Category: Cybersecurity

No instructions provided

No instructions provided

Respond to Chris discussion post. In 2024, Change Healthcare a subsidiary of United Health Group that handles payments, claims, and medical eligibility, was hit with a ransomware attack. This attack halted payments, medical prescriptions, and exposed millions of Americans sensitive medical information (Hale, 2024). Factors that contributed to this attack is their reliance on legacy systems and not keeping the security up to date, networks that were fragmented, and not having a standardized approach to security. This can cause gaps in security leaving it more vulnerable (U.S. Department of Health & Human Services, 2024). Change Healthcare ended up paying the ransom to restore its services, and with how valuable of medical data can be hackers could make more while hurting peoples lives selling it on the internet. This incident shows that healthcare is a critical infrastructure issue whose digital vulnerabilities can lead to national-level consequences. Strengthening cybersecurity in healthcare must be regarded as a fundamental part of national resilience. In 2025 a pro-Russian activist group attacked the U.S oil infrastructure and water systems. They did this by exploiting exposed access tools like virtual network computing (VNC) (Goodin, 2025). They were able to access these systems due to weak authentication process, poor asset visibility and the assumption that operational technology, which is used for water pumps, pipelines, traffic control systems, and many other parts of the CI, was not isolated from the public internet (Cybersecurity & Infrastructure Security Agency et al., 2025). These cases show how interconnected systems, older technologies and poor cybersecurity practices create a vulnerability in are CI for groups to exploit. The repercussions for these practices or lack thereof can create havoc on the security of this country. This reinforces the need to be proactive in risk management, collaboration between public and private sectors. This should be a wake up call to have a standardized cybersecurity system across all CI. Hope Bureau of Investigation, & Department of Energy. (2025). Mitigating cyber threats to water and wastewater systems. Goodin, D. (2025, January 23). ProRussia hackers breached multiple U.S. water systems using exposed VNC. Ars Technica. U.S. Department of Health & Human Services. (2024). HC3 analyst note: BlackCat/ALPHV ransomware and the healthcare sector. UnitedHealth Group. (2024). UnitedHealth Group provides update on Change Healthcare

Case Organization: Chesapeake HealthConnect (CHC)

(Fictional Organization)

1. Organization Overview

Organization Name: Chesapeake HealthConnect (CHC)

Industry: Healthcare Services & Digital Health

Headquarters: Maryland, USA

Employees: ~650

Annual Revenue: ~$180 Million

Service Area: Mid-Atlantic Region

Chesapeake HealthConnect (CHC) is a mid-sized healthcare provider operating six outpatient clinics, two specialty care centers, and a growing telehealth platform.

2. Mission and Business Objectives

Mission: To provide accessible, high-quality, technology-enabled healthcare services while protecting patient privacy and maintaining regulatory compliance.

Strategic Objectives:

Expand telehealth services by 30% within two years

Improve patient experience

Maintain HIPAA compliance

Reduce operational costs

Strengthen cybersecurity governance

3. Core Systems and Technology Environment

Major Systems:

Electronic Health Record (Cloud)

Patient Portal (Cloud)

Billing System (On-Prem)

Telehealth Platform (SaaS)

HR System (Cloud)

Network Infrastructure (On-Prem)

Characteristics:

Microsoft 365

VPN

Partial MFA

Legacy Servers

Limited Logging

4. Data Classification and Information Assets

Primary Data Types:

PHI (High)

PII (High)

Financial Data (High)

HR Records (Moderate)

Research Data (Moderate)

5. Regulatory and Compliance Environment

Applicable Regulations:

HIPAA Privacy Rule

HIPAA Security Rule

HITECH Act

Maryland Health Information Exchange Regulations

FTC Safeguards Rule (for financial data)

6. Organizational Structure and Governance

CHCs leadership structure includes a Chief Executive Officer (CEO), Chief Medical Officer (CMO), Chief Information Officer (CIO), Director of Compliance, and an IT Manager. The organization does not employ a full-time Chief Information Security Officer, and cybersecurity responsibilities are divided between the CIO and IT Manager. This distributed model has resulted in limited centralized governance, informal risk reporting processes, and reduced visibility of cybersecurity risks at the executive and board levels. Competing clinical priorities and budget constraints further limit strategic security planning.

7. Business Operations and Dependencies

The organizations core business operations include patient care delivery, appointment scheduling, prescription management, insurance billing, and telehealth services. These operations are highly dependent on the availability and reliability of digital systems. CHC relies heavily on third-party cloud service providers, Internet service providers, payment processors, medical device vendors, and a managed IT service provider. Disruption to any of these dependencies could significantly affect patient safety, service delivery, and organizational revenue.

8. Threat Landscape

CHC faces a dynamic and evolving cyber threat landscape that reflects trends across the healthcare sector. Primary threats include phishing and social engineering attacks, ransomware campaigns, insider threats, credential theft, and third-party supply chain breaches. The increased use of telehealth platforms and remote access technologies has expanded the organizations attack surface. Recent ransomware incidents affecting regional healthcare providers have heightened executive concern regarding cybersecurity preparedness.

9. Current Security Posture

The organization has implemented several baseline security controls, including antivirus and endpoint protection, perimeter firewalls, partial multi-factor authentication, annual HIPAA training, and weekly system backups. However, security maturity remains limited. CHC lacks a formal Zero Trust architecture, maintains an incomplete asset inventory, conducts vulnerability assessments infrequently, and has not fully developed its incident response and recovery plans. Penetration testing is performed only on an ad hoc basis.

10. Business Impact Considerations

A significant cybersecurity incident could have severe consequences for CHCs operations and reputation. Potential impacts include disruptions to patient care, compromise of protected health information, regulatory investigations, financial penalties, civil litigation, and loss of public trust. Prolonged system outages could affect revenue collection and clinical services. Industry benchmarking suggests that a major breach could result in direct and indirect costs ranging from four to seven million dollars. Estimated Impact: $47 million

——————————————————————————————-

Lab Assignment #1: Organizational Risk Foundations & CIA Analysis

Title: Enterprise Risk Baseline & CIA Impact Assessment

Course Alignment: Weeks 13 (Risk Management + Managing Risk + Compliance)

Purpose

This lab builds students ability to:

• Summary of the organizations risk environment. Students should be able to provide a synopsis of cyber hygiene based on the information provided.
• Apply the CIA Triad
• Identify threats and vulnerabilities
• Connect risk to business impact

Scenario

Students act as a Risk Analyst for a mid-sized organization

They must assess the organizations baseline cyber risk posture.

Student Tasks

Part 1: Organizational Profile

Students describe:

• Organization type
• Core systems
• Sensitive data handled
• Regulatory exposure
• Business priorities

Part 2: CIA Risk Analysis

For three critical systems, students evaluate:

System

Confidentiality Risk

Integrity Risk

Availability Risk

Impact

They must explain:

• How each CIA element could be compromised
• Operational consequences
• Legal/compliance risks

Part 3: ThreatVulnerability Mapping

Students identify:

• 5 major threats
• Related vulnerabilities
• Likely exploitation paths

Example:

Phishing > Weak training > Credential theft > Data breach

Part 4: Executive Summary

Students translate findings into business language:

• Top 3 risks
• Business impact
• High-level mitigation priorities

Deliverables

One document containing:

1. Organizational profile
2. CIA analysis
3. Threat mapping
4. Executive summary with action plan.

Length: 46 pages (APA format)

Grading Criteria

Area

Points

Risk Identification

4

CIA Analysis

4

Business Translation

3

Organization & Writing

2

Sources & Citations

2

Total: 15 points

Please use research template doc format for final submission

Requirements: Prepare a report on your approved topic from Week 2 with a minimum of 2000 words, no less, but more is acceptable. References (10 minimum). You may use resources from the APUS Online Library, any library, government library, or any peer-reviewed reference (Wikipedia and any other publicly-reviewed source are not accepted). The paper must have a title page, reference list and be in APA format. The information within your title page and reference list will not count towards the minimum word count. The paper will be subjected to checking against plagiarism. The paper must follow acceptable originality criteria (no more than 15% max total, and 2% per individual source match are allowed). Correct spelling and grammar. APA formatting: Title page, in paragraph citations, and the Reference list. At a minimum include the following: Detailed description of the area researched Technology involved Future trends Global implications Note: for the new system, you don’t need to submit your paper to TurnItIn.com by yourself anymore. The system will automatically submit it for you. Thanks!

Security Information and Event Management (SIEM) systems are critical components of an organizations cybersecurity strategy. SIEMs help detect, prevent, and respond to security threats by collecting and analyzing real-time data from various sources. As organizations face increasingly sophisticated cyber threats, the role of SIEM systems has expanded from merely logging and alerting to being key in orchestrating incident response and threat intelligence. Discussion Prompts Effectiveness of SIEM in Threat Detection: Based on the readings and your understanding of SIEM systems, how effective are SIEMs at detecting and responding to cybersecurity threats in real time? Discuss the advantages and limitations of using SIEM tools for threat detection, and provide examples of how SIEM systems have been successfully implemented in various organizations. Challenges of SIEM Deployment: SIEM systems can be complex to deploy and manage, especially in organizations with large-scale IT infrastructures. What are some common challenges organizations face when implementing and managing SIEM solutions (e.g., data overload, integration with existing tools, false positives)? SIEM in Compliance and Regulatory Requirements: SIEM systems play an important role in helping organizations meet compliance and regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS). How does SIEM assist in ensuring compliance, and what are the key features that make SIEM systems valuable in maintaining regulatory standards? Future of SIEM: Integrated Threat Intelligence and Automation: As cyber threats evolve, SIEM systems are incorporating more advanced features such as automated responses and integration with threat intelligence platforms. How do you see the future of SIEM evolving in the next 510 years? Discuss the potential for automation, threat hunting, and the use of AI in modern SIEM solutions. Instructions You will be assigned to a small group. Each member of the group will choose one of the prompts to respond to. No group member should repeat a prompt that has already been addressed. Respond to at least two of your peers’ posts by offering alternative perspectives, additional insights, or asking clarifying questions. Your initial post should be 250350 words long and reflect critical thinking. Use the course readings, real-world examples, or external research to support your responses, including peer-reviewed journal articles or industry reports. Initial Post When constructing your initial post, remember to critically analyze the topic and add substantial thought to the subject area. Utilizing the resources provided in your course materials will enhance your understanding and response to the question.

Need assistance rewriting this following paper and needs to be able to pass copyleaks + Grammarly AI detection.

Digital forensics has become an increasingly dynamic field as investigators confront rapidly evolving technologies, sophisticated cyber threats, and expanding legal requirements. As organizations rely more heavily on digital systems, forensic analysts must adapt their methods to ensure that evidence is collected, preserved, and interpreted accurately. Modern investigations now extend far beyond traditional disk analysis, requiring a deeper understanding of volatile memory, cloud environments, and advanced malware techniques. These developments reflect broader trends in the discipline and highlight the importance of staying current with both technical capabilities and legal expectations.

One of the most prominent trends in digital forensics is the growing emphasis on memory analysis. Many contemporary attacks operate primarily in RAM, leaving few or no artifacts on persistent storage. This shift has made volatile data acquisition essential for identifying hidden processes, injected code, active network connections, and fileless malware. Tools such as DumpIt, Volatility, and E3used throughout the memory forensics labillustrate how investigators now rely on RAM snapshots to uncover malicious activity that traditional diskbased methods might miss. Easttom (2022) notes that attackers increasingly use techniques designed to avoid leaving traces on disk, making memory forensics a critical component of modern investigations. Another significant trend is the rise of cloud forensics. As organizations migrate data and services to cloud platforms, investigators must understand distributed storage, virtualized systems, and providerspecific logging. This shift introduces new challenges, including jurisdictional issues and the need to coordinate with cloud service providers. Additionally, automation and triage tools are becoming more common, helping analysts quickly identify anomalies such as suspicious executables or unusual network behavior. Machine learning and behavioral analytics are also emerging as valuable tools for detecting patterns that traditional signaturebased approaches may overlook.

Alongside these technical developments, digital forensics is shaped by evolving legal standards that govern how evidence is collected and handled. Courts continue to rely on the Daubert standard to determine whether forensic tools and methods are admissible, requiring that techniques be scientifically valid, testable, and widely accepted. Maintaining a clear chain of custody remains essential to demonstrate that evidence has not been altered or compromised. At the same time, new laws and court decisions increasingly address issues related to privacy, encryption, and data access. Investigators often need specific warrants to seize digital devices or cloudstored information, and many jurisdictions require minimization procedures to avoid collecting unrelated personal data. Encryption has also introduced legal complexities, as courts continue to debate when investigators may compel individuals to unlock devices or provide access credentials. Cybercrime legislation has expanded to define offenses such as unauthorized access, data exfiltration, and the deployment of keyloggers or remoteaccess toolssimilar to the malicious software identified during the memory forensics lab.

Together, these trends illustrate a field that is becoming more technically complex and legally regulated. Investigators must remain informed about emerging tools, new attack techniques, and the legal frameworks that shape evidence collection. By understanding both the technological and legal dimensions of digital forensics, practitioners can ensure that their findings are accurate, defensible, and aligned with current best practices.

Reference

Easttom, C. (2022). Digital forensics, investigation, and response (4th ed.). Jones & Bartlett Learning.

The situation is attached. A report needs to be written about it. Instructions attached.

The situation is attached. A report needs to be written about it. Instructions attached.