CAS-003 · Question #473
The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not ta
The correct answer is D. Notify the appropriate legal authorities and legal counsel. In a healthcare data breach scenario, the first step - especially given legal and regulatory obligations (HIPAA) - is to notify appropriate legal authorities and legal counsel. Legal counsel must be engaged immediately to advise on obligations (breach notification laws, HIPAA req
Question
The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place. Which of the following steps should be done FIRST?
Options
- AReview audit logs to determine the extent of the breach
- BPay the hacker under the condition that all information is destroyed
- CEngage a counter-hacking team to retrieve the data
- DNotify the appropriate legal authorities and legal counsel
How the community answered
(42 responses)- A5% (2)
- B17% (7)
- C7% (3)
- D71% (30)
Explanation
In a healthcare data breach scenario, the first step - especially given legal and regulatory obligations (HIPAA) - is to notify appropriate legal authorities and legal counsel. Legal counsel must be engaged immediately to advise on obligations (breach notification laws, HIPAA requirements) and to manage communications in a legally defensible way. Law enforcement (e.g., FBI) should also be notified as ransomware/extortion is a federal crime. Reviewing audit logs (A) is important but comes after securing legal guidance. Paying the ransom (B) is inadvisable and does not guarantee data destruction or prevent future attacks. Engaging a counter-hacking team (C) could be illegal and escalate the situation. Proper incident response protocol always prioritizes legal notification before taking investigative or remediation actions.
Topics
Community Discussion
No community discussion yet for this question.