Poison Ivy Scenario: Medical Practice Patient Data

Riverside Medical Group: Multi-specialty practice, 85 providers, 15,000 patients

APT • PoisonIvy

STAKES

Patient privacy + HIPAA compliance + Medical practice operations + Healthcare data

HOOK

Riverside Medical is implementing new electronic health records when staff notice computers occasionally performing actions without user input - patient files opening automatically, medical records being accessed during closed hours, and billing systems showing unauthorized activity. Remote access tools have been providing unauthorized surveillance of patient medical information.

PRESSURE

HIPAA audit next week - patient data breach threatens practice survival and regulatory compliance

FRONT • 120 minutes • Advanced

Riverside Medical Group: Multi-specialty practice, 85 providers, 15,000 patients

APT • PoisonIvy

NPCs

• Practice Administrator Dr. Patricia Martinez: Managing EHR implementation while patient data systems show signs of remote surveillance
• HIPAA Compliance Officer Jennifer Wong: Investigating potential patient data exposure and regulatory notification requirements
• IT Manager Carlos Foster: Analyzing remote access patterns affecting medical record systems
• Patient Privacy Advocate Lisa Chen: Assessing patient notification requirements and healthcare data protection

SECRETS

• Medical staff clicked on fake healthcare compliance emails during EHR implementation
• Unauthorized parties have remote access to patient medical records and billing information
• Protected health information has been systematically accessed and potentially stolen