In this project, I described my experience doing a thorough analysis of a healthcare organization that was attacked by an unethical Hacker. My goal is to provide detailed notes using the 5 W's of an incident (Who, What, When, Where, and Why) and explain remediation tactics for how this incident could have been prevented.
A small U.S. health care clinic specializing in delivering primary-care services experienced a security incident on a Tuesday morning, at approximately 9:00 a.m. Several employees reported that they were unable to use their computers to access files like medical records. Business operations shut down because employees were unable to access the files and software needed to do their job. Additionally, employees also reported that a ransom note was displayed on their computers. The ransom note stated that all the company's files were encrypted by an organized group of unethical hackers who are known to target organizations in healthcare and transportation industries. In exchange for restoring access to the encrypted files, the ransom note demanded a large sum of money in exchange for the decryption key.The attackers were able to gain access to the company's network by using targeted phishing emails, which were sent to several employees of the company. The phishing emails contained a malicious attachment that installed malware on the employee's computer once it was downloaded.
Once the attackers gained access, they deployed their ransomware, which encrypted critical files. The company was unable to access critical patient data, causing major disruptions in their business operations. The company was forced to shut down its computer systems and contact several organizations to report the incident and receive technical assistance.
| Date: July 15, 2023 | Entry #1 |
|---|---|
| Description | Documenting a cyber security incident |
| Tool(s) used | None |
| The 5 W's | Capture the 5 W's of an incident: 1.) Who caused the incident? An organized group of unethical hackers. 2.) What happened? A ransomware security incident 3.) When did the incident occur? The incident occurred at 9:00 a.m. Tuesday morning. 4.) Where did the incident happen? It took place in the U.S. Health Care Clinic Center. 5.) Why did the incident happen? The unethical hackers wanted to target either the transportation or healthcare industries because of the amount of revenue they have. This was the attacker's mindset so that they could get a large sum of money. They achieve this attack by using a phishing email that contained a malicious ransomware code that an employee clicked and downloaded the file. |
| Additional Notes | 1.) Why did these unethical hackers only want to target the healthcare or transportation industry? 2.) What reason did they need to require a large amount of money? 3.) What can the health care professionals do to prevent this attack? |
| Reflections/Notes: Record additional notes. | This attack could have been prevented through various techniques. One, healthcare employees should have been informed about social engineering attacks and how they can prevent themselves from being manipulated by suspicious emails or any other attack. Another strategy that the healthcare employees could have prevented the attack was to have anti-virus software installed on their computers so that it can delete the malicious file before it can expose its action. A last strategy I would recommend to prevent this attack is to have a security professional take a look at a file before clicking on it. This can give an Security professional to verify if the file is malicious and they can take note of that to send it to the security managers about that attack. |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent