- This topic has 16 replies, 10 voices, and was last updated 3 years, 7 months ago by Kridsada Sirichaisit.
-
AuthorPosts
-
-
2020-09-26 at 10:25 pm #22790NaphatParticipant
$185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit
Provide a brief description of the story.
Grays Harbor Community Hospital and Harbor Medical Group was hit with a ransomware attack by phishing email. The hospital and clinic were down because can not access to information system and EHR. And hackers demanded a 1-million-dollar ransom to unlocked data.
What is/are the impact of this data breach? Consequences of the data breach.
Electronics Health Records (EHR) was down and locked by ransomware and cannot recovery all data of 88,000 patients during the attack.
How did the data breach occur?
An employee clicked on a malicious link contained in a phishing email, which deployed the ransomware payload. The incident occurred over a weekend when Grays Harbor IT staff was limited.
What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The main course of the data breach is the hospital’s older software cannot prevent the ransomware and the staffs have no knowledge or training about IT security.
How could you prevent this data breach attack?
1. Computer system
– Update software and antivirus
– installing a next generation firewall
2. Staff Training
– IT security and cyber security.
– Cyber attack.
– workshop and test.
3. Backup data on server.Naphat Y.
-
2020-09-26 at 11:06 pm #22792Khaing Zin Zin HtweParticipant
Thanks for the interesting report. This is a very clear example of how clicking a single phishing email by a single employee can lead to a huge loss to the whole organization. And it would be beneficial to regularly monitor vulnerabilities in the system.
-
2020-09-28 at 2:30 am #22820Wachirawit SupasaParticipant
I think backing up data on the internal server could also be a target too since Randsomeware can encrypt the drive if it operates on the same network. I suggest that backing up to the cloud system would be more beneficial.
-
2020-09-28 at 11:21 pm #22834SaranathKeymaster
Thanks for the brief description and propose the solutions for the particular event. Recently, one hospital in Thailand just was hit by the ransomeware. It caused shut down of almost all activities in the hospital. Regularly and appropriately backing up data is another important part to recover from the ransomeware attack.
-
2020-09-29 at 11:37 pm #22869Ornpicha ThiampolParticipant
I saw this news last month and It feels close to home. Unfortunately, the hospital didn’t back up the data for a long time. So, every hospital should concern this problem.
-
-
2020-09-29 at 10:39 pm #22863Phone Suu KhaingParticipant
Thanks for the interesting case study and explanation!
It could let us understand how phishing mail and ransomware have huge impact in our daily life! All 3 preventive measures mentioned in the case study are really perfect. I might also add “Communication” in preventive measure as it could also be required in all steps. -
2020-09-30 at 4:03 am #22878Saravalee SuphakarnParticipant
Thank you for explaining the case, same case with me. I totally agree with your prevention measures. Your measure about back up data is adding more than my report and I strongly agree with it. And I think that cloud sever with the sever security may prefer.
-
2020-09-30 at 11:18 pm #22904Navinee KruahongParticipant
This case study highlight the impact of a ransomware attack. Emphasizing data security awareness among workers is a crucial step to protect the case like this.
-
2020-10-02 at 1:44 am #22908Kaung Khant TinParticipant
Thank you so much for this informative report. And I agree with your preventive measures. Anyway, what I would like to add more is that an overall administrative security measures such as adopting the security & privacy policy, governance of security risk management & response and uniform enforcement of policy & monitoring process.
-
2020-10-20 at 11:41 pm #23442Kridsada SirichaisitParticipant
I agree with you. In the backup process contain
1. Internal data backup (in server in other disk) this method cannot protect from ransomware
2. Backup remote server this method can protect data from ransomware (must dsable SMB)
3. Daily database backup with unwritable DVD this method can protect data from ransomware but data may not complete.The SMB service must close this service both windows and linux operating system to prevent ransomware
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here