Medstar Health Ransomware Research Assignment Paper

Medstar Health Ransomware
Name
Course
Institution/Affiliation
Date
Medstar Health Ransomware
Mission
Medstar’s mission is to serve patients, those who care for them, and their communities (Medstar Health 2016). The hospital believes in providing the highest quality of medical care and developing long-term relationships with the patients.
How it was targeted
A ransomware attack on Medstar Health computer systems forced the hospital to shut down its computer systems. The malware blocked access to the health records of the patient which forced the hospital to turn most of the patients away. According to Healthcare IT News 2016, a message would pop up demanding a 45 Bitcoin (about $19000) payment in exchange for a key that would allow the system to unlock.
Possible culture effects that influenced the threat
Medstar Health did not prepare in advance for such an attack where they can lose everything. The organization did not have a plan for a total system outage and had not rehearsed for such an attack. As a result, the workers were caught off guard by the attack. The organization also lacked leadership in the prevention of such an attack. They had not put up measures to prevent their data from access to third parties. It is possible that the system had been left vulnerable because of a failure to update server software with the available patches. Also, the hospital might have ignored earlier warning about the vulnerability of their system. Gallagher 2016 states that Red Hat had issued a security advisory in 2007 and 2010 concerning the vulnerability and the hospital did not take action. Although the management denied the claims, it could be one of the major contributors to the issue.
Related requirements
HIPPA mandates that all hospitals protect the privacy of patient information by ensuring that patient’s data is secure (Taylor 2015). The act requires that if breaches occur, the hospital should have response plans in place and inform the patients of the incident.
Possible liability issues
The ransomware could have caused the hospital to pay the criminals in exchange for the data. It is not a guarantee that the attackers will keep their promise and give the decryption key. In some instances, criminals have been given ransom only to fail to provide the key leading to loss of both data and money. Additionally, paying them encourages the activities, and they may decide to attack in future for a bigger ransom. The money also helps the attackers to develop more advanced versions of the malware.
The organization risked losing patient’s data. Medical data is vital for the treatment of the patients and loss of the data could have caused devastating effects on the patients such as the wrong prescription due to unavailability of the medical history of a patient. The loss of data also meant that the hospital could not operate as usual. Unlike other entities, hospitals need their IT networks to run ...