pdf

CyberRX2Playbook LVLI.pdf
Cyberrx2playbook Lvli

Playbook for a Level 1 healthcare cyber exercise involving medical devices.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What distinguishes the 'CyberRX' exercise methodology from a standard tabletop?
    A: It focuses specifically on the healthcare sector's unique constraints, such as patient safety and medical device availability, rather than just IT systems.
  • Q: In the Level 1 scenario, how does the 'Medical Device' compromise impact clinical operations?
    A: It forces a fallback to manual procedures, potentially delaying patient care and increasing the risk of medical errors.
  • Q: What is the strategic value of including 'Executive Leadership' in this specific exercise?
    A: To validate decision-making authorities regarding system shutdowns that could impact patient health versus data security.
  • Q: How does the playbook suggest handling 'Public Relations' during a ransomware event?
    A: By having pre-approved templates for communication that address patient safety concerns first, before technical details.
  • Q: What specific 'Inject' is used to escalate the scenario intensity?
    A: Reports of patient data appearing on the dark web or direct threats to life-safety systems.
  • Q: What is the role of the 'Scribe' in the CyberRX methodology?
    A: To capture not just the decisions made, but the *gaps* in information that hindered decision-making during the exercise.
  • Q: How does the exercise address 'Third-Party Risk'?
    A: By introducing a scenario where the compromise originates from a vendor or connected partner, testing the organization's ability to coordinate response.
  • Q: What is the 'Hot Wash' objective immediately following the exercise?
    A: To capture immediate impressions and emotional responses to the pressure before they fade, identifying cultural or communication breakdowns.
  • Q: How does the playbook recommend measuring 'Resilience'?
    A: By the ability of clinical operations to continue functioning effectively while IT systems are unavailable.
  • Q: What specific regulatory concern is highlighted in the healthcare scenario?
    A: The tension between HIPAA privacy requirements (not disclosing patient data) and the need to share threat indicators with law enforcement.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.