Reference no: EM133396193
Case Study: Background: A general medical and surgical hospital that originally opened in 1924 as Hollywood Hospital. It later became known as Queen of Angels-Hollywood Presbyterian when two hospitals merged in 1998. It was sold to South Korean CHC Medical Group in 2004 and currently has 424 beds and more than 500 doctors who saw 16,175 patients, according to data from the latest year available.
How it Happened: According to Wired Magazine, the computer system was hit by a ransomware virus called Locky, which locks users out and won't send a decrypting key unless a ransom is paid. Since the President and CEO Allen Stefanek stated that the attack was random and Symantec says Locky is spread usually via a malicious Word document disguised as an invoice, it's very likely the attack occurred because an employee mistakenly clicked on an email attachment that was actually a phishing scam.
While who sent it, and who opened it wasn't reported when the email was sent, on February 5, 2016 some members of the staff at Hollywood Presbyterian reported to their supervisors that they were unable to access the network. In order for the hospital to regain access, the ransomware demanded 40 Bitcoin (approximately $17,000).
Immediately, an internal emergency was declared and the computer system taken offline. Some departments, including Radiation Oncology were told not to turn on their computers at all. Doctors told reporters they were unable to access patient's medical histories and could not share x-rays, CT scans, and other medical tests. Some patients were diverted to nearby hospitals, and staff had to resort to doing patient admissions and other record-keeping by pen and paper.
The Locky screen of death. Photo: Palo Alto Networks
NBC4 first reported the breach on February 12, 2016, and stated that both the LAPD and FBI had begun an investigation. However, the LA Times stated in a later report that law enforcement wasn't notified about the breach until after the hospital had already paid the ransom. According to Hollywood Presbyterian Medical Center's official statement, all services were restored on February 15, ten days after the attack.
"All systems currently in use were cleared of the malware and thoroughly tested. We continue to work with our team of experts to understand more about this event," Stefanek said in the statement.
Aftermath: No further breaches of Hollywood Presbyterian Medical Center have been reported and things appear to have gone back to "normal." IT experts have concluded that Hollywood Presbyterian Medical Center did not have any backup data available and, due to the widespread infection of their system, likely had a very weak security infrastructure. The hospital has kept mum as to its plans for security and education.
Hollywood Presbyterian Medical Center has middling-to-negative reviews on Google and Yelp, although none seem to be related to the ransomware attack. Administrative decisions have got them in trouble before: in 2007, they paid a million dollar fine for admitting to dumping patients on Skid Row.
The successful attack and lucrative payout has likely emboldened the criminals, who have not yet been identified or caught, to continue their terrorism of hospitals. Indeed, Palo Alto Networks observed nearly half a million unique sessions of Locky shortly after the Hollywood Presbyterian attack; Symantec stated it had already destroyed 5 million emails containing the virus by February 17.
Question: Using what you have read in the text and other sources throughout the course, what steps would you take to prevent a similar attack and/or limit its damage and disruption? You may do some outside research during the exam if you wish. For full credit, your answer should include at least THREE preventative or limiting measures.