delay has not only caused JLR an estimated minimum of $4.7 billion in damages, but it has suddenly put a long tail of suppliers in jeopardy.[v]
Many of these suppliers rely heavily on JLR’s procurement of their products and were ill-prepared to absorb the shock of a long delay. The trade union Unite the Union highlighted the issue as early as September 17, claiming that “workers throughout the JLR supply chain are being laid off with reduced or zero pay, with some being advised to sign up for universal credit.”[vi] The BBC reiterated these concerns nine days later with a report that some suppliers claimed to have only 7-10 days’ worth of money left.[vii]
The Government Steps In
Business and Trade Secretary Peter Kyle is quoted as saying “this cyber-attack was not only an assault on an iconic British brand, but on our world-leading automotive sector and the men and women whose livelihoods depend on it.” As a result, on September 28th, the Department for Business and Trade published a notice that it would back JLR with a £1.5 billion loan guarantee “to give certainty to its supply chain.”[viii]
The BBC reports that it is “believed to be the first time that a company has received government help as a result of a cyber-attack.”[ix] While potentially unprecedented, it is worth acknowledging that JLR is a major industry for the UK and is reported to have “[accounted] for roughly 4% of all goods exports last year.”[x]
Current Status
As of its last update on October 7, some manufacturing operations were estimated to restart on October 8, with others to follow at an as of yet undetermined time. With regard to its suppliers, the most recent update says “JLR is now fast‑tracking a new financing scheme that will provide qualifying JLR suppliers with cash‑up‑front during the production restart phase.”[xi] JLR alludes to steps it took to “prudently bolster its liquidity” as underpinning the new payment scheme.[xii]
Action & Analysis
**Included with Health-ISAC Membership**
[i] https://media.jaguarlandrover.com/news/2025/09/statement-cyber-incident
[ii] https://media.jaguarlandrover.com/news/2025/09/statement-cyber-incident
[iii] https://www.bbc.com/news/articles/cgl15ykerlro
[vii] https://www.bbc.com/news/articles/c62zwz0k5dgo
[ix] The context of this assertion is unclear but likely refers to the first time by the UK government. https://www.bbc.com/news/articles/cgl15ykerlro
[x] https://therecord.media/jaguar-land-rover-loan-guarantor-cyberattack
[xv] https://cyberplace.social/@GossiTheDog/115271569623285037
[xvi] https://healthsectorcouncil.org/SMART-Toolkit/
