REAL$-$WORLD CASE $10\mathrm{.}2$

You are the chief security officer of Anywhere Hospital. You just received a frantic email from one of your help desk employees in the Information Technology department. There is a suspected malware infection that is spreading across your computer network. You ask your staff member whether there has been data loss or corruption. Your team member responds by saying that she does not know yet; the security team has been called and will begin the investigation process, starting with the origin of the malware. A quick and thorough response to this incident is of the utmost importance and is crucial to avoid disrupting patient care systems.

A little while later, you discover that the malware was launched from within the network via email; specifically, the malware was launched on the vice president$$s workstation in his office when he opened an email containing the malware. The hospital$$s Network Intrusion Detection System did not pick up abnormal traffic coming through the firewall.

Real$-$World Case Discussion Questions

$1.$Identify a hacking or intrusion technique that would allow malware to be launched inside the hospital$$s firewall undetected by the network intrusion detection system.

$2.$Identify technologies other than the network intrusion detection system, that could possibly detect abnormalities as described above in the system network.

$3.$Identify vulnerabilities that could have been exploited in order to have successfully launched malware within the network system.

$4.$Identify possibilities to keep this from happening in the futur