Question

The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place.

Which of the following steps should be done FIRST?

A. Review audit logs to determine the extent of the breach
B. Pay the hacker under the condition that all information is destroyed
C. Engage a counter-hacking team to retrieve the data
D. Notify the appropriate legal authorities and legal counsel

Answer 1

The correct answer is option D.The first step that the CFO should take is to notify the appropriate legal authorities and legal counsel.

Step-by-step explanation:

When a breach occurs, the first step that the Chief Financial Officer (CFO) of a major hospital system should take is Option D: Notify the appropriate legal authorities and legal counsel. This is crucial because it ensures that the necessary legal actions can be taken and that the situation can be properly managed.

Reviewing audit logs (Option A) can be done simultaneously with notifying legal authorities, but it should not be the first step as it may delay the response time in addressing the breach and protecting patient information.

Engaging a counter-hacking team (Option C) can be considered once legal authorities have been informed and are involved in the investigation. Paying the hacker (Option B) is not recommended as it encourages criminal activity and does not guarantee that the information will actually be destroyed.