Poison Ivy Medical Practice Planning
Poison Ivy - HealthCare Partners Medical Practice APT
Quick Reference
| Element | Details |
|---|---|
| Malmon | Poison Ivy (RAT/Stealth) ⭐⭐⭐⭐ |
| Tier | 3 (Expert) |
| Variant | Medical Practice - Patient Records |
| Stakes | Patient privacy + PHI protection + HIPAA compliance + Practice reputation |
| NPCs | Dr. Williams (Practice Owner), Martinez (Office Manager), Chen (IT Support), Park (HIPAA Officer) |
Hook: HIPAA audit scheduled when Poison Ivy RAT discovered exfiltrating patient health records and practice data.
Victory: Eradicate RAT, assess PHI theft, ensure HIPAA compliance, protect patients, maintain practice operations.
Key Mechanics: PHI exfiltration, HIPAA breach notification (72 hours), patient notification obligations, APT targeting healthcare
Type Effectiveness: RAT weak to forensics (+3), C2 disruption (+3), resists detection (-2)
Critical Challenge: Patient PHI stolen, HIPAA notification clock started, practice reputation at risk, regulatory penalties possible
Cross-References: