U.S. Cybercrime Investigation Bureau
Washington, D.C.
INVESTIGATIVE STATUS REPORT
CASE NUMBER
001-CCR-2024
CASE TITLE
Large-scale breach of Washington Hospital
DATE OF REPORT 04/07/2024
SUMMARY After I gather my team, we would head to the hospital where I would meet with the IT director. I start
off by interviewing the IT director of the who, what, when, where and how. Who notified them of the
attack so I can interview them. What was the threat actors looking for? What time did the attack
happen? Where did the attack appear to come from, such as the United States or another country. How
were they able to get into the system. Since million patient data were infected, we need to be on top of
stopping the attack, by blocking them. I need to preserve all evidence before rebooting the system. “Digital evidence capture is the art of
lawfully seizing evidence from a digital device in a manner that will be accepted by the court for its
relevancy, completeness, and accuracy (Edwards, 2019).” Collecting the IP address from the previous
attacks. It will be used to trace back to the threat actor. Interviewing staff that notice possible email, or
web pages that are out of the normal. Stakeholders are the hospital owners, the patients that were
affected by the attack. If you can find who the IP address belongs to this can be used as evidence to place
the threat actor in the position of the cyber-crime. Using a team to gather evidence such as the general searcher, they can find any evidence that later can be used to convict the threat actors. Working closely with the FBI was able to give a history of a group of threat actors that has been connected to previous attacks.
