Trend Micro The Game - Recorded Video on Decisions

00:08

45-year-old female P struck at high

00:10

speed responsive but unstable Vital

00:12

Signs BP 85 over 60 heart rate 120

00:16

respiratory rate 30 prepare for

00:17

decompression of pneumothorax right

00:20

away 1 2 3 stat abdominal andex CT scan

00:27

I I can't access our system for some

00:29

reason send in manual order now

00:33

pressure's falling she stopped breathing

00:36

what the hell is this my computer is

00:38

frozen

00:39

up where's it call them now can anyone

00:43

tell me what's going on with our

00:44

computer system right now Scarlet is

00:46

down we can't access any

00:50

files Mark all computers all tablets are

00:54

just not working you have to help us I

00:57

don't know what's going on here hi M I

00:59

need you here right now stand there

01:01

don't you see what is happening here we

01:03

have tons of

01:04

patients because any idea what this

01:07

means job and let us do ours people are

01:10

dying here and we can't even place a

01:11

simple order you are supposed to be

01:13

responsible for security stand there

01:15

don't

01:17

you go there do you

01:25

see do

01:28

something

01:30

[Music]

01:44

when every second is a matter of life

01:46

and death this is not just a problem

01:48

it's a catastrophe while the hospital

01:50

staff were dealing with victims of a

01:52

multi- vehicle accident the hospital was

01:53

hit by ransomware the chaos that

01:55

overcame the clinic has put patients

01:57

lives at

01:58

risk Mark is the hospital ciso he was

02:01

hired to prevent such attacks

02:03

unfortunately he made the wrong calls

02:04

and failed the only way to help him now

02:06

is to go back in time and have Mark make

02:08

the right decisions it's all on you are

02:11

you

02:13

[Music]

02:19

ready okay good

02:21

[Music]

02:28

luck

02:38

[Music]

02:43

hey Mark good to see you David meet Mark

02:45

Jefferson and new SE so this is David

02:47

our Ox manager welcome to Golden Oaks

02:49

how's the first day not bad at all it's

02:52

a pretty big Clinic you got here I

02:54

almost got lost in the corridors happens

02:57

to everyone anyway it came at the right

02:59

time we were just talking about possible

03:01

improvements to the network would' love

03:03

to hear your opinion gladly I'd like to

03:06

go through the architecture schematics

03:08

first as you see we have a fully

03:10

virtualized data center set up for a

03:12

failover with a hot standby and a few

03:14

Cloud solutions for our lab analytics

03:16

and Home Healthcare

03:18

products what kind of security are you

03:19

running standard model strong perimeter

03:22

DMZ content filtering that kind of stuff

03:24

of course we have AV on the endpoints

03:26

but we had to remove some of the

03:28

security from the virtual end and Cloud

03:30

environments because of the overhead I

03:32

do know that there's a black hole as far

03:34

as mobile devices go though and what do

03:37

you think Mark well I appreciate what

03:41

you do here David but frankly I see some

03:44

room for

03:45

improvement do you have anything

03:47

specific in mind actually I

03:49

[Music]

03:58

do

04:02

I appreciate your effort

04:04

David and although I'm suggesting

04:06

enhancing our security I think we should

04:08

use the infrastructure as the foundation

04:10

for it it's pretty solid in my opinion

04:13

thanks uh I'm open to your suggestions

04:17

I'm glad to hear that I have an idea

04:20

that will almost have immediate impact

04:22

on our security but there is a cash

04:26

we'll need to expedite spending of the

04:28

next quarter's budget now

04:30

now I'm ready to consider it if the

04:32

costs are reasonable okay here's what I

04:36

[Music]

04:46

think well we need something versatile

04:50

that covers our basic security needs but

04:52

at the same time has minimal impact on

04:55

performance we should invest in

04:57

something that gives us Central

04:58

management for all security and also

05:00

works across all our virtual and Cloud

05:03

servers do you have any specifics there

05:06

are a couple on the market right now

05:08

I'll find the best cost benefit ratio

05:10

and make a proposal sounds good let's

05:13

make it

05:26

[Music]

05:28

happen

05:31

hello hi Mark Logan sorry to bother you

05:34

so early it's okay I'm already up what's

05:36

going on I've just got word that we're

05:38

in breach of compliance and an

05:40

investigation's being kicked

05:42

off what kind of datb are we talking

05:44

about I'm forwarding it to you right now

05:47

looks like patients clinical data talks

05:49

about a registered complaint that former

05:51

patients have received unsolicited sales

05:54

approaches the complaint refers to a

05:56

third party that tried to sell Medical

05:57

Treatments for a very specific condition

05:59

I

06:00

condition and we didn't have many

06:02

patients that suffered from it in the

06:03

past 2 years we only had one around half

06:07

a year ago how do you want to handle

06:09

this we'll need to take on our own

06:10

inquiry of course to prepare

06:12

documentation investigators might

06:14

require and want you to meet with Ops

06:16

and find out how that data leaked and

06:19

make sure there are no more compliance

06:20

issues okay I'll be there in 15

06:26

[Music]

06:28

minutes

06:33

can you email me the record and the

06:35

latest test results on this new patient

06:37

um oh what's his name gosh uh he suffers

06:41

from intermittent cramping pain and

06:43

diarrhea Mr Garcia room 151 yeah exactly

06:46

that's the one just send it to my

06:48

personal email and I'll look at the

06:49

records when I get home oh Dr Allan are

06:52

you working from home again don't you

06:54

have any social life no I don't have

06:56

time for that unfortunately yeah thanks

06:58

uh excuse me oh I'm Mark Jefferson I'm

07:01

Mia Sam I know who you are you're the uh

07:04

cyber security guy oh yeah that's me uh

07:07

can I ask you something

07:09

[Music]

07:24

sure what was that all

07:27

about what

07:30

I overheard your conversation since it

07:33

was email related it's kind of in my

07:36

ballpark oh Dr Allen works a lot from

07:39

home I send him patients data whenever

07:41

he requests

07:43

it does he use his personal email

07:46

address for work related Communications

07:49

yeah we all do it sometimes it's just

07:51

easier for all of

07:53

[Music]

07:58

us

08:02

what kind of data are you sending him

08:04

well usually information about his

08:06

patience like test

08:09

results full patient records with names

08:12

and addresses and other patient

08:14

information sometimes the doctor needs

08:17

to keep track of his patients otherwise

08:19

he just get lost in a pile of documents

08:20

and

08:22

[Music]

08:28

emails

08:30

is that standard practice in this Clinic

08:33

what sending patients data to doctors

08:35

and their personal email addresses I

08:37

wouldn't say it's a standard but a lot

08:39

of the doctors ask us to do

08:41

it so Dr Allen isn't the only one who

08:45

uses his personal email address for work

08:47

stuff and keeps patients medical data in

08:50

his personal

08:51

device no it happens quite

08:58

often

09:06

I get the impression that throughout

09:07

your years here no one has actually

09:09

taken the time to train the staff on it

09:11

security issues have you ever had an IT

09:15

security training at all not as far as I

09:18

can remember there is this policy that

09:20

they make everybody sign when they're

09:22

hired do you by any chance remember the

09:24

details of this policy no it's a long

09:27

time ago

09:31

[Music]

09:37

thank you for the chat that was really

09:40

helpful see you around Mr Jefferson now

09:43

you take

09:50

[Music]

09:56

care oh hey Mark what's up

09:59

you want to C no thanks listen we have a

10:02

situation I just got word the

10:04

authorities have launched an

10:05

investigation into the hospital's

10:06

patient Health Data compliance that's

10:09

unexpected not really when you know how

10:12

security policies have been ignored in

10:14

the clinic anyway we have to do

10:16

something about it there is a possible

10:18

breach we have to take care of someone

10:20

make sure the whole infrastructure is

10:21

compliant can we do both that's the

10:25

problem how do you want to

10:28

proceed

10:33

[Music]

10:46

with the upcoming investigation we have

10:48

to make sure our network is more

10:49

compliant let's focus on that I agree

10:52

but what about the brege what's done is

10:55

done but we have to prioritize in my

10:58

opinion making our Network compliant is

11:00

more critical right now when that's done

11:03

we can look for the breach well all

11:06

right any

11:07

[Music]

11:23

ideas I don't think any Tech solution

11:26

will fix our problems totally it's

11:29

obvious that something is not working

11:30

with the implementation of security

11:31

policies and procedures in our hospital

11:34

I think we are all aware of how it

11:36

security Works David I don't mean you or

11:38

your guys I'm talking about regular

11:41

staff I'm talking about doctors nurses

11:45

janitors

11:46

even before I came here I overheard a

11:49

doctor Ask a Nurse to send him

11:51

confidential patient data to his private

11:53

email I talked to the nurse about it and

11:56

it seems this is standard practice here

11:59

I think there is a lot of work to be

12:00

done here so what do you want to do

12:02

about

12:04

[Music]

12:16

it well I'll need your help on this we

12:20

need to do training sessions for the

12:22

staff I'll run this by Logan we would

12:24

have to organize this quickly not

12:26

telling what might happen next I'll try

12:28

to set it up this week and make sure you

12:29

enable the anti-ransomware functionality

12:31

in deep security just in case can I

12:34

count on your help sure

12:43

thanks all Personnel please report to ER

12:46

we have incoming wounded from a highway

12:48

collision at least 10 injured ETA 5

12:55

[Music]

12:57

minutes hello hello what's going on we

13:01

may have a big problem uh we're getting

13:03

swamp by reports from all of our Network

13:04

that people are receiving fishing emails

13:07

it's uh seems that they are almost

13:08

identical but look credible and relevant

13:12

what's the status everything seems to be

13:14

okay we're monitoring external traffic

13:17

as well as lateral

13:19

movement I don't want to jinx it but it

13:23

looks like no one has fallen for the

13:25

bait they're just reporting the emails

13:27

to us the security training seems to be

13:30

working all right let's hope so I'll

13:33

keep you

13:41

posted year-old male head on collision

13:44

visible bleeding the fast now prep him

13:46

for surgery you hear me stay with us I'm

13:49

Dr Miller I'm going to help

13:53

you hey is everything all right a lot of

13:57

new patients but we've got everything on

13:58

under

14:06

control well done you prevented the

14:08

breach and the ransomware from crippling

14:10

the hospital's operations in the end the

14:12

doctors were able to save patient lives

14:14

now let's take a closer look at some of

14:16

the decisions that you

14:24

made we'll need to experise spending of

14:28

the next quarters budget

14:30

now we need something versatile that

14:34

covers our basic

14:38

security needs but at the same time has

14:41

minimal impact on performance having

14:43

realized that some basic security

14:45

measures were not in place in the data

14:47

center you inherited you decided to

14:48

scour the market for an integrated

14:50

solution that offered Central management

14:52

and visibility for all your different

14:54

server infrastructure a quick win to

14:56

resolve a pressing issue

15:02

have you ever had an IT security

15:04

training at all not as far as I can

15:07

remember and make sure you enable the

15:09

anti-ransomware functionality in deep

15:11

security just in case you did great by

15:14

digging a little deeper in your

15:15

conversation with members of staff and

15:17

uncovered their lack of security

15:18

awareness this prompted you to enable

15:20

the anti-ransomware functionality in

15:21

deep security and avoid the

15:27

attack

15:29

[Music]