While C-suite players pivoted to deal with the breach, the people in Information Technologies had to deal with details.
The CIO strode back to his office. He invited Holly, Director of Security, in. Red-faced and terse he relayed the tale,
“We’ve been breached. It’s been confirmed and the C’suites are tensed up. There’s a demand for payment otherwise they’ll put the 100,000 records for sale on the dark web. We need to activate the breach plans right away and you’ll lead as planned.”
Holly looked shocked. This meant lots of work and possible visible failure.
“There’s nothing that big alerted in the log reports. Are they sure it’s real?”
“The records they sent thru included your employee data and patient data. The C’suites are accepting it as real. The GC is pissed. So it doesn’t matter if we’re sure or not.”
“Holly, I hired you to be responsible for the safety of our data. Can you document and report how closely those new data protection guideline recommendations are followed? They’re looking for a home for the blame. We need to be transparent and provide a full technical context.”
With those few words Holly felt personally threatened.
“No hospital stops every attack. They happen constantly. I can show you lots of times we avoided data loss. We spend a lot of people time and a fortune to prevent this, but nothing is perfect. I spend more than an hour every day just reviewing the summaries. There’s never enough people to keep up with everything.”
Holly took a deep breath.
“Let me tell the team.
We’ll activate the plan. I’ll pull the right people in on this. And, there’s things I need to do to protect myself.”
Holly was thinking about her personal safety, the CIO thought she was being political.
The CIO was sympathetic, but had a warning.
“Do what you need to do, but make sure everyone knows that this is very confidential and needs to stay that way. Keep the team small that knows and they can talk to me and you – that’s IT! Meet with me when they’re started.”
The repercussions of the breach got more severe as they moved down the organization.
Next up – Plans to preserve the enterprise’s reputation
Comments