Healthcare Network Free Essay Example

To install StudyMoose App tap and then “Add to Home Screen”

The Scenario

One of Acme Healthcare’s lab workers received an email. The email states the password of the user will expire and required immediate action with Instructions for renewing the credentials to log into the healthcare portal (acme-healthcare.ca/renew). The employee in the laboratory is diverted to the fake page, which is exactly the same as the actual renewal page required new and current passwords in order to move forward.

Don't use plagiarized sources. Get your custom essay on

“ Healthcare Network ”

Get custom paper

NEW! smart matching with writer

The attacker gets the original credentials, to access online secure areas in the network of Acme Healthcare laboratories and the lab employee is sent to the actual renewal page for password. However, a malicious script triggers the user’s session cookie in the background. This refers to an XSS attack, enabling attacker to access a restricted area in the network.

Over the long weekend, the real attack started, while most workers of Acme Healthcare are on holidays. On the following morning, the IT admin found that the network monitor was showing alert warnings and logs were also generated. Incident Response Plan (Review) When an organization is designing the first Incident response strategy or expanding on current skills, a consistent response framework would help create a culture of constant improvement and continual vigilance. Powerful cybersecurity Incident response plan starts before an incident and continues even after fully recovered regular operations. The following measures are distinct and critical aspects of Incident response decision-making, which are meant to shape a feedback cycle.

Preparation

Perform a systematic approach to a large spectrum of risks. IR teams will be developing and managing an advanced forensic toolkit to prepare. An organization will also decide which employees should handle a situation internally, determine responsibilities and educate workers. This should be the duty of this team to reboot critical functions, restore processes and remove vulnerabilities after an accident. Identification The cyber-attack is currently being detected. An initial warning can arrive in the form of an organizational abnormality, or as malware. IR team are especially critical in helping to differentiate between anomalies in the protection and the process control system. An investigation playbook will help evaluate, triage, and trigger respondents in determining the effect and defining the next measures that are necessary.

Contamination

Ensuring the incident will not do any more harm. The primary goal is to secure the information and resources, sustain quality and above all insure that activities do not further compromise the PHI data or resources. Containment can be challenging, utilities may identify an attack vector and decide whether a built-in, passive forensic method can be used to eliminate malware from networks or prevent unnecessary transfers of data. Eradication In the case of challenges of restoration, the forensics department will ensure that critical functions are ensured. Methods can range from system patching or rebuilding to the complete restoring of systems. The team will keep evidence from employee mapping to the full collection of systems and network. Recovery A recovery plan phase is established in order to restore full organization critical functions. This needs first of all a concentration on restoring critical systems and having a plan for recovery. Lesson Learned The lessons learned method is an ongoing procedure that seeks to monitor not just the immediate impact but also the increased protection of a network and database in the long term. This may include an enhanced security management system and the implementation of a IDS/Firewall, and other security systems, as well as enhancing the capability of an organization for monitoring. Including staff, vendors, authorities and the security community in this response system.