PricingBlogAbout Us

Security Breaches: Analysis of Torrance Memorial and WannaCry Attacks

Verified

Added on  2020/03/01

|9
|2442
|105
Report
AI Summary
This report provides a comprehensive analysis of two significant computer security breaches: the 2017 data breach at Torrance Memorial Medical Center and the WannaCry ransomware attack. The Torrance Memorial case examines a phishing attack that compromised patient data, detailing the vulnerabilities exploited and the hospital's response. The WannaCry section explores the global impact of the ransomware, the methods used to spread the virus, and the affected entities, including the NHS and FedEx. Both cases highlight the importance of robust security measures, including employee training, updated software, and vigilant email practices. The report identifies key issues such as negligence, lack of system updates, and reliance on common attack methods like phishing, and suggests preventative solutions such as enhanced spam detection, secure data sharing, and the implementation of strong security policies to mitigate future threats. The analysis underscores the critical need for proactive cybersecurity strategies in healthcare and other sectors to protect sensitive data and prevent significant disruptions.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
PART A
COMPUTER SECURITY BREACH TOOK PLACE AT TORRANCE MEMORIAL
MEDICAL CENTER
INTRODUCTION
Torrance Memorial Medical Center, a California based medical facility suffered a
security data breach on 18th and 19th of April 2017. As per them, two email accounts have
been hacked which contain reports which are work related and due to the phishing attack they
got compromised. The attack led to even stealing of the personal data as well. However, there
has been news with regards the misutilization of any data stolen, however this can be no
reason for the medical center not taking any steps against the same. As is understood that one
of the most methodologies were used for the said attack to be conducted due to which it
makes it very clear that the medical centre had failed to take adequate steps to address issues.
Unfortunately, phishing is one such campaign which is successful even now, even
when it is known by all as to how to safeguard one’s systems against this kind of an attack.
Thereby it is clear that the individuals even now fail to be extra cautious before accessing
there mails and opening attachments from unknown sources (Socal, 2017).
ASSESSMENT OF THE ISSUE
On conducting a thorough investigation of the said case, it is concluded that a simple
way of hacking i.e. phishing is used by the malicious people to enter into the system of the
medical center and hack two prominent email accounts which contained specific work related
reports and documents. However, the main issue here is that it is still not known by them
whether the stolen data has been used for unscrupulous acts or not (Daily Breeze. 2017).
Even if there has been no tampering with the data stolen, yet the theft has occurred of
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
sensitive information such as names, address, date of birth, contact number, medical history
of patients, health insurance data and such other information which is categorized as critical.
The hospital authorities are sending warning letters to all those whose data have been
infected thereby ensuring them that they are protected well. However, here the main issue is
negligence on the part of the center who have opened up such mails and the attachments
within it without taking into the account the sender’s details and whether the same has been
sent from an authorized source or not. Not to forget, hospitals are one of the main places from
where one can obtain huge amount of income and the fact that the Torrance memorial
became a victim makes it clear of the loose ends available in the existing security panels
(NewsBreak Live. 2017).
SOLUTIONS TO PREVENT SUCH HACKS
One of the biggest solution to such a kind of problem is to be extra cautious before
opening up any mails. Checking up of the sender details is a must specially at such important
centers like hospitals. Further to this, crucial, sensitive as well as critical data should be
shared not via mails but either personally or via very secured sites which have strong
encryption facilities. The system also dialed to have a good spam detector facility and also a
firewall installed which should be done immediately. The fact that data has been leaked is a
big risk as it can be tampered at any moment.
Further to this, Torrance Memorial Medical Center should check on the practice and
train the people who are employed to be aware of such unwanted spam. Although they have
sent notices to all the patients whose data has been compromised, they have even offered
them free credit monitoring as well and individuality robbery shield services for a year
(DistilNFO HitTrust Advisory. 2017). Last but not the least, the victims are asked to be
watchful as well as cautious with regards such occurrences of robbery and fraud, to keep a
Document Page
check on the bank account and to scrutinize on a timely basis for no-cost credit reports and
explanation of benefits forms for apprehensive actions. It clearly shows that the hackers are
always active in a dormant manner and find such traps wherein even a single employee’s
casualness can lead to a situation as adverse as this wherein the personal records of various
patients are at stake (Davis,2017). One very most important step taken by Torrance Memorial
is that they had immediately intimated HHS about the occurrence of the said hack which
generally various entities avoid to do so. Lastly, all the patients who are intimated about such
a hack, should immediately ensure that the bank account details shared with the medical
center be informed to the respective banks about the fact that such a tampering has occurred
and thereby not to release payments if request come from unauthorized people or such other
suspicious people (Massive Media. 2017).
CONCLUSION
Thereby on analyzing the entire case of the said security breach, one can summarize
the fact that the staff and the employees of the medical center need adequate training with
regards the malicious acts that can occur with the systems and how cautious they are required
to be. Opening up of emails without checking the credentials, can be as fatal as this and in
turn even lead to occurrence of unwanted events against the patients. Phishing is one of the
most way of hacking and Torrance Memorial failing to take precautions against the same is
surprising. Adequate updates about spam is a must without which the system would always
remain vulnerable to such attacks. The particular case is a perfect example of negligence
which has led to happening of the said security breach.
Document Page
REFERENCES:
Daily Breeze. (2017). Patient records stolen in computer breach at Torrance Memorial
Medical Center. Retrieved from
http://www.dailybreeze.com/technology/20170619/patient-records-stolen-in-
computer-breach-at-torrance-memorial-medical-center
Davis,J. (2017). Phishing attack on Torrance Memorial puts patient records at risk.
Retrieved from http://www.healthcareitnews.com/news/phishing-attack-torrance-
memorial-puts-patient-records-risk
DistilNFO HitTrust Advisory. (2017). Torrance Memorial Phishing Attack Exposed Many
Patients’ Records. Retrieved from
http://www.distilnfo.com/hitrust/2017/07/07/torrance-memorial-phishing-attack/
Massive Media. (2017). Torrance Memorial Medical Center Hit By Phishing Attack.
Retrieved from https://www.massivealliance.com/2017/06/21/torrance-memorial-
medical-center-hit-by-phishing-attack/
NewsBreak Live. (2017). Torrance Memorial Medical Center Breach. Retrieved from
https://torranceca.wordpress.com/2017/06/20/torrance-memorial-medical-center-
breach/
Socal,P. (2017). Patients’ Info Compromised In Torrance Memorial Data Breach. Retrieved
from http://news.fraud.net/patients-info-compromised-in-torrance-memorial-data-
breach/
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
PART B
MAY 2017 RANSOMWARE DATA BREACH
INTRODUCTION
An outrageous ransomware attack had taken place in the month of May 2017 which is
said to be one of the biggest in the history of data breaches since the attack took under its
umbrella not one company or country but as many as a hundred countries of which Russia,
India, China, Taiwan and Ukraine being the highest sufferers (Goswami, 2017). They used
the tool which is used by the US National Security Agency to enter the system of the
terrorists thereby putting a great impact on the NHS in a negative way (Graham, 2017).
Further to this, one of the most renowned transport service provider, FedEx was also
impacted. The attack had destroyed various laptops and computers across the globe, and the
number has been counted at 300,000 till date. The virus which has been used to infect the
various systems across the globe is named as WannaCry.
ASSESSMENT OF THE MAIN ISSUE
The major point of problem in this particular attack was that the attack was not
conducted in any special manner, rather the attackers used one of the most common methods
of attacks i..e phishing whereby they sent unwanted spam mails containing malicious
attachments and once the same is opened or downloaded, the hackers get an access to the
system of the person. Further the complexity of the scam was the involvement of not one
company or country but it being wide-spread. The ransomware was called as WannaCry,
WannaCrypt0 or 2.0 or WCry.
Phishing is a cybercrime wherein the target or the people who are to be victimized are
sent emails which are junk and spam in nature, thereby attracting the receivers of the mail to
Document Page
open the same and this would then give access to the hacker of the mail account and in some
cases the system as well. This way the hackers can gain access to the sensitive data stored and
thereby use the same for satisfaction of malicious intentions (Hern & Gibbs, 2017). Apart
from the technique of phishing, the second critical problem was that once the system has been
attacked and hacked, the hackers demand for a payment against which they would again
provide access to the user. However, unfortunately there lies no surety about the access. The
attack had spread very fast across companies and across borders as well, leading it to become
one of the leading and most horrifying cyber attacks in the history of security breaches. Due
to the pace at which the same had spread, the people took a lot of time to gain control over
the same. The panic attack was too high to be handled in a single day simply due to the
reason that it had spread across continents as well. The attack started from USA and spread
till the continent of Asia (Kharpal, 2017).
WHO WERE AFFECTED AND HOW
The biggest sufferer due to the said attack was Britain’s NHS. Hospitals and GP
surgeries in England and Scotland were also under the victim list amongst the 16 health
entities that were the victim. The result was such that people were asked to shift the way of
working from technology to traditional i.e. manual. They were also asked to maximize the
usage of their mobile phones because the ransomware attack had corrupted many systems and
that too the mother systems and also the landlines as well. To everybody’s surprise, the
patients who were suffering, were asked to return back and the state was so miserable that
those who needed surgeries had to also go back because of the said attack. The situation was
so sad that health acre industry being one of the most crucial ones, there the patients were
asked to visit the hospitals and medical centers only in dire necessity.
Document Page
As per the present day data, Russia’s Interior Minister was one of the victim, followed
by Taiwan, Ukraine and India. FedEx Corp. is also one of the biggest sufferers. Apart from
these, the telecommunication segment was also not left untouched. Telefonica in Spain and
Portugal Telecom are two of the companies belonging to this sector who were also victims of
the said ransomware harassment (BBC News. 2017).
HOW WAS THE ATTACK CARRIED OUT
No special methodologies were used for the attack to be carried out. One of the most
commonly used ways of phishing was the type of attack. Cyber Gang by the name of Shadow
Brokers are the ones who are supposedly the ones behind the hack. As per the details given
by the gang, they confessed that the ‘cyber weapon’ was stolen by none other than but them
from the National Security Agency (NSA) USA. The weapon is named as ‘Eternal Blue’
which basically enables the NSA to get access to the systems of terrorists via the MS office
software which is the most common and basically found in all systems in today’s date. But it
is concluded by many that the gang had installed the said malicious software on an
unintelligible website and it was further stolen away by someone else who basically had
infected the systems across countries (McGoogan et.al. 2017).
HOW THE ATTACK WOULD HAVE BEEN PREVENTED
Whatsoever, the attack could have been prevented had the Windows been updated on
a regular basis and the anti-virus being run frequently. The limitations of the government and
the vulnerable systems of them are one of the basic reasons behind the scam. They lack the
vigilance in protecting crucial information and such significant weapons as well. The user
also should be trained such that they do not get lured by such spam mails and open them up.
Had the said spam mails not opened the said attack would not have happened (Newman,
2017). However, lastly it is understood that a thorough training along with a stringent
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
protection policy is a must for safeguarding against theft of such weapons which if stolen are
a danger to the nations security worldwide.
Document Page
REFERENCES:
BBC News. (2017). Massive ransomware infection hits computers in 99 countries. Retrieved
from http://www.bbc.com/news/technology-39901382
Graham,C. (2017). NHS cyber attack: Everything you need to know about ‘biggest
ransomware’ offensive in history. Retrieved from
http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-
know-biggest-ransomware-offensive/
Goswami,D. (2017). Wanna Cry ransomware cyber attack: 104 countries hit, India among
the worst affected, US NSA attracts criticism. Retrieved from
http://indiatoday.intoday.in/story/wanna-cry-ransomware-attack-104-countries-hit-
nsa-criticised/1/953338.html
Hern,A. & Gibbs, S. (2017). What is WannaCry ransomware and why is it attacking global
computers. Retrieved from
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-
attack-what-is-wanacrypt0r-20
Kharpal,A. (2017). How to tell if you’re at risk from the WannaCry ransomware and what to
do if you have been attacked. Retrieved from
https://www.cnbc.com/2017/05/15/ransomware-wanncry-virus-what-to-do-to-
protect.html
McGoogan,C., Titcomb, J. & Krol,C. (2017). What is WannaCry and how does ransomware
work. Retrieved from http://www.telegraph.co.uk/technology/0/ransomware-does-
work/
chevron_up_icon
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.