Project Overview

You are a cyber security analyst working within a healthcare organization called Hospital X. Your Chief Information Security Officer has reached out to you with a new concern.

“A new healthcare legislation was announced this morning that negatively impacts millions of patients around the world, and masses are outraged. Soon after the announcement, three different hospitals in our partner network were hit with ransomware attacks that shut down their entire operations. The FBI believes that this is not the last in the string of hits. All hospitals should be prepared for a potential attack. I have two questions: Are we vulnerable to this threat? How should we respond?”

Tools Used for Project

Task Feedback:

You've selected you are able to utilize all the tools needed for this project.

Documents Provided

Task Feedback:

Great! You have all the necessary project files.

Project Steps

Review incident scenario content.
Conduct research to understand what type of threat is involved, who is the actor behind the threat and how they are motivated.
Understand the vulnerabilities that were exploited within the other companies. Assess your assets and current mitigating controls to confirm if the threat could be relevant to your company.
Conduct a vulnerability scan against your environment and confirm whether vulnerabilities are present. Attempt to exploit a weak password vulnerability. Make remediation recommendations.
Outline next steps required in response to the incident.
Recommend improvements to incident response plan to address gaps.
Create a report for submission to the CISO that answers initial questions regarding the incident using the Final Project Template.

Project Deliverable

A report for presentation to the CISO answering the requested information.