John Miller is the information security and privacy officer of a local county-owned teaching hospital. He is new to his position and began his work by evaluating the existing security and privacy controls that are in place in the institution. He is also new to information security, having only recently graduated with a BS in information security with professional experience as an active-directory administrator for two years. This work with active directory created his interest in pursuing a position in the field of security. Because he has most experience in the area of account management, user creation and management, groups, roles and group policy, these are the areas where he began his work. He found literally hundreds of idle accounts indicating that users are created but are not properly discontinued when medical students, nursing students, and other employees move on and no longer need access to the data collected and stored by the hospital. This discovery inspired him to begin digging into other aspects of the security controls, and he found evidence of malware on the servers that house the data collected and stored for use by the hospitals clinical systems. s next discovery was the most alarming. The objective of the malware that had deeply infested the hospital systems was to package and transmit all available data to a remote host located in North Korea. John is clearly in over his head at this point and needs to act quickly to resolve this situation and stop the flow of personally identifiable health information to an unauthorized third party. Use the study materials and any additional research needed to fill in knowledge gaps. Then discuss the following:
