Communications of the Association for Information Systems


Given the global growth in ransomware attacks, employees need to understand the risks of ransomware and how to protect against it. This paper presents a teaching case based on an actual ransomware attack on a hospital that undergraduate or graduate course can use to teach students. The case introduces students to Wildcat Hospital, a fictitious 450-bed acute-care facility in a suburban location in the Northeastern United States. A ransomware attack hit Wildcat Hospital as the workday began. Malware infected the hospital's computers and demanded one bitcoin, a virtual currency that affords anonymity, as ransom to restore functionality of the information systems. The chief executive officer and the chief information officer led the organizational response to the attack. We include links to two videos, a demo of a Locky ransomware attack in action, and a National Broadcasting Company (NBC) TV network news report about a similar ransomware incident at another hospital (Hollywood Presbyterian Medical Center in California) to engage students.





When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.