Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Case Study 3 Details of the Cyberattack The centre was alerted to the possibility of an attack when a member of staff said they were
Case Study
Details of the Cyberattack
The centre was alerted to the possibility of an attack when a member of staff said they were having
problems opening a document. Upon investigation, it was discovered that all documents on the network
share had long names. Suspecting a cyberattack, the network was quickly disconnected from the
Internet. It was then discovered that all files and folders on all network shares had been encrypted.
There was a single text file in every folder acknowledging the presence of ransomware along with
instructions on payment.
The centre had a twolevel backup system in place. One was using
an external hard drive to back up all documents in personal and
network shares. The second was a magnetic tape system where the
Exchange server and all emails were backed up Unfortunately, it
was determined that the external hard drive had failed over two
months prior to the incident. This meant that the last known good
backup was days old. No alerts were issued to inform the centre
of this failure. The tape backup was unaffected. Financial and EMR
data was stored in the cloud and was unaffected.
A decision was made to contact the cyberattackers Within a matter of hours, they received a reply
asking for more details eg number of machines affected, size of the organization, server operating
systems Realizing that doing this alerted the cyberattacker of a potential victim and could also
potentially affect the size of the ransom that would be requested they immediately blocked the email
address and domain. Back to reassessing the damage, it was decided to delete all the encrypted files and
folders and fall back to the last known good backup that was done two months earlier. This decision was
made fairly quickly since the number of files generated by users in that time span was determined to be
fairly small. Within a matter of a few hours after the attack, the centre was operational again.
During the root cause analysis, it was discovered that there was a Windows server setup for remote
access with an Internetfacing external port. It appeared that this server was used by a past system
administrator for offsite administration. The current administrator was unaware of this as there was no
previous system infrastructure documentation. It was through this server that unauthorized network
access was achieved.
Insurance
The centre did reach out to their insurer who indicated that since they were not negotiating with the
cyberattackers, they would not intercede.
Costs
Costs were associated with staff time working directly on the restore for an entire day.
You have to know your
systems and architecture;
every single part of it
System Administrator
Data Security Case Study
After reading the case study, discuss the following:
Describe each case study?
What were the effects of each breach?
How could healthcare information technology and technical
safeguards aid in these situations?
What else could have been done to prevent the breaches?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started