MEMBERS:

SUHAIB BIN MOHD TARMIZI 2014799135NURUL AIN AHMAD PAJAR 2014152285NORAMINAH BINTI ISMAIL 2014904331

WHEN HACKERS TURN TO BLACKMAIL. COMPANY : SUNNYLAKE HOSPITAL

MIS750 DR. LENNORA PUTIT

QUESTION 1How should Sunnylake deal

with the attack?

OPTION 1: PAY THE RANSOM Case of Sunnylake is very complicated where people have to take

uncertain decisions rationally. Decisions can be risky and consequences may not appear as expected and that sometimes become matter of luck.

This clearly shows that the hospital needs the information instantly and they cannot wait any longer. And, if they wait for Jacob to solve the problem and anything goes wrong with the patient, the hospital may have to pay thousands of dollars as compensation to the patients and for legal procedures. Therefore, it would be wise to pay the hackers and get access to the system.

Once they get access to the system, they can instantly make a backup of the records or they can print. Then they can isolate their Intranet from the Internet. Then, they can go for other options, like calling police, or making another systems, making security policies, etc

STEPS TO BE TAKEN

OPTION 2: RESTORE THE IT SYSTEM

OPTION 2: RESTORE THE IT SYSTEM

OPTION 2: RESTORE THE IT SYSTEM

QUESTION 2How could Sunnylake avoid these

kinds of incidents in the future?

– Security plans for the future include, implementation of strict security policies, installation of network based infection detection system, limited access to the users, blocking potentially dangerous ports and websites, email filtration, isolating the intranet from the Internet, upgrading the system with trained IT security professionals and training the staffs.

– Information security should be included in staff agreements, so that no one can be careless about executing bugged software. User validation, restriction, and security awareness can greatly reduce IS misuse and promote security environment.

– A strong firewall system is required to be built to secure the data from infiltration. As welcome to know from the case that though the IT department was able to restore the system it was being hacked again, which implies the absence of a strong firewall system.

– A physical back up of sensitive data such as detail study and past records of the patients, their medical background should be kept in hard copies and also in flash drives, so if emergency occurs that will not affect the day to day operations of the hospital to a great extent.

Effective immediate action to deal with hacking

Make full use of anti-spam technology and strictly implementation

– For Sunnylake hospital, it is wise to enhance their security awareness, the maximum extent possible to avoid the disclosure of e-mail address. However, as a hospital, it is impossible not to publish their e-mail address. Thus, in the face of frequent spam attacks, it is generally supposed that more still have to rely on mail service providers, anti-spam technology.

– Sunnylake can choose a variety of techniques - from anti-virus package to a dedicated network security hardware (such as firewalls and intrusion detection systems), to all sectors of the network to provide protection.

– Sunnylake also needs to employ a professional network securityconsultants to help companies design appropriate for network security solutions, or toensure that existing solutions, timely and safety.

Avoid the workers’ negligence

– Strengthen the workers’ security recognition, including the doctors, nurses especially the workers in the sector of IT. Jacob Dale, the director of IT department of Sunnylake needs to implement network security training in the whole hospital.

– Training of the staffs is also required as most of them were from traditional background and had little knowledge about IT. Some of the security basics like never leave the systems unlocked, enforcing strong password policy, changing password every 45 days, remove admin rights so that the staff cannot install software, Implement policy to block vulnerable sites.

THANK YOU