Opportunity
Our clients virus protection was minimal. Workstations had various anti-virus vendors software installed with no standard and updates were left to the individual to keep current. The servers were unprotected. A virus was introduced to the network via Internet email. The attack spread quickly throughout the network affecting all systems.

Solution
Usually when dealing with viruses the key element is defense. In this case an offense was needed to identify, contain and nullify the offending viruses and then a defense strategy put in place. Internet access was shut down during the recovery period. All workstations had to be installed or updated with current anti-virus definitions and then scanned and cleaned manually. Several systems needed a clean install as damage to system files and registry entry corruption was beyond recovery although all perishable data was recovered. The file server running a client server application became non-functional on the second day following the initial attack. Medi-Techs technicians were able to build a loaner server and have it in place and functional with all applications and databases cleaned and intact on the following day. This strategy allowed the original server to be rebuilt and upgraded, then returned to service replacing the loaner system.

Follow up
Once normal operations were restored, a virus defense was put in place. This was an enterprise solution, which standardized the software and automated all updates. All workstations are remotely manageable from a central location enabling administrators to standardize settings and automated updates on workstations. Remote notification was implemented to alert IT staff when certain thresholds were breached.