Assignment - HIF Ch. 10
docx
keyboard_arrow_up
School
Saint Paul College *
*We aren’t endorsed by this school
Course
000489
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
3
Uploaded by ElderSalamanderPerson919
MEDS 1420-91:
Health Information Foundations
Name:
Alece Collins
Chapter 10:
Data Security (25 points)
Associate Degree Competencies:
II.2 Apply security strategies to health information
V.3 Identify the components of risk management related to health information management
Instructions for Assignment
:
After reading chapter 10, complete the following exercises
and once
complete, you will need to save/upload to the corresponding drop-box within D2L by the due date/time,
as indicated by your syllabus.
Internet Research
Search the Internet for 3 incidents about security breaches in healthcare and other industries in the
last three years.
a.
Make a summary of each case.
b.
Identify the principal threats in each of these cases.
c.
Propose what security strategies and risk management components related to health
information management should be applied in the future to mitigate the threats?
OneTouchPoint (OTP) - July 2022
●
OTP is a third party mailing and printing vendor that provides services to healthcare
organizations. OTP first noticed some of their files were locked and decrypted in July
2022. After investigation, they realized their systems had been accessed illegally
months prior. OTP has over 30 healthcare providers they provide services for and
shortly after the breach clients began to report data breach of its medical and patient
records.
●
The principal threat in this case was an external threat and software factors.
●
To avoid incidents like this, Health care organizations working with third party vendors
need to ensure that those businesses are HIPPA compliant when handling personal
health information. Also,businesses need to do an annual review of their security
policies to ensure safeguards are updated and equipped to defend against cyber
threats.
L’Assurance Maladie Data Breach - March 2022
●
L’Assurance Maladie is a French insurance body that had a data breach occur when 19
accounts were compromised that belonged to pharmacists. Hackers retrieved
passwords for those accounts from the dark web forum hosting credentials stolen from
previous data breaches.
●
The principal threat in this case was an external threat and software factors.
●
To avoid incidents like this they Implemented an Multi-Factor Authentication to block
cyber criminals trying to log in with stolen credentials. Also, Implemented a
data leak
detection solution
to discover and shut down sensitive data exposures posted on the
dark web.
Trinity Health - May 2020
●
In May 2020, Blackbaud, a third party vendor of Trinity Health that is responsible for storing a
backup of its donor database was in a ransomware attack attempt. With the help of forensic
experts and law enforcement they were able to block the ransomware attack attempt but not
before the hackers exfiltrated a subset of data that included information linked to Trinity Health.
●
The principal threat in this case was an external threat and software factors.
●
Trinity Health implemented a
third-party vendor attack surface monitoring solution
to discover
and address vulnerabilities that could potentially facilitate ransomware attacks.
●
Never comply with cybercriminal demands. Cooperation is never guaranteed and you’ll still
have to treat the event as a potential breach with the addition of negative publicity and
major
financial losses
.
●
Blackbaud’s successful interception of the ransomware attack attempt is a testament to its
highly
optimized incident response plan
and
awareness of the ransomware attack sequence
.
Works Cited
Kost, Edward.
“14 Biggest Healthcare Data Breaches [Updated 2023]: Upguard.”
RSS
, Edward
Kost, 3 Sept. 2023, www.upguard.com/blog/biggest-data-breaches-in-healthcare.
Real-World Case 10.2
You are the chief security officer of Anywhere Hospital. You just received a frantic email from one of
your help desk eHIM employees in the Information Technology department. There is a suspected
malware infection that is spreading across your computer network. You ask your staff member whether
there has been data loss or corruption. Your team member responds by saying that she does not know
yet; the security team has been called and will begin the investigation process, starting with the origin
of the malware. A quick and thorough response to this incident is of the utmost importance and is
crucial to avoid disrupting patient care systems.
A little while later, you discover that the malware was launched from within the network via email;
specifically, the malware was launched on the vice president’s workstation in his office when he
opened an email containing the malware. The hospital’s Network Intrusion Detection System did not
pick up abnormal traffic coming through the firewall.
Real-World Case Questions
1.
Identify and discuss the social engineering vulnerabilities that could have been exploited in
order to have successfully launched malware within the network system.
●
Phishing was used as the social engineering technique in this case. The vice president
opened an email containing malware and the hospital's network intrusion detection
system did not pick up abnormal traffic coming through the firewall.
2.
Propose 2 ideas to be included within the data security strategic plan update to potentially
safeguard this from happening in the future.
●
First idea I would propose would be employee awareness, this is very important for the
simple fact that most security breaches happen because of employees being unaware
of threats. It's important to make them mindful of security breaches so they can
recognize them, respond to them, and report the appropriate people.
●
Secondly, I would like to establish a risk management program which will help prevent
risk to patients and health care organizations by keeping a complex set of clinical and
administrative systems, processes, procedures, and reporting structures designed to
detect, monitor, assess, mitigate and prevent potential risks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help