You are the lead forensics investigator for XYZ, Inc. — an industry leading cyber forensic company. You have just been notified that a top 5 health care company (HCC Partners in Life) has hired your company to investigate a potential breach of their medical records system.
The HCC Security Operations Center (SOC) identified some “inconsistencies” in the intrusion detection system (IDS) logs that caused the reliability to be questioned. HCC uses Snort IDS’ running on Linux systems. In addition, the lead HCC database administrator received a strange e-mail from Human Resources (HR), which contained a benefits attachment. When she opened the attachment, the document was blank. She noticed that her system has been acting “strangely” after opening the attachment. She operates a Microsoft Windows XP workstation.
Your team has been tasked with analyzing the HCC network, database server, and any workstations you suspect to determine if there was a breach and any potential patient data leakage. The database server is a Microsoft Windows 2003 Server running Microsoft SQL Server 2008.
If there is any evidence of a breach, HHC has a history of taking these types of incidents to court for prosecution to the full extent of the law.