Raspberry Robin Scenario: Healthcare Network USB Outbreak

Regional Health System: Multi-hospital network serving 400,000 patients, 3,500 healthcare workers
Worm • RaspberryRobin
STAKES
Patient care continuity + Medical device security + HIPAA compliance + Healthcare data protection
HOOK
Regional Health System is managing flu season patient surge when medical technicians notice USB drives used for medical device updates and patient data transfers are automatically creating suspicious folder-like files. The USB malware is spreading through routine healthcare workflows, affecting medical equipment, patient monitoring systems, and electronic health records through legitimate USB procedures used across hospital networks.
PRESSURE
Flu season patient surge - medical device failures threaten patient safety + HIPAA data breach threatens regulatory compliance
FRONT • 120 minutes • Advanced
Regional Health System: Multi-hospital network serving 400,000 patients, 3,500 healthcare workers
Worm • RaspberryRobin
NPCs
  • Chief Medical Officer Dr. Sarah Williams: Managing patient surge operations while USB malware spreads through medical device networks affecting patient care systems
  • IT Director Michael Chen: Discovering USB-based worm propagation through healthcare workflows is bypassing medical network security and affecting patient monitoring
  • Biomedical Engineer Lisa Rodriguez: Investigating how infected USB drives are compromising medical equipment and patient safety monitoring systems
  • HIPAA Compliance Officer David Park: Assessing potential patient data exposure as USB malware spreads through electronic health record systems
SECRETS
  • Healthcare workers routinely use USB drives to update medical devices, transfer patient data, and maintain equipment across hospital networks
  • USB malware is exploiting legitimate healthcare workflows to spread between patient care systems and medical device networks
  • Infected systems include medical equipment, patient monitoring, and electronic health record systems containing protected patient information

Scenario Details for IMs

Opening Presentation

“It’s Thursday morning at Regional Health System during peak flu season, with hospitals operating at surge capacity and medical staff using USB drives for routine medical device updates and patient data transfers. Medical technicians report that USB drives are automatically creating files that appear to be normal folders, but accessing them causes medical equipment anomalies. The USB malware is spreading through legitimate healthcare workflows, affecting patient monitoring systems and electronic health records.”

Initial Symptoms to Present:

  • “USB drives used for medical device updates creating suspicious LNK files disguised as medical folders”
  • “Patient monitoring systems showing anomalies after routine USB maintenance procedures”
  • “Electronic health record systems experiencing unauthorized file creation after USB data transfers”
  • “Medical equipment networks displaying signs of infection through USB-based maintenance workflows”

Common IM Facilitation Challenges:

If Patient Safety Is Overlooked:

“Your USB security response is thorough, but Dr. Williams reports that infected medical devices are affecting patient monitoring during flu surge. How do you balance malware removal with immediate patient safety requirements?”

If Healthcare Workflow Complexity Is Ignored:

“While analyzing USB propagation, Lisa explains that medical technicians must use USB drives to update life-critical equipment that can’t be networked for safety reasons. How does this change your containment approach?”

If HIPAA Implications Are Minimized:

“David discovered that infected USB drives have accessed electronic health record systems containing patient data. How do you assess potential HIPAA breach notification requirements while managing patient care continuity?”

Success Metrics for Session: