Helpfull Hackers: How the Dutch do Responsible Disclosure by Chris van 't Hof

Author:Chris van 't Hof
Language: eng
Format: mobi, pdf
ISBN: 9789082346237
Publisher: Tek Tok
Published: 2016-02-13T22:00:00+00:00

14. Verdier and the crisis team

Hospital hacker arrested

Sunday 7 October 2012. Monique Verdier is in Belgium enjoying a weekend break. She and a friend are having lunch when her mobile phone rings. She recognizes the number immediately. It is her colleague Maarten Baaij, director of Finance and IT at the Groene Hart hospital in Gouda. A serious security vulnerability has been discovered and Brenno de Winter intends to break the story later that day. Lunch goes unfinished as the pair head home. The friend drives while Verdier makes a series of frantic phone calls. As the chair of the hospital’s Executive Board, she must now assemble a crisis team.

By coincidence, the hospital held a disaster response exercise only two weeks earlier. The scenario was a major terrorist attack with scores of victims. Students were drafted in to play the part of reporters, bombarding the team with questions and new information. This was a drama in which contingency plans were useless because the situation changed from one moment to the next. The team quickly discovered that the world beyond the boardroom is very different and that developments can outpace their ability to make reasoned decisions. With that lesson learned, they were about to assemble in that very boardroom to tackle a real-life crisis.

Verdier and Baaij were joined at the table by Dirk Jan Verbeek (Chief Executive), Robin Alba (Commercial Director) Ammie Eleveld (Head of Marketing and Communication), Gelske Nederlof (Senior PR consultant), André Beerten (Chief Information Security Officer), the entire IT team and someone from Legal Affairs. A colleague who had once experienced a hack while working at a bank was also drafted in. It was agreed that Monique Verdier should lead the team while Verbeek would maintain contact with the media. The team members were keen to evaluate the problem and bring a clear message to the public as soon as possible. There was much discussion but little consensus.

Clearly, the most important requirement was to have all the facts. What was the problem? This was the first hurdle. ‘There wasn’t one clear issue but a combination of factors which it would be quite difficult to resolve,’ Verdier recalls. ‘We were aware of a potential problem and had appointed a Chief Information Security Officer some years earlier with precisely this sort of situation in mind. There was also a migration plan but it had a very long lead time and implementation was frequently postponed because of other projects, budgetary constraints or the need to ensure continuity.’ The directors realized that they had only ever spoken to the IT department when there was a problem. Not once had they enquired about the progress of the migration or the security of the current systems. It was now time to do so as a matter of some urgency.

The IT staff gave a run-down. Security consultants Fox-IT had been working at the hospital for several months, creating a sort of ‘digital ring fence’ and monitoring all incoming and outgoing internet traffic. They had identified suspicious activity that could have been a hacking attempt.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.