Case Study: When Hackers Turn to Blackmail
The introduction of Sunnylake hospital case
The use of information technology in business presents major security challenges, poses serious ethical question, and affects society in significant ways. Especially, the computer crime is a growing threat to society and is caused by the criminal or irresponsible actions of individuals who are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks. It presents a major challenge to the integrity, safety, and survival of most business systems.
Once Sunnylake Hospital was a backwater community care centre, while Paul, the CEO of Sunnylake had come to the hospital five years earlier, the situation of Sunnylake Hospital changed. Because he introduced cutting-edge technology to the small hospital. Paul was convinced that Sunnylake could grow only if it shook off outdated habits and procedures, and that switching from paper records to electronic medical records (EMRs) would improve the quality of care for the hospital’s patients. After a careful search Paul had hired an earnest young man named Jacob Dale to be Sunnylake’s director of IT, and the two had worked to execute his vision.The success of the EMR initiative had transformed the hospital to a a role model for small hospitals everywhere. One day Paul received an illiterate extortion e-mail from an unknown sender, but he did not realize the implied threat in the e-mail. He had great faith in Jacob and the IT system. While after Paul received another e-mail from the same sender, the dangers came out. Sunnylake had no way of delivering records to doctors. The hospital was about to come to a standstill. Meanwhile the third e-mail arrived, Paul and Jacob knew that this is some kind of system-wide ransom ware, Now Paul had to face to a difficult choice, to give $100,000 or not. This is not just a question of money anymore. They have human lives at stake. Jacob said to Paul“ if we pay once, we’ll be a target forever. Don’t do it. It’s not right. My people are fighting this with everything we’ve got and we can regain control of the system. Just give me some more time.” Whereas Lisa Mankins, Sunnylake’s head legal counsel hold the opposite opinion. She said to Paul “Our legal exposure in this kind of situation is mind-boggling, The longer this goes on, the bigger the risk. Literally every second is a liability.”Lisa thought that they should an acceptable-loss budget for this urgent thing and have insurance that covers IT risk and the money to pay these guys. She said the longer they waited, the more they risk seriously hurting their patients and themselves. Now Paul knew that unless he could resolve this crisis quickly, he would lose all the ground That how hard he’d had to fight to get the system installed and accepted. If he paid the hackers – just this once – Sunnylake could make security the number one priority and ensure that nothing like this ever happened again. Paul rolled over.Was he actually considering paying extortion money to these criminals?
How should Sunnylake deal with the attack?
Synthesising three experts’ viewpoints and my suggestion, there are four parts that Sunnylake Hospital can adopt.
2.1 Hiring an negotiator to open a dialogue with the hackers Sunnylake Hospital should pay the ransom demanded by the extortionist. Because this may be the best way that Paul Layman can protect the patients of Sunnylake Hospital and avoid large liability risk.
In Sunnylake’s case the most vital thing should be to hire a good , emotionally neutral negotiator who can open a dialogue with the hackers and keep them involved in conversation, so that they wil not be to do even more harmful things. As the process moves forward, the negotiator can pass information between the two sides, while Jacob Dale’s IT team works on getting the system running and then beefs up the security and emergency plans it should have had in the first...
Please join StudyMode to read the full document