Very interesting read. This could be a great way to test your disaster recovery plan with or without the knowledge of your CEO... although I don't recommend the latter.
Author’s Note: How do you get the attention of the executives at your company if you feel the security systems are lacking? Fake a news article on a huge break in, and place it on the CEO’s desk. We were asked to create such a story, and wanted to share it with you as a case study as to just how someone could Steal 80,000 Identities in One Day.
April 1st started like any other for Acme Medical Services. Patients were calling in to cancel appointments due to scheduling conflicts, staff members were alerting their managers that they couldn't come into work because they were sick, and the IT department was busy with their normal morning routine. From the perspective of Acme, all appeared normal.
However, by April 3rd, Acme's situation would be anything but normal. Administrative staff would be busy informing patients their personal data was stolen, managers would be calling their health care professionals to tell them to stay home because the offices were closed until further notice, and the IT department would be busy trying to figure out just how they had lost control of the personal information of over 80,000 of their clients. Life at Acme would be anything but normal.
For full story:
http://www.informit.com/guides/content.asp?g=security&seqNum=243&rl=1Don
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
