MedStar Health's Battle Against Cybercrime

(Executive Summary)
MedStar Health Inc, a leader in the healthcare industry
regionally and nation-wide, is a constant target of the malicious
attempts of cyber criminals. Over the past 6 years MedStar
Health Inc. has faced several instances of data breach most
notably, the 2016 breach that compromised 370 computer
systems and halted its operations. As the organization continues
to digitize and broaden the use of electronic medical records
across its facilities, the threat of cyber-attack remains even
more pervasive. The purpose of this report is to provide an
overview of MedStar Health Inc cybersecurity vulnerabilities,
examine the overall causes and impact of the breaches and
explore solutions to meet the organization’s cybersecurity
challenges.
With a focal point on MedStar Health breaches, a literature-
based study was conducted, and various news articles, academic
journals and company publications were analyzed. It was found
that the 2016 and 2020 data breaches were attacks on the
organization’s internet servers. The 2020 hack compromised the
records of 668 patients, whereas the 2016 hack was a result of a
ransomware infection that compromised 7500 individuals’
records and halted the organizations’ operations. The cost of the
virus infection was greater than the $19,000 ransom requested
due to additional recovery and remediation costs. It was also
revealed that the 2019 breach was due to human error.
To best combat the efforts of cyber criminals, it is
recommended that MedStar Health Inc. place greater emphasis
on cyber awareness training for employees/professionals,
implementing multiple factor authentications and a strong
password and identity management system to reinforce its IT
infrastructure against future hacks. Failure to effectuate these
measures pose significant risk to MedStar Health Inc., its
affiliates and patients that extend beyond ransom payments,

fines, imprisonment, lawsuits and costs incurred for subsequent
identity theft protection services. The damage caused by data
security breaches may prove fatal for patients, the company’s
most valued asset, compromising public perception and the
company’s mission to provide the highest quality of medical
care and build long-term relationships with the patients they
serve.)
Actual Technical Report
MedStar Medical Vs. Cybercrime
In the health sector, experts "see persistent cyber-attacks as the
single greatest threat to the protection of healthcare data"
(Moffith & Steffen, 2017). To the world at large, this is not the
most absurd news or revelation. Healthcare data embodies some
of the most marketable information, and for the black market
this is Eldorado – the fictional tale of the city of gold.
Healthcare organizations are tasked with fighting the uphill
battle of providing quality medical care to their number one
stakeholder – patients – while also ensuring that their valuable
information is kept safe and secure. Despite their efforts,
healthcare organizations sometimes fail in their attempts to
provide adequate security. In 2016, MedStar Health – a not-for-
profit healthcare organization – suffered a data breach that left
thousands of residences of the Washington DC and the
Maryland area distraught. This paper highlights the concerns
faced by MedStar Health and the damage caused by these cyber -
attacks. It also analyses various vulnerabilities seen in the
healthcare sector and highlights needed comprehensive security
perspectives and industry-proven security systems to provide
recommendations on how MedStar Health can potentially face
these challenges.
MedStar Health's Bio
MedStar Health offers "the highest quality care for people in
Maryland, Virginia, and Washington, D.C.," solidifying its
reputation as a leader in the healthcare industry both regionally
and nationally (MedstarHealth, 2021). The organization

operates ten hospitals and over twenty health-related
businesses, including ambulatory care, urgent care centers, and
a research institute across the Washington, DC, and Maryland
area. It also currently employs 30,000 associates, 6,000
affiliated physicians and has one of the largest graduate medical
programs in the country, where more than 1,100 medical
residents are trained annually (MedStar Health, 2021). Also,
MedStar Health is the medical education and clinical partner of
Georgetown University.
The 2016 Breach
On March 28, 2016, MedStar Health was a victim of a data
breach that brought the medical "behemoth" to a standstill (Cox
et al., 2016). This attack forced the institution to power down
critical infrastructure and processes for several days to slow the
virus's spread. Specifically, the cybercriminals used a
ransomware attack to encrypt the organization’s data and
infected critical systems. The Washington Post describes this
crime as being "financially motivated, [where] the hackers make
demands that put their victims in a difficult spot…, [targeting]
critical data — such as patient records — then ask for a ransom"
in exchange for decrypting the compromised data (Cox et al.,
2016).
Consequently, as a result of this attack, ten hospitals and over
twenty medical centers were pushed back to the primitive means
of operation, slowing down overall productivity and affecting
thousands of patients. NBC News reported that thousands of
MedStar's patients with appointments were greeted with the
voice message, "Our computer systems are still down, so we
need you to bring a list of current medications and a list of
allergies" (Williams, 2016). The impact of this ransomware
attack was truly daunting, as it denied health care professionals
access to information and resources needed to perform their
duties--it ultimately hindered the organization’s ability to fulfill
its mission of providing quality healthcare to its patients.
The 2019 Accidental Data Leak
On July 22, 2019, MedStar Health's Privacy Director, Mutanu

Mutuvi-Thomas, reported to the Attorney General that their
organization experienced an accidental data leak on June 19,
2019, where confidential information was shared. In an email
describing the incident, the Privacy Director explained the
accident and the course of action taken to remediate the issue.
When the mistake was realized, strict instructions were
immediately issued to the recipients of the accidental email to
securely delete the document from their emails and trash
receptacles. To prevent further disclosure of the sensitive
information, legal documents were then issued to the recipients
to sign confirming the deletion (MedStar Health, 2019).
Additionally, the affected residents were "offered one year of
complimentary credit monitori ng and identity theft protection
services through Experian" (MedStar Health, 2019). This was a
valiant effort on MedStar Health’s part, in protecting not only
their patients, but also the care providers in light of this
exposed vulnerability. Although this incident was reported in
the 2019 End of Year Data Breach Report by ITRC (Identity
Theft Resource Center), there was no additional information
available, as it was discreetly handled internally.
The Healthcare and Cybersecurity
Healthcare information is precious, as it encompasses a holistic
view of a person's health, and thus, the health of the wider
community. This information is used to determine medical
treatment and policies that ultimately influence the standard of
living at large. Not too long-ago medical information was stored
as physical files and was accessed through manual processes.
This of course posed unique challenges regarding data
communication, efficiency, accuracy, and security –
demonstrating a need for the digitization of health files (Touro
College Illinois, 2021).
"Today, healthcare information is widely collected, stored,
accessed and transmitted digitally, thanks in part to the Health
Information Technology for Economic and Clinical Health
(HITECH) Act" (Touro College Illinois, 2021). This act
promoted the widespread use of electronic health records (EHR)

and health information exchange (HIE) to share and store
healthcare information. This shift in handling medical data
created, without question, overall improvements to healthcare,
as health records are updated in real-time and patients are
treated with more efficiency. "As healthcare information
…migrated to the digital environment, it [became] highly
valuable and therefore vulnerable to cybercriminals on the dark
web" (Touro College Illinois, 2021). Healthcare cybersecurity
laws were then introduced with guidelines to follow set forth by
the Health Insurance Portability and Accountability Act of 1996
(HIPAA) to protect patients' information.
Findings
Cyber threats to the healthcare industry continue to be a major
problem. Organizations have reported more instances of data
breach with the increasing use of EHR. While the scope of the
threats remains unknown, the industry in most recent years have
taken more steps than ever before to close the gap. In this
section, the researchers aim to provide an overview of the
health sector's cyber concerns and the various data breaches
experienced by MedStar Health
How Serious is the Cyber Concern?
Between 2009 and 2016, there were 1,798 data breaches
reported; of which 1,225 were reported by health care providers.
Also, of 257 reported breaches 216 were hospitals, and at least
33 of those facilities were involved in multiple cyber incidents
(Schmeelk et al., 2021). Within 2010 and 2013, studying a
dataset of 949 breaches recorded by the Office of Civil Rights
(OCR), there were more than 29 million compromised health
records (Schmeelk et al., 2021). Figure 1 below highlights the
five categories of breaches recorded by OCR between June 2019
to June 2020: "Hacking/I.T. Incident reports totaling 264
breaches, Improper Disposal totaling 12 breaches, Loss totaling
11 breaches, Theft totaling 27 breaches, and Unauthorized
Access/Disclosure totaling 102 breaches" (Schmeelk et al.,
2021).
Figure 1

Breach Types between June 2019 to June 2020 (Schmeelk et al.,
2021).
Moreover, within the exact timestamp of June 2019 to June
2020, there were three significant data breaches within the
healthcare sector. On July 1 of 2019, Optum360 LLC. reported a
breach affecting 11,500,000 individuals and days later, July 15
of 2019, Clinical Pathology Laboratories Inc. also reported a
breach that affected 1,733,836 individuals. Both breaches were
the result of an attack/ hack of their IT Network Servers.
Additionally, on February 5 of 2020, Health Share of Oregon
declared a data breach that affected 654,362 individuals due to a
laptop theft (Schmeelk et al., 2021).
The seriousness of these concerns is seen in figure 2, which
highlights the number of U.S. residents affected by healthcare
data breaches between 2014 to 2019. As reflected, 113.2 million
U.S. residents were affected by cyberattacks in 2015. In 2020,
surprisingly, only 23.5 million affected U.S. residents were
impacted by cybercriminals' acts, despite the Covid 19
pandemic (Johnson, 2021). Nevertheless, this is still a
substantially large number of individuals affected as result of
data breaches in the healthcare sector.
Figure 2
The number of U.S. residents affected by health data breaches
from 2014 to 2019, in millions (Johnson, 2021).
MedStar Health's Data Breaches
Over the last six years, MedStar Health faced three major data
breaches that have heightened concerns surrounding the
organization’s cybersecurity posture. The data breach of 2016
left 10 MedStar Health hospitals and 250 outpatient centers in
the Washington DC and the Maryland area at a standstill. Their
entire infrastructure was victim to the ransomware attack.
According to the Indian Health Services (IHS), 7,500
individuals were affected by this 2016 data breach, and a
ransom of USD 19,000 was requested –which was not paid. The
2019 cyber threat came from an internal error that leaked

"sensitive personal information of residents to a class of new
intern physicians" (MedStar Health, 2019). This case was
handled internally, and there are no reports of any further
damage caused by this internal threat. Finally, according to
OCR, on September 25, 2020, 668 individuals were affected by
a network data breach, categorized as an I.T./ Hacking incident,
at MedStar Health. Unfortunately, there was no additional
information posted online concerning this breach, as it is
currently filed under the OCR section of presently under
investigation.
Discussion
In the age of technological advancements, preparedness is vital
when facing the daunting reality of the capabilities embodied by
cybercriminals. MedStar, along with many other medical
facilities, learned this truth the hard way with the
implementation of electronic health records. Craig DeAtley, the
organization's director of emergency management, commented
on the need for better preparations in light of the 2016 data
breach in an interview. He said, "[w]e were practiced at
individual workarounds, but we had never really rehearsed
losing everything, much less all at once, … [Y]ou need to
exceed your comfort level to prepare for a problem this vast"
(Hall, 2016). MedStar Health and healthcare providers need to
keep up with modern cybersecurity practices, regular cyber
awareness training, and up-to-date system infrastructures to
embody this readiness.
In the 2016 cyberattack, several infrastructure resources were
rendered useless because of the virus. The Ransomware that
crippled the hospital's systems restricted access to essential
EHR, leaving thousands of patients without sufficient care. In
the realm of cybersecurity, the CIA triad are core principles of
information security that assist in the discussion and
implementation of measures to turn the tides of this uphill
battle. In essence, these principles help with the needed
preparedness. The CIA triad's core principles ensure that data
remains confidential, maintains its integrity, and access to

required information is always available. These principles will
guide the proposed recommendations for MedStar Health on
ways to improve their I.T. systems.
Insider Threats
MedStar Health suffered an external attack in 2016, and
the damage was substantial. However, this gateway was made
possible by human error, and thus cyber harm can be done from
within any organization, whether it be malicious or through
careless actions. This act is referred to as an Insider Threat.
Through these thoughtless or malevolent actions, health records
are compromised, and in turn, patients suffer. More so, these
actions often, more times than not, expose the vulnerabilities in
the CIA triads, endangering "confidentiality, integrity, [and] or
availability of the organization's information or information
systems" (Mazzarolo & Jurcut, 2019). In the case of MedStar
Health, in 2016, employees' access to their systems was
restricted, removing the availability of needed PHI, and the
integrity of the data was potentially compromised.
Understanding the seriousness of the insider threat can
ultimately help protect MedStar Health against these
vulnerabilities.
Typically, when a breach is revealed on the news or reported to
the OCR, it is usually due to an outsider. However, thoughtless
action can prove more lethal. The 2019 data leak at MedStar
Health of residents' confidential information is an example of
insider threat, as this was a careless act that exposed PHI. "The
hazards that originate from inside [an organization are more]
difficult to prevent and detect because insiders pose a serious
danger as they are familiar with the organization's… systems…,
and policies, and they have access to confidential information"
(Mazzarolo & Jurcut, 2019). Although the 2019 incident was
accidental, it doesn’t take away from the potential threats
mistakes can cause. A lesson that MedStar Health is fully aware
of, as seen in their actions to resolve this incident quickly.
Intrusion Motives
At this point, it is understood how valuable medical information

is, and not just to healthcare facilities, but also to the cyber
black market. In fighting this unavoidable circumstance,
healthcare management needs to understand the driving factors
behind cybercriminals. There is the common saying that
resonates with the benefit of knowing your enemy, and it holds
true in these challenging circumstances. The intrusive motives
of cyber criminals may be opportunistic for monetary gain,
political exposure and change, ideological activism, disruption
of services or access, and/or just simply to cause physical
harm.
In MedStar Health's 2016 case, the motive was monetary
and to disrupt service and access of their systems. This action,
in turn, caused harm to the patients and the care they required.
Ablon (2018) describes this type of attacker as a Cybercriminal.
"Cybercriminals are motivated by financial gain—they care
about making money. They want access to our personal,
financial, or health data—in order to monetize them on
underground black markets" (Ablon, 2018). The motives behind
the breach of 2016 preyed on the vulnerability in patient data
confidentiality and electronic records' availabili ty to MedStar
Health staff. Thus, understanding the enemy can prove
beneficial in MedStar Health's pursuit of curbing these
vulnerabilities.
Hacker psychology
Like intrusion motives, the hacker's psychology is tied to the
cybercriminal's mindset and begs the question of what
ultimately motivates them to hack. This goes for both
cybercriminals and cybersecurity professionals. The difference
is the motivating factor. As briefly mentioned, some hackers
will conduct their actions with the sole purpose of making
money, while others perform the same steps because of
curiosity. In the case of cybersecurity professionals, these
actions are done to protect everyday civilians who cannot
defend themselves from cyber-attacks. Understanding the
hacker's psychology will help cyber professionals make better
decisions regarding keeping EHR confidential, maintaining all

records' integrity, and ensuring that the data remains accessible
to the right employees. "[W]hen analyzing threats and attacks, it
is important to focus on the psychological aspect of an intruder,
their motives and intentions and their way of thinking, planning
and performing attacks" (Pleskonjic, 2006). This mindfulness
will help cybersecurity professionals in their task of creating
sound vulnerability assessments.
More so, understanding the fundamentals of insider
threats, intrusion motives, and hacker psychology provides an
excellent foundation for guiding the conversation surrounding
the CIA triad's principles. This understanding, alongside sound
security systems, will aid MedStar Health in its concerns
regarding the confidentiality, integrity, and availability of PHI
and ePHI.
Identity Management System
Identity management is an important tool in securing
information systems and if properly applied it would aid in the
reinforcement of MedStar Health security posture. It is
essentially the process by which users' identities are defined
and managed in an enterprise environment and encompasses two
vital concepts, "Access" and "User”. "Access refers to actions
permitted to be done by a user (… view, create, or [edit] a file),
[while users refer to] employees, partners, suppliers,
contractors, or customers" (De Groot, 2019). Implementing an
Identity Management System provides the ability to segment
employees based on their roles. This system will ensure that
access is given to the proper personnel at MedStar, and access
will be managed when those employees transition roles and or
leave the company. This type of access management and control
aids the fight against cyber concerns and can ultimately help
reduce the risks of vulnerabilities in MedStar Health's
framework; as it corrects issues surrounding authorization, as
access is controlled based on job description and role.
The Identity Management System is designed to address
three critical security tasks: identity, authenticate, and
authorize. "Meaning, only the right persons should have access

to computers, hardware, software apps, any I.T. resources, or
perform specific tasks" (De Groot, 2019). At MedStar Heal th, as
of 2017, OnCore, a clinical management system, was
implemented to work in conjunction with PowerTrials, a module
within the MedStar electronic medical record (MedStar Health,
2017). OnCore holds records of patient's progress, and to some
degree, billing intimation, while PowerTrials stores these
patients' medical records. "These two systems both serve a
different purpose within [MedStar] but work with each other to
serve study and subject information to the appropriate users"
(MedStar Health, 2017). With a proper Identity Management
System in place, access to these systems will remain secure.
The system controls the users' access (their unique passwords)
to each platform, ensuring no unauthorized person gains access
to this confidential information.
In considering an Identity Management System for
MedStar Health, the following components are needed:
a scalable, secure, and standards-compliant directory service for
storing and managing user information; a provisioning
framework that can either be linked to the enterprise
provisioning system, such as a human resources application, or
operated in standalone mode; a directory integration platform
that enables the enterprise to connect the identity management
directory to legacy or application-specific directories; a system
to create and manage public key infrastructure (PKI)
certificates; a run time model for user authentication; and a
delegated administration model and application that enables the
administrator of the identity management system to selectively
delegate access rights to an administrator of an individual
application or directly to a user (Oracle, 2010).
Figure 3
An Identity Management System Model (Oracle, 2010).
In the realm of Identity Management, there are various
ways one may access information and resources, and this system
assists in navigating this dialogue of access. At the basic level

of an Identity Management System is Role-Based Access
Control (RBAC). "Under this approach, there are predefined job
roles with specific sets of access privileges" (De Groot, 2019).
For instance, at MedStar Health there is no reason why a
security guard should have the same access as someone on
Payroll. Their individual roles separate their access. The second
approach is Single Sign On (SSO). In this model of the Identity
Management System, users only need to verify themselves once.
The user is "given access to all systems without the need to log
separately into each system" (De Groot, 2019). Finally, there is
the Multi-Factor Authentication (MFA). In this Identity
Management approach, the "authentication process combines
something the user knows (like a password) with something the
user has (like a security token or [One Time Password] OTP) or
something that's part of the user's body (like biometrics)" (De
Groot, 2019). When used independently, these Identity
Management approaches are not sufficient to secure an
organization given the tools currently available to
cybercriminals. However, when these approaches are used
simultaneously to manage and control access along with
passwords, and user identity, there is a greater probability of
securing PHI and ePHI.
In regards to passwords, the Identity Management System
allows for total control over the policies governing passwords,
their requirements and their expiry date. As such, in
implementing a thorough Identity Management System MedStar
Health is taking the most critical steps in securing their
infrastructure and sensitive information, ensuring that
passwords are changed frequently and are complex enough to
safeguard PHIs.. Strong passwords paired with multilevel
authentications will create a defense that is reputable in this
cyber driven world.
Example of an Identity Management System at MedStar Health
When attending to patients at the health care facilities, while
using a laptop, Doctor X will enter their set login credentials
(their username and password). Their identity will then be

checked against a database to verify if the correct credentials
were entered and match the ones stored. If correct, Doctor X
will gain access to the laptop. Once logged in, Doctor X will
attempt to visit the needed web service that holds MedStar
Health's PHI. Again, Doctor X will be prompted for their
username and password. The system will also check the user's
credentials against their database. However, at this point, there
is an additional layer of security requiring another form of
authentication for access, an MFA. The website creates a unique
authentication key for the user based on their previously entered
credentials. This identification key is then sent to Doctor X for
confirmation. This MFA may be in the form of an app on a
mobile device linked to the doctor's login credentials. The
identification key is generated on Doctor X's mobile device and
prompts for confirmation. Once confirmed, maybe within a set
time limit, and both forms of authentication match the database
managing credentials, Doctor X will gain access to the database
that holds the patient's health information.
The example above highlights how a simple Identity
Management System may work within MedStar Health, where
only specific users in the organization are allowed to access and
handle sensitive information. The Identity Management System
does a fantastic job at provisioning access across organizations;
however, safe computer etiquette needs to complement these
systems to address significant vulnerabilities.
Figure 4
Example of MFA in the Identity Management System
(Papaspirou et al., 2021).
The importance of safe computer etiquette
In the case of MedStar Health, in the 2016 ransomware attack,
if personnel were adequately trained to identify phishing emails
or malicious hyperlinks, this incident could have been avoided
and their records could have been protected. The same can be
said for the 2019 accident. "IBM's 2015 Cyber Security
Intelligence Index stated that 45 percent of all breaches were
due to insiders and that 95 percent of those breaches were due

to human error" (Perez, 2016). The report also stated that 42.75
percent of all cyberattacks are caused by inadequately or
improperly trained staff. Thus, with the proper tools and safe
computer etiquette, MedStar and all healthcare providers can
better protect their number one stakeholder's information, their
patients.
In an interview with SCMagazine, a cybersecurity magazine in
the UK, Jacob Ginsberg, a senior director at Echoworx, said it
best. He compares the basic things an individual learns growing
up, not touching a hot oven – to the education needed in the
digital workplace. He said, "[there] should probably have
similar lessons like that which would educate the digital
workforce on the basic things you can do to stay safe at work"
(Perez, 2016). This fundamental educational gap must be filled
to ensure that the average MedStar employee knows how to
protect their data and not fall prey to crafty phishing emails and
other avoidable mistakes seen in 2019.
Figure 5
The frequency of cybersecurity awareness training in the U.S.
Healthcare Sector as of 2018 (Stewart, 2019).
Conclusion
The numbers reflected in the chart above should be
significantly higher, given that millions of individuals are
affected yearly by cyberattacks in healthcare. Overall, the
current situation society faces is dire however, the technology
and training are available to aid in protecting PHIs and
addressing these concerns. "Patient First is the heart of quality
care at MedStar Health. Part of "Patient First" is [MedStar
Health's] promise to keep patient information private" (MedStar
Health, 2014). Thus, implementing the recomme ndations
highlighted in this paper is critical to MedStar Health's promise
to their patients. With proper cyber awareness training, a robust
Identity Management System, a better understanding of insider
threats, and the motives and psychological mindset of their
potential intruders, MedStar Health is armed with the
appropriate tools needed in this uphill fight. This approach

ultimately protects their number one stakeholder, their patients.
References
Ablon, L. (2018, March 15). The Motivations of Cyber Threat
Actors and Their Use and Monetization of Stolen Data. The
RAND Corp.
https://www.rand.org/content/dam/rand/pubs/testimonies/CT400
/CT490/RAND_CT490.pdf
Cox, J., Turner, K. & Zapotosky, M. (2016, March 28). Virus
infects MedStar Health system's computer s, forcing an online
shutdown. Washington Post.
https://www.washingtonpost.com/local/virus-infects-medstar-
health-systems-computers-hospital-officials-
say/2016/03/28/480f7d66-f515-11e5-a3ce-
f06b5ba21f33_story.html
De Groot, J. (2019, December 19). What is identity and access
management (IAM)? Data Insider.
https://digitalguardian.com/blog/what-identity-and-access-
management-iam
Hall, S. (2016, June 30). Lessons from the MedStar Health
ransomware attack. Fierce Healthcare.
https://www.fiercehealthcare.com/privacy-security/lessons-
from-medstar-ransomware-attack
Johnson, J. (2021, March 10). Number of U.S. residents affected
by health data breaches from 2014 to 2019, in millions. Statista.
https://www-statista-
com.lehman.ezproxy.cuny.edu/statistics/798564/number-of-us-
residents-affected-by-data-breaches/
Mazzarolo, G., & Jurcut, A. D. (2019). Insider threats in Cyber
Security: The enemy within the
gates.https://arxiv.org/pdf/1911.09575.pdf
MedStar Health Inc. (2021). Graduate medical education.
https://www.medstarhealth.org/education/graduate-medical-
education/
MedStar Health Inc. (2019, July 22). Security Breach
Notification.https://www.marylandattorneygeneral.gov/ID%20T

heft%20Breach%20Notices/2019/itu-315436.pdf#
MedStar Health Inc. (2014, October). Protecting Patient
Privacy.
https://ct1.medstarhealth.org/content/uploads/sites/8/2014/10/M
GUH-Volunteer-Protecting-Patient-Privacy-Policy.pdf
Moffit, R. & Steffen, B. (2017). Health care data breaches: a
changing landscape. Maryland Health Care Commission.
https://mhcc.maryland.gov/mhcc/pages/hit/hit/documents/HIT_
DataBreachesBrief_Brf_Rpt_090717.pdf
Oracle. (2010, January 2). Identity Management Concepts and
Deployment Planning
Guide.https://docs.oracle.com/cd/B14099_19/idmanage.1012/b1
4084/intro.htm#:~:text=A%20complete%20identity%20manage
ment%20system,storing%20and%20managing%20user%20infor
mation.&text=A%20system%20to%20create%20and,time%20mo
del%20for%20user%20authentication.
Papaspirou, V., Maglaras, L., Amine Ferrag, M., Kantzavelou,
I., Janicke, H., & Douligeris, C. (2021, January 20). A novel
two-factor honeytoken authentication mechanism.
https://arxiv.org/pdf/2012.08782.pdf
Perez, R. (2016). Cyber-security awareness. S.C. Magazine: For
I.T. Security Professionals (U.K. Edition), 18–21. https://eds-a-
ebscohost-
com.ezproxy.umgc.edu/eds/pdfviewer/pdfviewer?vid=7&sid=d5
194e8a-a6ee-4c2c-84e2-c0bb5899bbb7%40sessionmgr4008
Pleskonjic, D., Milutinovic, V., Maček, N., Djordjevic, B. &
Caric, M. (2006). Psychological profile of network intruder.
https://www.researchgate.net/profile/Dragan-Pleskonjic-
2/publication/325810196_Psychological_profile_of_network_int
ruder/links/5b2648c1458515270fd4a3f6/Psychological -profile-
of-network-intruder.pdf
Schmeelk, S., Dragos, D. & DeBello, J. (2021). What can we
learn about healthcare I.T. risk from HITECH? Risk lessons
learned from the US HHS OCR breach portal. Proceedings of
the 54th Hawaii International Conference on System Sciences.
3993-3999.

https://scholarspace.manoa.hawaii.edu/bitstream/10125/71101/0
393.pdf
Stewart, C. (2019, May 20). Frequency of security awareness
training in healthcare organizations U.S. 2018. https://www -
statista-
com.lehman.ezproxy.cuny.edu/statistics/736704/security-
awareness-training-frequency-in-healthcare-organization-in-us/
Touro College Illinois. (2021, March 4). How is healthcare
information kept safe? https://illinois.touro.edu/news/how -is-
healthcare-information-kept-safe.php
Tutorials Point. (n.d.). What are web
services?https://www.tutorialspoint.com/webservices/what_are_
web_services.htm
Williams. P. (2016, March 31). Medstar hospitals recovering
after 'ransomware' hack. NBC news.
https://www.nbcnews.com/news/us-news/medstar-hospitals-
recovering-after-ransomware-hack-n548121
Lab Report
In the lab, there were two tools used for password
cracking, Cain & Abel and Ophcrack. Brute Force attacks and
Dictionary attacks recovered the passwords by using NTLM
Hashes. Passwords recovered in Ophcrack imported users
username, LM hash, and NT hash into rainbow tables to crack
the users password. This report will provide the results of using
each attack on three separate users.
Using Brute Force, Apollo and Batman passwords were
recovered within 10 seconds. User Csadmin password was never
recovered. Dictionary provides more options to define the
password, Apollo and Batman were found in 5 seconds.
Csadmin password was never recovered. Lastly, Ophcrack
recovered Apollo and Batman passwords immediately. However,
Csadmin password was never recovered.
Ophcrack recovered the password the quickest. When using
Brute Force, the predefined field and the password length has to

be adjusted properly to recover a password in a reasonable
amount of time. For example, Apollo password could take 2
years to recover using Brute Force when the predefined field is
set on just letters and the length set to a max of 16 characters.
When the predefined field is set to uppercase and lowercase
letters and numbers the password was recovered within 10
seconds. Ophcrack recovered the password within 1 second.
Please review screenshots below for the results of the lab
conducted.
There are four types of character sets when creating a strong
password. The four types of character sets are password length,
using uppercase and lowercase letters, including numbers and
symbols, and creating a unique password. You should use all
four types of character sets to create a secure password. The
general rule for password lengths are no less than 8 characters.
Passwords should be reset every 90 days.
Penetration testing is very important to do to ensure the security
of a system. Penetration testing reveals system vulnerabilities,
help develop security strategies for a real attack, and expose
any poor security practices. Penetration testing can be a
learning experience for MedStar’s IT Security team to learn
different methods hackers use to penetrate a system. The team
could also learn how to conduct incident reports and a
remediation plan to apply a permanent fix.
Grader - Instructions Excel 2019
ProjectExp19_Excel_Ch09_CapAssessment_Tips
Project Description:
Your friend Kimo is a server at a restaurant. He downloaded
data for his customers’ food and beverage purchases for the
week. You will complete the workbook by applying consistent
formatting across the worksheets and finalizing the weekly
summary. The restaurant requires tip sharing, so you will
calculate how much he will share with the beverage worker and
the assistant.

Steps to Perform:
Step
Instructions
Points Possible
1
Start Excel. Download and open the file named
Exp19_Excel_Ch09_Cap_Assess ment_Tips.xlsx. Grader has
automatically added your last name to the beginning of the
filename.
The Excel workbook contains circular references. When you
open the file, an error message displays. This error will be
resolved as part of the project
0
2
The Tip Left column in the Friday worksheet contains a fill
color and number formatting. You want to fill these formats to
the other daily worksheets.
Group the Friday through Monday worksheets, staring with the
Friday worksheet. Fill the format only for the range E5:E24.
8
3
Now you want to insert column totals for the five worksheets
simultaneously.
With the worksheets still grouped, insert SUM functions in the
range B25:E25 and apply the Totals cell style. Ungroup the
worksheets.
5
4
The Week worksheet is designed to be a summary sheet. You
want to insert a hyperlink to the Total heading in the Monday
worksheet.
On the Week worksheet, in cell A5, insert a hyperlink to cell

A25 in the Monday worksheet with the ScreenTip text Monday’s
Totals. Test the hyperlink to ensure it works correctly.
2
5
In cell A6 on the Week worksheet, insert a hyperlink to cell
A25 in the Tuesday worksheet with the ScreenTip text
Tuesday’s Totals. Test the hyperlink to ensure it works
correctly.
2
6
In cell A7, insert a hyperlink to cell A25 in the Wednesday
worksheet with the ScreenTip text Wednesday’s Totals. Test the
hyperlink to ensure it works correctly.
2
7
In cell A8, insert a hyperlink to cell A25 in the Thursday
worksheet with the ScreenTip text Thursday’s Totals. Test the
2
8
In cell A9, insert a hyperlink to cell A25 in the Friday
worksheet with the ScreenTip text Friday’s Totals. Test the
2
9
Now, you are ready to insert references to cells in the individual
worksheets. First, you will insert a reference to Monday's Food
Total.
In cell B5 on the Week worksheet, insert a formula with a 3-D
reference to cell B25 in the Monday worksheet. Copy the
formula to the range C5:E5.
2
10
The next formula will display the totals for Tuesday.

In cell B6, insert a formula with a 3-D reference to cell B25 in
the Tuesday worksheet. Copy the formula to the range C6:E6.
2
11
the Wednesday worksheet. Copy the formula to the range
C7:E7.
2
12
the Thursday worksheet. Copy the formula to the range C8:E8.
2
13
the Friday worksheet. Copy the formula to the range C9:E9.
2
14
Now you want to use a function with a 3-D reference to
calculate the totals.
In cell B10 on the Week worksheet, insert the SUM function
with a 3-D reference to calculate the total Food purchases (cell
B25) for the five days. Copy the function to the range C10:E10.
5
15
The servers are required to share a portion of their tips with the
Beverage Worker and Assistants. The rates are stored in another
file.
Open the Exp_Excel_Ch09_Cap_Assessment_Rates.xlsx
workbook. Go back to the
Exp_Excel_Ch09_Cap_Assessment_Tips.xlsx workbook. In cell
F5 of the Week worksheet, insert a link to the Beverage Worker
Tip Rate (cell C4 in the Rates workbook) and multiply the rate
by the Monday Drinks (cell C5). Copy the formula to the range
F6:F9.

5
16
Next, you will calculate the tips for the assistant.
In cell G5 in the Tips workbook, insert a link to the Assistant
Tip Rate (cell C5 in the Rates workbook) and multiply the rate
by the Monday Subtotal (cell D5). Copy the formula to the
range G6:G9. Close the Rates workbook.
Note: The tip is a monetary value in the Week worksheet. It
should be formatted for Accounting Number Format.
5
17
You noticed a circular error when you first opened the Tips
workbook. Now you will find and correct it.
On the Week worksheet, check for errors and correct the
formula with the circular reference.
5
18
You want to create a validation rule to prevent the user from
accidentally entering a negative value. For now, you will create
a validation in the Friday worksheet.
Select the range E5:E24 in the Friday worksheet, create a
validation rule to allow a decimal value greater than or equal to
zero. Enter the input message title Tip and the input message
Enter the amount of tip. (including the period). Use the Stop
alert with the error alert title Invalid Number and the error alert
message The tip must be zero or more. (including the period).
Test the data validation by attempting to enter -20 in cell E5
and then cancel the change.
10
19
Now you will copy the validation settings to the other daily
worksheets.

Copy the range E5:E24 in the Friday worksheet. Group the
Monday through Thursday worksheets, select the range E5:E24,
and use Paste Special Validation to copy the validation settings.
10
20
You want to unlock data-entry cells so that the user can change
the tips in the daily worksheets.
Group the Monday through Friday worksheets. Select the ranges
E5:E24 and unlock these cells.
10
21
Create footer with your name on the left side, the sheet name
code in the center, and the file name code on the right side of
all worksheets.
5
22
Now that you unlocked data-entry cells, you are ready to protect
the worksheets to prevent users from changing data in other
cells. Individually, protect each sheet using the default
allowances without a password.
12
23
Mark the workbook as final.
Note: Mark as Final is not available in Excel for Mac. Instead,
use Always Open Read-Only on the Review tab.
0
24
Save and close Exp19_Excel_Ch09_Cap_Assessment_Tips.xlsx.
Exit Excel. Submit the file as directed.
0
Total Points
100

Created On: 05/04/2020 1
Exp19_Excel_Ch09_CapAssessment - Tips 1.1
MedStar
Group 3
March 3, 2021
MANAGING CYBER THREATS FOR MedStar system
1
Agenda
About MedStar
Our Story
Our Product and Services
Cyber Challenges
Mission
Technical Paper Summary
Lab Report Results Review
Vulnerabilities
Unauthorize Access
Ransomware
Denial of Services
Key project updates
2021 Plan
Recommendation

Executive Team
Kenneth A. Samet
Susan K. Nelson
Scott MacLean
Closing
Summary
Questions and Answers
Our Story
Highlights
MedStar Health is a not-for-profits health system dedicated to
caring for people in Maryland and the Washington DC
MedStar’s 30,000 associates, 6,000 affiliated physicians, 10
hospitals ambulatory, and urgent care center
MedStar Health research institute are recognized regionally and
nationally for excellence in medical care
MedStar trains more than 1,100 medical residents annually
Highlights
MedStar treated more than 6,000 patients, handled 2,400 ER
patients, and performed 782 surgeries.
MedStar judged top among 70 nominees in the category
recognizing “best use of storage technology to drive
performance gains

3
Our Products and Services
ephi
phi
Hipaa/hitech
Cyber Threats Challenges
The health system was forced to shut down its computers and
email during the March 28 attack
The healthy system lost access to more than 370 computer
programs
New employee didn’t know how to operate without computer
system
Cyber attacks represent the greatest threats to protecting
healthcare data
The attack forced the organization to power down critical
process and infrastructure
The attackers used ransomware
The attack slowed down operations with majority of services
taken offline

5
Mission Best Practices
Email Projection
Endpoint Protection
Asset Management
Network Management
Medical Device Security
Policies and Procedures
6
Technical Paper Summary
7

Organization Overview
Technology Used
Vulnerabilities and Mitigation
Conclusion
LAP REPORT REVIEW APOLLO
(ophcrack)
(BRUTE FORCE)Batman
(ophcrack)
(BRUTE FORCE))CHEKOV
(ophcrack)
(BRUTE FORCECSADMIN
(ophcrack)
(BRUTE FORCE)Ophcrack recovered the password the
quickest. Ophcrack recovered the password the quickest.
Ophcrack recovered the password the quickest. Ophcrack
recovered the password the quickest. Using Brute Force, the
predefined field and the password length has to be adjusted
properly to recover a password in the reasonable time.Using
Brute Force, the predefined field and the password length has to
be adjusted properly to recover a password in the reasonable
time.Using Brute Force, the predefined field and the passw ord
length has to be adjusted properly to recover a password in the
reasonable time.Using Brute Force, the predefined field and the
password length has to be adjusted properly to recover a
password in the reasonable time.Apollo password could take 2
years to recover Apollo password could take 2 years to recover

Apollo password could take 2 years to recover Apollo password
could take 2 years to recover
8
BRUTE FORCE
an attacker submitting many passwords or passphrases with the
hope of eventually guessing a combination correctly. The
attacker systematically checks all possible passwords and
passphrases until the correct one is found
Dictionary Attack
is a form of brute force attack technique for defeating a cipher
or authentication mechanism by trying to determine its
decryption key

Ophcrack
is a free open-source program that cracks Windows log-in
passwords by using LM hashes through rainbow tables. The
program includes the ability to import the hashes from a variety
of formats, including dumping directly from the SAM files of
Vulnerabilities
12
Unauthorize Access
Ransomware
Denial of Services

Key Project Updates
Implementing preventive measures by working to educate
employees and staff on how to mitigate and prevent further
attacks on the systems infrastructure.
Ethical decisions regarding protected patient information should
be made in timely manner
Maintaining communication with stakeholders, acting in a
timely manner, protecting confidentiality, ensuring professional
competence, and collaborating with appropriate agencies to
solve the issue.
Most cyber security breach are due to compromised passwords,
MedStar should taken a strong view that all external/internal
access requires two factor authentication to prevent comprising
our systems
Lesson Learned
13
Recommendation
What are our keys plans for the coming years of 2021?
MedStar need to implement both key technologies and process

to protect against Cyber Threats as well as defining
organizational process to manage risk
Network Segmentation diving the network into manageable
parts and monitoring communications between each of the part
provides early detection of potential cyber threats while
limiting organization risk
Most cyber security breach are due to compromised passwords,
MedStar should taken a strong view that all external/internal
access requires two factor authentication to prevent comprising
our systems
14
Our People Executive Team
Scott T. MacLean
CEO
Susan K. Nelson
CFO
Scott T. MacLean
CIO

15
Thank you
Questions?
.MsftOfcThm_Accent2_lumOff_2_Fill {
fill:#28C4CC;
}
.MsftOfcThm_Accent2_Fill {
fill:#2683C6;
}
fill:#2693C8;
}
fill:#27A3C9;
}

fill:#27B3CB;
}

MedStar Health's Battle Against Cybercrime

Recommended

Recommended

More Related Content

Similar to MedStar Health's Battle Against Cybercrime

Similar to MedStar Health's Battle Against Cybercrime (20)

More from MoseStaton39

More from MoseStaton39 (20)

Recently uploaded

Recently uploaded (20)

MedStar Health's Battle Against Cybercrime