Disaster Recovery Plan
Kawa, Tonderai B.
INFO- 6027-02 Security Planning
Defined Recovery Process:
To insure the continuation of business at Sunnylake and secure accesses to the electronic medical records (EMRs) and insure a continued business through a disaster recovery plan that will be initiated with group 5 members.
The plan has considered the Sunnylake hackers who have caused an access denied on EMRs so the DRP that is going to be implemented and will include management procedures and technology procedures to insure an on-time recovery. So the crisis being faced is hacked EMRs so ...view middle of the document...
Per Gullestrup President and CEO of Clipper Projects in Copenhagen-(Commenter of case study). Carolline Eisenmann, former Intern as HBR-(Commenter of case study)
Data (recover): Access to EMRs and retain access to medication and patients records.
Phased Approach: Need to know how the hackers got into the system, Jacob suspect human error through downloading fake antivirus software. Will install a network based infection detection system.
Notification/ Activation Phase: Alert Sunnylake stuff of a service disruption and a guaranteed plan of action to pay the ransom being demanded by the hackers. This is in support of Per Gullestrups idea and approach based on his past experiences with dealing with hackers. In this case Paul has to accept to negotiate with the hackers. Try and secure the system through a strategic plan that should see the hackers anticipate the money yet the IT team can relocate its data backup location which is a logical strategy to insure that there will not be further interruptions once the ransom has been paid and this will mark the end of the topsy-turvy.
Responsibility - decision to activate:
Restrictions - conditions:
The programming that normally allowed only selective access to records had been altered to allow no access at all. Even the systems administrators where shut out.
Rules - succession, guidelines, documentation:
Recovery Phase - regain control:
Things could improve if Paul hires a security consultant who can help build a profile of the attackers, improve security, and train key personnel, so that Sunnylake can protect itself in the future. Complete records were backed up on the network, so patient information could not be totally lost.
Reconstitution Phase - repair and resume:
The need to clean the code and examine line by line and thoroughly clean out the syntax and semantics of the system.
Human lives at health risk of improper medication, the system keeps crashing because the attackers find a new way in every time a fix happens....