Hospital ransomware attack
Hospital Ransomware Attack
Medical care and health care are the two pillars of society we live in. It is essential for every human being from a fetus to an old age person lying on the bed, every person needs some kind of medical help, and this is where Hospitals come into picture. Hospitals and health system are having a dramatic change in the business models because of many factors. With the pandemic threat several forces are expected to turn the industry eventually on its head. With artificial intelligence the hospitals are turning to E-clinic for providing patients with treatments that are not serious.
All the hospital data and patients’ records are stored in cloud nowadays. With E-clinics that data has increased more. Rapid adoption of electronic health records (EHRs) has fundamentally changed the way health care organizations and clinicians care for patients, manage the hospital, account for health care quality, and bill for their services (Sittig & Singh, 2016). Our organization is a large chain of hospitals with thousands of patients getting treated everyday. Our organization has just been ransomware attacked and it has affected around 320000 patients record. Ransomware refers to a type of malware used by attackers that first encrypts files and then attempts to extort money in return for the key to unlock the files by demanding a “ransom” (Bridges, 2008). Prior to 2016 healthcare sector was not targeted by them, However, what has been noticed is hospitals have become an easy target for them. The ransomware incident has taken the network offline and non-emergency patients are not being treated due to lack of EHRs. There have been other such incidents and has given my organization a bad name.
From the 3 cases we are presented to choose I find this case to be very challenging. Being in the IT field we deal with many kinds of issues. But protecting organizational data from ransomware is a very sensitive and serious issue. Here the electronic records are at stake. One small mistake and the organization will cause permanent damage to its reputation. What I see is the organization has been in the bad spotlight even before the incident. So the problem doesn’t end just with providing a disaster recovery plan but a subtle approach must be taken to find the security system loop holes.
Based on the assumption that the trojan or virus is already in the system we need to use a methodology and framework based on that. In the current ransomware attack I would like to use Digital Forensic Readiness Framework (DFR). Digital Forensic Readiness (DFR) is the ability of an organization to maximize its potential to use digital evidence whilst minimizing the costs of an investigation (Ikusan & Ventar,2017). We can say that DFR is a process which can capture digital forensic information from the system prior to the incident occurred and compare with the new information that is currently available. DFR can be used to strengthen the security of the organization and prevent from known threats.
The advantage of DFR is that we can perform analysis and potentially locate keys within the memory. Due to lack of evidence before the incident occurrence, digital forensic readiness framework will provide a mechanism that will securely collect and preserve potential digital evidence. The proposed DFR framework will define a secure communication, potential evidence and process of decrypting key. By applying this framework what it does is it produces real time potential evidence rather for waiting to do the late sweep after the incident is already done. The big advantage with this framework is it provides a mechanism to explain in a better way how the ransomware happens. Applying DFR we can be able to minimize the risk and legal cost will significantly decrease.
Reference:
Sittig, D., & Singh, H. (2016, June 29). A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks. Retrieved September 06, 2020, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4941865/
Becker, S. A. D. J. L. D. (n.d.). 50 Things to Know About the Hospital Industry: 50 things to know about the hospital industry and health systems. Health System. https://www.beckershospitalreview.com/hospital-management-administration/50-things-to-know-about-the-hospital-industry.html
Abrams, K. (2020, July 30). Healthcare vs Medical Care: Knowing the Difference is Powerful. Patient Best. https://patientbest.com/healthcare-vs-medical-care-knowing-the-difference-is-powerful/
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2020). Evaluation of live forensic techniques in ransomware attack mitigation. Forensic Science International: Digital Investigation, 33, 300979. https://doi.org/10.1016/j.fsidi.2020.300979
Ikuesan, A. R., & Venter, H. S. (2019). Digital behavioral-fingerprint for user attribution in digital forensics: Are we there yet? Digital Investigation, 30, 73–89. https://doi.org/10.1016/j.diin.2019.07.003
Vaughan-Nichols, S. J. (2017, January 9). Today’s most popular operating systems. ZDNet. https://www.zdnet.com/article/todays-most-popular-operating-systems/