HIM 650 Topic 4 DQ 2
Many organizations store confidential data and use it to provide services to citizens or businesses. Unfortunately, this type of data if often under attack by malicious hackers or insiders looking to steal information for their own personal gain. Cyber experts have been able to find weak spots in the software used to maintain databases and store records; they may also trick employee’s into giving up information through phishing scams. The following are just two examples of breaches that resulted in theft/loss/exposure of confidential data:
This report will detail two cases involving data theft/loss/exposure that impacted an organization’s operation. Data theft was caused by either a lack of security or a hacker who used the organization’s computer system to gain unauthorized access to confidential data. This data breach has caused significant damage and losses for the organization, as well as potential issues for the public if the health care data involved is leaked to unauthorized individuals. The report will include recommendations on how to prevent future incidents of this nature from happening in the future.
There have been many high-profile data/security breaches in recent years. This trend will likely continue in the future as the nation’s public and private databases proliferate, and cyberscape becomes increasingly complex. In order to prevent these incidents or at least mitigate the damage, we need to better understand what is going on at each step of the process. For example, recent reports indicate that some entities are not encrypting their data—publicly accessible medical records, computerized equipment such as MRI machines, and scheduling software used by doctors and hospitals. A second observation is that both individuals and organizations are not sufficiently protecting their passwords. The needs to protect access to sensitive information will only increase; thus information/data security is an area in which both government and private sector must allocate better resources.
Every day, we hear about new security breaches and theft of consumer data. From retail chains to government agencies to huge databases of health information, expensive infrastructure is installed to prevent unauthorized access, but it might not always be enough. In the first case study, a wireless networking company failed to apply upgrades on time when they shifted their site from an in-house run system to a cloud-based one. This resulted in the loss of account passwords, websites details and emails of the millions of customers. In the second case study, a doctor used a vulnerable laptop for storing confidential patient data at home and his home was burglarized last year. The equipment was not encrypted. Many other similar incidents could be listed but these make the point that there are very many ways in which sensitive data can get exposed or stolen and as such there needs to be better ways of controlling them rather than looking only at ways of stopping unauthorized access after it is done .
In 2002, the Maryland Health Insurance Plan (MHIP) reported a breach of 60,000 individuals’ confidential data. The incident occurred when a college student reportedly inserted an empty disc into a MHIP computer and was mistakenly given an actual MHIP disc that contained all of the personal data for over one-half of the state of Maryland state employees.
Have you ever heard of a hacker attack? A hacker attack is “successful” when an unauthorized person gains access to any electronic device or system, whether it’s for personal reasons, for money, or just for the challenge. If a hacker gain access to data on your health care systems, they can ….
Employees use company laptops to access personal and private information, such as complete credit card numbers. What can an organization do?
In late September, 2012, a group of hackers calling themselves “LulzSec” breached several systems controlled by HBGary Federal. The security breach included stealing thousands of emails and posting them on the Web. However, the extent of damage caused by the incident is still unknown and the details of what happened are not completely clear.
Health care organizations such as hospitals share patient information across platforms-from EHRs to mobile devices, to wireless networks. This sharing is important to ensure that patient information gets transmitted to the correct place at the correct time; however a significant overexposure of sensitive information can put patients at risk. Data breaches occurring in hospitals can negatively impact patients, their health care providers, and their communities by compromising sensitive information, including patients’ – names, addresses, eligibility for health and welfare benefits, clinical laboratory results, radiology reports, and unique identifying information regarding insurance claims or payment processing.
Find two examples of data/security breaches that resulted in theft/loss/exposure of confidential data, preferably datarelated to health care. Describe the incidents and explain what could have been done to prevent or mitigate them.