Explain to the board of trustees what additional security step policies

The chief information officer (CIO) and the developer of the software company Ransom Detect informed you that the hospital experienced a ransomware attack overnight. All the hospital’s computer systems are shut down, and the patient’s EHR information and employee human resources (HR) information cannot be accessed. The attackers are demanding payment before they release the patient’s private health care information and employee HR information.

The board of trustees provides you a few moments to think about the issues. Cyber criminals expect their victims to pay the ransom. In your paper, address the following:

  • Explain to the board of trustees what additional security step policies could/should be taken, if the organization should pay/or refuse to pay the ransom, and why.
  • Describe what comes next; in other words, provide a detailed action plan that should take place after paying/or declining to pay the ransom.
  • Define any ethical and legal consequences regarding paying or not paying the ransom that may occur.
  • Describe who should be informed of the cyberattack (e.g., employees/staff, patients, the media, state/federal FBI agencies) and why.
  • Analyze the pros and cons of considering cyber insurance for future attacks.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>