User Account

All Pages

Health care system executive left their work

Assignment Help Computer Network Security
Reference no: EM133440143

SCENARIO: A health care system executive left their work-issued laptop, which had access to over 40,000 medical records, in a locked car while running an errand. The car was broken into, and the laptop stolen. ATTACK: Physical theft of an unencrypted device. Encryption is the process of scrambling readable text so it can only be read by the person who has the decryption key. It creates an added layer of security for sensitive information. RESPONSE: The employee immediately reported the theft to the police and to the health care system's IT department who disabled the laptop's remote access and began monitoring activity. The laptop was equipped with security tools and password protection. Data stored on the hard drive was not encrypted - this included sensitive, personal patient data. The hospital had to follow state laws as they pertain to a data breach. The U.S. Department of Health and Human Services was also notified. Personally Identifiable Information (PII) and Protected Health Information (PHI) data require rigorous reporting processes and standards. After the theft and breach, the health care system began an extensive review of internal policies; they created a discipline procedure for employees who violate security standards. A thorough review of security measures with internal IT staff and ancillary IT vendors revealed vulnerabilities. IMPACT: The health care system spent over $200,000 in remediation, monitoring, and operational improvements. A data breach does impact a brand negatively and trust has to be rebuilt. LESSONS LEARNED:

1. Companies must establish and train employees on secure handling of work-issued devices.

2. Devices must be safely stored when not in the immediate presence of the employee.

3. Companies must take steps to encrypt data wherever it is stored or transmitted. Employees should have a clear understanding of the importance of encryption and how to use it.

4. Companies must understand and know their responsibilities under the data breach notification laws of the state(s) in which they operate.

5. A regular review of the company's security practices is imperative in modern organizations to prevent incidents, discover vulnerabilities, and to reduce impact of incidents.

DISCUSS

1. Knowing how the firm responded, what would you have done differently?

2. What are some steps you think the firm could have taken to prevent this incident?

3. Is your business susceptible to this kind of attack? How are you going to reduce your risk?

Reference no: EM133440143

Questions Cloud

What are the chalanges that immigrants faces : What are the chalanges that immigrants faces when they come to North America like canada or Usa?
Can an arb be used if one had acei induced angioedema : you mention calcium channel blockers may worsen CHF. Do all CCBs do this? Are some greater risk vs others? If one has ACEI induced cough and an ARB be used?
Natural disaster hits-denial of service attack : What would be an example of 3 decision trees which are created based on for an example a natural disaster hits, denial of service attack
Analyze the functionality and utility of the health care : Analyze the functionality and utility of the Health Care System's Personal Health Record, a resource provided to their patients
Health care system executive left their work : A health care system executive left their work-issued laptop, which had access to over 40,000 medical records, in a locked car while running an errand
What is the most appropriate size mini-bag to use for this : Is this dose safe for this patient? How much reconstituted solution should be drawn up and added to the mini-bag? What is the most appropriate size mini-bag
Outline the mitigating strategies associated : Outline the mitigating strategies associated which each of these three potential risk categories and explain how the strategies would transform these risks
Watch video-the danger of a single story : Youtube video The Danger of a Single Story" by Chimamanda Ngozi Adichie. Did you agree with this speaker? Why or why not?
What phase of the industry life-cycle is takealot in : What phase of the industry life-cycle is Takealot in? Critically discuss the strategies of Takealot should be deploying to in order to survive in the phase

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd