Académique Documents
Professionnel Documents
Culture Documents
YOU'VE
BEEN
HACKED!
I now know why they tell you not to talk on your cell phone while driving.
She stated the applicant showed / had PI information, Name, Address,
Date of Birth and SS#. The application has over 300,000 records with
this type of information.
Secure the
system
I hang up the phone, called our
Database Admin and Network
Admin and told them to take the
application off line ASAP like
yesterday!
I had the DB Admin start
looking into the what happen,
how it happened and what he
can find out and the same with
the Network Admin.
We also had them copy the
application and start working
on securing it so we can get
operations back to normal.
Determine
what they got
The next phone calls I made was to
the State Department of
Technology Management and
Budget Security Office and
Michigan State Police Computer
Crimes unit.
Of course, they wanted to know
who the person was. Since we
knew that information we provided
that information.
Get operations
back up
We have the contractor that wrote
the program for the Health
Department without ITs input rewrite and secure the application
with the IT departments expertise.
Did we do it
right
The person did not see anything
wrong with what they did and had no
ill intent. The person was trying to
show what they could fix what was
wrong with our system. They
exceeded at getting our attention since
this did expose a huge concern for us.
Second Incident
Crypto Locker
virus
The first thing we did was
to disable the users
account and the infected
computer so her
credential and the laptop
was unable to infect any
further data.
We then looked at what
the user had rights to and
checked the files.
This is where we
discovered that over
1000 files were affected
across several directories
on the SAN.
Get things
back to normal
We moved into a DR process to bring
the business up. We started running
full scans on all volumes of the SAN
and servers. We investigated the time
frame of corruption and started
removing the corrupted files.
How did we do
it
We were prepared and knew what
to do.
The IT staff informed the correct
staff and the correct time to
minimize the affects.
We have DR plans and a DR SAN
which allowed for the quick
restoration of the files.
The only comments we got from
the board and the department were
simple.
How can we prevent it in the
future?
How were you able to get
everything done so quick?
Again it was not an issue of the fact
we got hacked it was more focused
on what we did and how quickly we
did it. Confidence level of IT
operations continue to grow as
they know we can handle critical
situations.