CASE STUDY ON WHEN HACKERS TURN TO BLACKMAIL

INTRODUCTION
Information technology has become an integral part of any organization in the modern era of
globalization. The organizations who have failed to use IT properly for their benefit either have
declined or is in a very unproductive stage. But implementation of IT also brings in some dangers
which are required to be dealt efficiently and responsibly. This efficiency comes with avid knowledge
of the nuances of the IT arena and the main drawbacks or problems regarding the system. The case
study on Sunnylake Hospital provides us a very clear idea about in which way IT can help an
organization to flourish and also if not taken proper can what it can do to the organization.
THE CASE
Sunnylake Hospital started as a community centre with a vision to help people to cure their disease.
Paul Layman the CEO of the Sunnylake Hospital had joined the organization five years back with a
vision of implementing cutting edge technology to the community centre to build it into a hospital
which is sought after by the people. He implemented electronic medical records (EMR) which
replaced the traditional way of prescribing and checking patients records through papers by
converting them into digital data. But one day a mail stating the fault of the security systems of the
organization was inboxed into Paul Laymans mail by some anonymous person. Paul, having full faith
in his IT department and its director Jacob Dale ignored the message and hadnt gave a thought to it.
But on the starting of the next week it was found that the complete EMR systems has been hacked and
no one can access the data related to patients.
THE FINDINGS FROM THE CASE
The following facts were recorded from the case study regarding the implementation and maintaining
of the system which can influence the way out from the distress that Sunnylake Hospital is in.
Though the IT system of Sunnylake was one of kind and they were pioneer in implementing
the IT system they never gave a thought to the security system of their data. The security
system perspective of the data has gone through a change in the last few years and also the
systems to infiltrate them.
He had too much trust on the IT department which made it overconfident to look out for any
discrepancies in the system which also led to the attack.
They had the backup of the data which can be accessed through EMR only. During any
emergency other than hacking such as service failures and other factors it would be
impossible to retrieve those data. They should have built a physical backup in terms of flash
drive or documents which can be accessed easily.
The usage of the EMR was restricted to authorizes personnel only but they were vulnerable
to infiltrate as a number of people objected the implementation of the ENR. They should
have built a strong identification system to use the EMR.

SUGGESTIONS TO DEAL WITH THE ATTACK
The following steps, if implemented, can help Sunnylake Hospitals to deal with the attack now and
for the future;
A strong firewall system is required to be built to secure the data from infiltration. As we
come to know from the case that though the IT department was able to restore the system it
was being hacked again, which implies the absence of a strong firewall system.
More awareness is required in EMR front as it is evident that the hackers were able to enter
the system through some applications that the users used.
Training of the staffs is also required as most of them were from traditional background and
had little knowledge about IT.
A review committee to check any problem and suggest the solutions required to be formed.
The committee should have third party representatives to have a neutral view.
A physical back up of sensitive data such as detail study and past records of the patients, their
medical background should be kept in hard copies and also in flash drives, so if emergency
occurs that will not affect the day to day operations of the hospital to a great extent.
CONCLUSION
The case study gives us an exposure to the fact that IT is essential for any organization to flourish but
to survive and sustain it is also required to update the knowledge regarding the developments of the
facets of the systems. Also implementing any system should be followed by proper training of
personnel using the system as ignorance about the facts of the system can lead to bigger problem than
ever imagined.