Savijano1
commented
9 months ago Journal Entry
Date: [Date of the journal entry] Entry: [Journal entry number or identifier] Description: Incident documentation of ransomware attack on U.S. health care clinic. Tool(s) used: None The 5 W's:
Who caused the incident? An organized group of unethical hackers. What happened? A phishing email containing a malicious attachment was sent to employees, leading to the deployment of ransomware that encrypted critical files. When did the incident occur? Tuesday morning, approximately 9:00 a.m. Where did the incident happen? At a small U.S. health care clinic specializing in primary-care services. Why did the incident happen? The attackers gained access to the network through targeted phishing emails and aimed to extort money by encrypting critical files. Additional notes: The ransomware attack severely disrupted the clinic's business operations, leading to the shutdown of computer systems and the loss of access to critical patient data. This incident highlights the importance of cybersecurity measures, including employee training on identifying phishing emails and implementing robust security protocols to prevent and mitigate ransomware attacks.
Reflections/Notes: This scenario underscores the critical need for cybersecurity awareness and measures in organizations, especially those handling sensitive information such as healthcare data. It's concerning how quickly and severely the clinic's operations were impacted by the ransomware attack, highlighting the importance of proactive security measures to prevent such incidents. It also raises questions about the clinic's existing cybersecurity protocols and whether they were sufficient to detect and mitigate phishing attacks and ransomware threats.
In this activity, you will review the details of a security incident and document the incident using your incident handler's journal. Previously, you learned about the importance of documentation in the incident response process. You've also learned how an incident handler's journal is used to record information about security incidents as they are handled.
Throughout this course, you can apply your documentation skills using your incident handler's journal. With this journal, you can record information about the experiences you will have analyzing security incident scenarios through the course activities.
By the time you complete this course you will have multiple entries in your incident handler's journal that you can use as a helpful reference to recall concepts and tools. Later, you'll add this document to your cybersecurity portfolio, which you can share with prospective employers or recruiters. To review the importance of building a professional portfolio and options for creating your portfolio, read Create a cybersecurity portfolio .
Be sure to complete this activity and answer the questions that follow before moving on. The next course item will provide you with a completed exemplar to compare to your own work.
Note: You can use your incident handler's journal as a personal space where you can keep track of your learning journey as you learn about incident detection and response concepts and interact with different cybersecurity tools. Feel free to include your thoughts, reflections, and any other important details or information.
Scenario
Review the following scenario. Then complete the step-by-step instructions.
A small U.S. health care clinic specializing in delivering primary-care services experienced a security incident on a Tuesday morning, at approximately 9:00 a.m. Several employees reported that they were unable to use their computers to access files like medical records. Business operations shut down because employees were unable to access the files and software needed to do their job.
Additionally, employees also reported that a ransom note was displayed on their computers. The ransom note stated that all the company's files were encrypted by an organized group of unethical hackers who are known to target organizations in healthcare and transportation industries. In exchange for restoring access to the encrypted files, the ransom note demanded a large sum of money in exchange for the decryption key.
The attackers were able to gain access into the company's network by using targeted phishing emails, which were sent to several employees of the company. The phishing emails contained a malicious attachment that installed malware on the employee's computer once it was downloaded.
Once the attackers gained access, they deployed their ransomware, which encrypted critical files. The company was unable to access critical patient data, causing major disruptions in their business operations. The company was forced to shut down their computer systems and contact several organizations to report the incident and receive technical assistance.
Step-By-Step Instructions
Follow the instructions to complete each step of the activity. Then, answer the 5 questions at the end of the activity before going to the next course item to compare your work to a completed exemplar.
Step 1: Access the template To use the template for this course item, click the link and select Use Template.
Link to template: Incident handler's journal
OR
If you don’t have a Google account, you can download the template directly from the following attachment.
Review the details of the scenario. Consider the following key details:
A small U.S. health care clinic experienced a security incident on Tuesday at 9:00 a.m. which severely disrupted their business operations.
The cause of the security incident was a phishing email that contained a malicious attachment. Once it was downloaded, ransomware was deployed encrypting the organization's computer files.
An organized group of unethical hackers left a ransom note stating that the company's files were encrypted and demanded money in exchange for the decryption key
Pro Tip: Save a copy of your work Finally, be sure to save a copy of your incident handler's journal so that you can quickly access it as you progress through the course. You can use it for your professional portfolio to demonstrate your knowledge and/or experience to potential employers.
What to Include in Your Response
Be sure to include the following elements in your completed activity:
The journal entry date and number
A description of the journal entry
1-2 sentences addressing each of the 5 W's of the scenario:
Who caused the incident?
What happened?
When did the incident occur?
Where did the incident happen?
Why did the incident happen?
1-2 sentences on any additional thoughts or questions about the scenario.
The following is a self-assessment for your incident handler's journal. You will use these statements to review your own work. The self-assessment process is an important part of the learning experience because it allows you to objectively assess your first entry in the incident handler's journal.
There are a total of 5 points possible for this activity and each statement is worth 1 point. The items correspond to each step you completed for the activity.
To complete the self-assessment, first open your incident handler's journal. Then respond yes or no to each statement.
When you complete and submit your responses, you will receive a percentage score. This score will help you confirm whether you completed the required steps of the activity. The recommended passing grade for this project is at least 80% (or 4/5 points). If you want to increase your score, you can revise your project and then resubmit your responses to reflect any changes you made. Try to achieve at least 4 points before continuing on to the next course item.