Order_ID_381809836

docx

School

University of Kentucky *

*We aren’t endorsed by this school

Course

MISC

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

7

Uploaded by GeneralMule3089

Report
Surname 1 Student’s Name Instructor’s Name Course Code Date Cybercrime in Health Care Organizations Introduction Cybercrimes refer to crimes committed through the use of a computer in a bid to harm someone or their finances. Over the past couple of years, there has been a significant increase in cyberattacks on hospital systems, with healthcare organizations using limited resources to ensure that their systems are fully updated with the latest security measures to combat these attacks. This paper discusses how cybercrime has terrorized health organizations, what health organizations should do to prevent such attacks, and the legal considerations to consider when a cybercrime incident occurs. Part One Web-Link Recap            The web link provided talks about how cybercrime has held healthcare organizations hostage and the ways hackers commit such atrocities. The author, Randall Romes, explains how hackers insert viruses used for encrypting the hospital’s system through installing itself in the hospital’s network, giving the hacker access to hospital data records mainly linked with patients and rendering them inaccessible and unreadable to the hospital. Extortion is how hospitals are able to access their systems again, where they are required to pay ransom to the hacker in the form of bitcoins, an untraceable currency. 
Surname 2            Ransomware attacks are the most common attack on hospital systems, where harmful software encrypts and accesses vital data and system files. The only way to regain access is through ransom to obtain an encryption key used to unlock the accessed files. The author provides an example of a hospital in Los Angeles, namely Hollywood Presbyterian Hospital, whereby a hacker used this form of attack on their systems, leading them to be locked out for approximately ten days in February 2016 (Romes 1) . The attack on the system forced them to use paper records for the days they were locked out of the system, which led to a compromise in patient care.            The malware installed in the system was likely through phishing, where emails are sent to employees by hackers which contain malware that inserts itself in the network when a worker tries to access the link. To regain control of their systems, the hospital had to pay $17,000 in the form of bitcoin, an internet payment currency untraceable (Romes 1) . In addition, the hospital will have to spend substantial resources to evaluate its systems and implement processes to ensure such an action does not occur again to them.             The author calls upon healthcare organizations in a cyberattack or security breach to determine how the attack occurred and why the organization did not act swiftly in quarantining the malware, thus enabling the restoration of their systems’ functionality. The organization must ask relevant questions that will be useful in enforcing measures critical to ensuring that such breaches do not occur again (Romes 2) . If they do, steps should be in place to mitigate the attacks.            Furthermore, the author asks other organizations to learn from the unfortunate events at Hollywood Presbyterian to proactively assess risks and the mitigation of their systems to prevent such events from occurring to them. Likewise, in the event of a breach, legal considerations are
Surname 3 to be taken into account, such as notifying patients, determining the potential liability, coverage of cyber insurance, and reporting the violations to regulatory bodies which indulge in investigations that probably can lead to lawsuits for privacy breaches. The healthcare organization must review the insurance of its cybersecurity to assess the security breach coverage and coverage for any other related expenses (Romes 3) . The health care organization must indulge in legal counsel and considerations after a security breach.            Lastly, the author shares his views on how cybercrimes are prevented in organizations implying that such organizations should plan to manage cybersecurity risks. He outlines the use of the CLA Health Care Information Security team, which specializes in determining the weakness in a system and provides recommendations to combat the issue and improve the overall defense of the system. He goes on to provide contact information for legal counsel, a law firm that deals with risk assessment and response planning, all vital in ensuring that cybersecurity risks are maintained (Romes 4) . Healthcare organizations must follow this initiative as healthcare records are worth ten to twenty times more than credit card details and have a longer lifespan and demand due to the amount of information it possesses.  Part Two Author’s Discussion            Research done by Rome (2) outlines five questions that an organization must ask themselves after a security breach of their system, namely; Was backup data available and deployable? If the attack was delivered through email, did the employees have user awareness training on phishing and identifying malicious emails?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Surname 4 If this attack came from an employee visiting a website or clicking a link, did the organization have web content filtering in place? What controls should have been in place to prevent or mitigate the attack? Was a risk analysis done on the controls that existed before the attack? Significant Questions            Although all the above are relevant questions that an organization must use when accessing themselves in the event of a security breach, the most important question that an organization must consider is, “If the delivery of the attack was through email, did the employees have user awareness training on the topic of phishing and how to identify malicious emails.” The organization must assess itself with this question first because the attack seemed to be through phishing, where an employee clicked on an email sent to them, which led to the insertion of the malware on the network (Romes 2) . Once an organization assesses this question and determines the lack of awareness among the employees on phishing, they can begin by educating and providing training on malicious links or emails and the importance of computer security in the organization (Truss, 2). Healthcare organizations should ensure that their employees receive adequate training and awareness on phishing and report suspicious emails to the relevant authorities to prevent such attacks from happening again.            The second most significant question that an organization must pose to themselves in the event of a security breach is, “What controls should have been in place to either prevent the attack or mitigate the effect.” This question is significant because it helps organizations determine effective measures that can be put in place to ensure swift mitigation of such attacks (Romes 2) . Such controls include setting up web filtering content in the organization’s computer network that prevents the opening and access of suspicious links, strong validated firewalls and
Surname 5 security software to protect the healthcare network, backing up data regularly, and investing in cyber insurance. Once put in place, all these control measures can help strengthen the organization’s system, therefore, protecting itself from security breaches (Truss, 3). By asking this question, a healthcare organization can assess the risks and how to mitigate them, ensuring their system’s safety. It is better for an organization to fully prepare for a battle to combat itself in a cyberattack properly. Legal Considerations Organizations Must Look at After an Incident            If a security breach occurs, the healthcare organization must undertake legal actions to ensure the incident is effectively maintained. First, the organization should hire legal counsel, such as a law firm specializing in risk assessment and response planning, as well as a cyber security team to assess the system, restore its functionality and implement preventive measures (Romes 4) . The legal counsel helps the organizations to make a thorough decision in key areas such as ransom payments and determining the legal liability the organization will have to incur.            Furthermore, the organization should evaluate its cyber insurance policy and determine the level of coverage of the security incident and any other incurred expenses. Choosing the range of insurance will help the company to avoid the financial losses that the security breach could cause. In addition, it provides the organization with an overview of what to include in the cyber security insurance plan to ensure that every incident is covered, thus preventing financial losses.            The organization should ensure that the affected victims of the security breach, such as patients, are notified under the Health Insurance Portability and Accountability Act (HIPAA). Informing such individuals must be done within 60 days after the security breach to avoid legal implications due to the failure of the organization to notify the affected victims (Kottkamp 10) .
Surname 6 Furthermore, an evaluation of the organization’s system is done to establish the information accessed during the security breach and which was compromised, which will evaluate the application of federal or state laws.            Long-term legal considerations include informing media outlets if data of more than five hundred people is compromised so that the event can be critically investigated and publicized. The HIPAA security rule requires healthcare organizations to conduct an assessment of their systems to determine the vulnerability of Patient Health Information (PHI) following factors such as knowing the location of the system’s data, having plans that are implemented when situations go wrong, ensuring that procedures and policies in risk analysis are current and reasonably responding to risks (Kottkamp 12) . When the assessment is carried out successfully, the organization can have safety measures put in place to prevent such attacks while updating its documentation on risk analysis. Conclusion            Cyberattacks such as Ransomware will continue to be prevalent in healthcare organizations. However, it is the utmost responsibility of the organization to ensure that its system is up to date with the latest security measures and that its staff is well educated on computer security measures. Hospital systems should effectively store patients’ data since it is more valuable than even credit card details.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Surname 7 Works Cited Kottkamp, Nathan A. "Ransomware Issues in the Healthcare Industry." Practical Guidance Journal pg 1-23, 2022. Romes, Randall. Cybercrime Holds Health Care Organizations Hostage . 17 March 2016. pg 1-4, https://www.claconnect.com/en/resources/articles/cybercrime-holds-health-care- organizations-hostage Truss, Cedric L. Taking Steps to Prevent the Rise of Ransomware Attacks in Healthcare . HIMSS, 16 December 2021, pg 1-4, https://www.himss.org/resources/taking-steps-prevent-rise- ransomware-attacks-healthcare

Related Documents

OmotoyinboA W11 Project - Network Fingerprinting.docx
Case study report.docx
IMG_9095.jpg
Naser SAD Portfolio.docx
9780132122306, Chapter 12, Problem 5PP.png
IT 625 - Module 5 - Milestone 3 - Memo.docx
Written Assignment.docx
topic 3- dq- 2-6.docx
Analyzing Potential Sources Of Data.docx
Cyber Attacks.docx
Presentation7.pptx
DSPD Sample.docx