When Hackers Turn to Blackmail - Article Example

When Hackers Turn to Blackmail Harvard Business Review; October 2009, pp. 39 – 48. In an organization, the role that security and safety assumes is of critical importance in safeguarding all the resources of the organization. Resources mean assets and human personnel, including all systems and processes contained therein. The scope of responsibilities in security and safety includes detection of any kind of intrusion and initiating appropriate actions to ward off and prevent harm or damage to the organization, and identifying, addressing, and raising safety and security problems and concerns.

The case written by Caroline Eisenmann revealed security breach in Sunnylake’s Hospital’s information technology system, particularly rendering the electronic medical records of patients inaccessible. The hackers demand $100,000 in ransom money to regain access to the system. Paul Layman, the CEO of Sunnylake, is in a quandary as to the options available to address the dilemma.Alternative Courses of Action Mr. Layman is faced with the following alternative courses of action: (1) pay the ransom fee of $100,00 to the hackers to immediately regain access to the system; (2) improve security system by changing access controls, installing power backups, increase defense in depth strategy, employ encryption of data during transmission, strengthen antivirus, power and data back-up systems, firewalls, employs a highly competent human resource, passwords, and other computer security software, as needed; (3) disclose critical information to stakeholders; and (4) go back to manual processing of health care records.

Analysis and Recommendation After reviewing and evaluating the case facts including the expert advice of three commentators, Mr. Layman would be is the best position to do the following action. The advice of Richard L. Nolan is the most viable and consistent with code of business ethics. First and foremost, Mr. Layman should decide once and for all that paying the hacker should not be considered at any cost. Conceding to their demands would make them vulnerable for future security breaches. Further, there is no guarantee that these hackers would stick to their words.

Concurrently, the stakeholders must be informed of the situation to make them aware of dilemma that hospital is currently addressing. At the same token, IT personnel must round the clock to upgrade and fully secure their information system to ensure that this would never happen in the future. The present system’s loopholes should all be corrected including installation of a dependable back up system and business continuity plan in case of emergency situations. The suggestion of Nolan that reverting to a manual system, as required, should immediately be enforced during the installation of a better security information system.

Conclusion In addressing the concerns emerging on increased security strategies involving information systems, the most critical factor to consider is the organization’s awareness to the threats, issues, developments, applications that encompass overall security. Knowledge of one application or devise to counteract security breach might not be enough to completely ensure protection of the organization’s information and communication system. In a health care environment, the issue is confounded by the risk in human lives that are at stake with a security system which is completely vulnerable to cyber attack.

Work Cited:Eisenmann, Caroline. When Hackers Turn to Blackmail. Harvard Business Review. October 2009. Web. 18 April 2010.