# IRP Tabletop Scenario Brief — 02 May 2026

**Exercise:** Lumen.health Annual IRP Tabletop 2026
**Scenario:** SC-A1 — Cross-tenant LLM leak via retrieval-augmented generation
**Date:** 02 May 2026, 14:00–16:30 BST (2.5 hours)
**Facilitator:** Resilient Risk Ltd — Tomáš Novák, ex-NCSC IR consultant
**Coordinator (Lumen):** Aisha Khan, CISO
**ISO control:** A.5.24, A.5.25, A.5.26, A.5.27 (information security incident management)
**Gap closure:** EG-018 (annual IR tabletop cadence)

---

## Participants (8)

| Role | Name | Function in this scenario |
|---|---|---|
| Incident Commander (IC) | Aisha Khan (CISO) | Owns IC role for the duration |
| Communications Lead | Daniel Foley (CEO) | Customer + regulator comms |
| Technical Lead | Marco Esposito (CTO) | Engineering response coordination |
| Compliance / Privacy | Anne Verwoerd (DPO) | GDPR breach assessment |
| AI Governance | Lukas Berg (AI Gov Owner) | LLM-specific incident assessment |
| Customer Ops | Sarah Kim (Head of Customer Ops) | Customer notification pathway |
| Legal | external — Maytlin LLP standing-in | Legal counsel |
| Observer | Jürgen-equivalent — Internal Audit | Records lessons learned |

## Scenario timeline (read at start)

**Time 0 (T=0)** — A customer (Org-Lambda) reports via support ticket that their clinical advisor used the AI-powered patient-summary feature and saw what appears to be **another organization's patient data** ("a name I don't recognise, plus PHI") embedded in the response.

**Customer also screenshots the response.** Screenshot timestamps confirm the response was generated 11 minutes earlier.

**T+15 min** — A second customer (Org-Sigma) submits a similar ticket. Same feature, different (third) organization's PHI surfaced.

**T+30 min** — Lumen's SOC dashboard shows no security alert. The RAG-retrieval audit log shows both requests went through the standard retrieval pipeline; no anomalous queries.

**T+45 min** — Engineering on-call detects an anomaly: the tenant-scoping clause in the RAG vector retriever was bypassed by a subtle change in yesterday's deploy (PR #12,847, deployed 16 h ago). Retriever was returning top-k vectors **across all tenants** instead of within-tenant.

**T+1 h** — Estimated blast radius (initial assumption): up to 23 tenants potentially exposed; up to 412 patient records may have been cross-leaked in retrieval payloads to one or more clinical advisors.

## Decision points

The IC will guide the team through these decision points. Tomáš (facilitator) will not lead; he observes and times.

1. **DP-1 (T+0 → T+15)** — Triage severity. Is this confirmed P0 (regulator-notifiable breach), P1 (severe but not breach), or P2 (operational issue)?
2. **DP-2 (T+15 → T+45)** — Containment. Disable RAG feature in production? Rollback the last deploy? Both? At what cost to non-affected customers?
3. **DP-3 (T+45 → T+90)** — Notification — customers, regulators (GDPR + national CERT), board.
4. **DP-4 (T+90 → T+120)** — Recovery + RCA. Re-enable RAG with patch verified? Continuous re-test plan?
5. **DP-5 (T+120 → close)** — Lessons learned. What changes to RAG deploy gate, audit logging, retrieval-test coverage?

## Success criteria

The IC team passes if it:

- ✓ Confirms P0 severity within 30 min of T=0.
- ✓ Achieves containment (RAG disabled) within 60 min.
- ✓ Drafts GDPR breach notification within 2 hours (72-hour clock starts at T=0).
- ✓ Drafts customer notification within 3 hours.
- ✓ Maintains a complete contemporaneous log of decisions for audit.
- ✓ Captures 5+ actionable lessons learned, with owners + due dates.

## Pre-distribution to participants

Each participant receives this brief 24 h before the exercise. Tomáš will distribute additional injects (pre-written news items, regulator emails, customer escalations) during the exercise to test the team's pace.

## Reference materials (in the live exercise war-room)

- Lumen.health IR Procedure v3 (current, dated 12 Feb 2026)
- GDPR breach-notification template (current, dated 22 Jan 2026)
- Customer-notification template (current, dated 14 Feb 2026)
- LLM-specific incident playbook (draft, dated 18 Apr 2026)
- RAG retrieval audit-log query templates

## Post-exercise

- Tomáš files an Exercise Record document within 5 working days (lessons learned + score against the six success criteria).
- Lumen.health uploads the record to Vanta evidence locker `evidence/iso-yearly-review/2026/irp-tabletop-sc-a1/`.
- Findings → action items → tracked in the annual review's findings register.
- Cross-reference: success criteria align with ISO 27001 Annex A.5.24, A.5.25, A.5.26, A.5.27.

---

**Issued by:** Aisha Khan, CISO, Lumen.health
**Endorsed by:** Daniel Foley, CEO + Executive Sponsor
**Date:** 28 Apr 2026