User Account

All Pages

Health care system executive left their work

Assignment Help Computer Network Security
Reference no: EM133440143

SCENARIO: A health care system executive left their work-issued laptop, which had access to over 40,000 medical records, in a locked car while running an errand. The car was broken into, and the laptop stolen. ATTACK: Physical theft of an unencrypted device. Encryption is the process of scrambling readable text so it can only be read by the person who has the decryption key. It creates an added layer of security for sensitive information. RESPONSE: The employee immediately reported the theft to the police and to the health care system's IT department who disabled the laptop's remote access and began monitoring activity. The laptop was equipped with security tools and password protection. Data stored on the hard drive was not encrypted - this included sensitive, personal patient data. The hospital had to follow state laws as they pertain to a data breach. The U.S. Department of Health and Human Services was also notified. Personally Identifiable Information (PII) and Protected Health Information (PHI) data require rigorous reporting processes and standards. After the theft and breach, the health care system began an extensive review of internal policies; they created a discipline procedure for employees who violate security standards. A thorough review of security measures with internal IT staff and ancillary IT vendors revealed vulnerabilities. IMPACT: The health care system spent over $200,000 in remediation, monitoring, and operational improvements. A data breach does impact a brand negatively and trust has to be rebuilt. LESSONS LEARNED:

1. Companies must establish and train employees on secure handling of work-issued devices.

2. Devices must be safely stored when not in the immediate presence of the employee.

3. Companies must take steps to encrypt data wherever it is stored or transmitted. Employees should have a clear understanding of the importance of encryption and how to use it.

4. Companies must understand and know their responsibilities under the data breach notification laws of the state(s) in which they operate.

5. A regular review of the company's security practices is imperative in modern organizations to prevent incidents, discover vulnerabilities, and to reduce impact of incidents.

DISCUSS

1. Knowing how the firm responded, what would you have done differently?

2. What are some steps you think the firm could have taken to prevent this incident?

3. Is your business susceptible to this kind of attack? How are you going to reduce your risk?

Reference no: EM133440143

Questions Cloud

What are the chalanges that immigrants faces : What are the chalanges that immigrants faces when they come to North America like canada or Usa?
Can an arb be used if one had acei induced angioedema : you mention calcium channel blockers may worsen CHF. Do all CCBs do this? Are some greater risk vs others? If one has ACEI induced cough and an ARB be used?
Natural disaster hits-denial of service attack : What would be an example of 3 decision trees which are created based on for an example a natural disaster hits, denial of service attack
Analyze the functionality and utility of the health care : Analyze the functionality and utility of the Health Care System's Personal Health Record, a resource provided to their patients
Health care system executive left their work : A health care system executive left their work-issued laptop, which had access to over 40,000 medical records, in a locked car while running an errand
What is the most appropriate size mini-bag to use for this : Is this dose safe for this patient? How much reconstituted solution should be drawn up and added to the mini-bag? What is the most appropriate size mini-bag
Outline the mitigating strategies associated : Outline the mitigating strategies associated which each of these three potential risk categories and explain how the strategies would transform these risks
Watch video-the danger of a single story : Youtube video The Danger of a Single Story" by Chimamanda Ngozi Adichie. Did you agree with this speaker? Why or why not?
What phase of the industry life-cycle is takealot in : What phase of the industry life-cycle is Takealot in? Critically discuss the strategies of Takealot should be deploying to in order to survive in the phase

Reviews

Write a Review

Computer Network Security Questions & Answers

  Identify two competing security products

Identify two competing security products such as antivirus software, firewall, anti-spyware, or any hardware

  How adequate destruction of materials ensuring privacy

How will your company ensure adequate destruction of the materials thus ensuring an individual's privacy? Will any state-wide, national, or industry standards be met? If so, which ones and how?

  Describe as the explosive growth in digital crime

Name at least three factors that have lead to what some authors describe as the "explosive growth" in digital crime and cyber victimization. Provide some examples of what an individual can do to reduce the chance of becoming a victim.

  How security can be configured and provide configuration

Describe how the security can be configured, and provide configuration examples (such as screen-shots and configuration files). Marks are based on demonstrating technical detail and understanding, and choice of examples.

  Create an overview of the hipaa security rule

Create an overview of the HIPAA Security Rule and Privacy Rule - analyze the major types of incidents and breaches that occur based on the cases reported.

  Discuss initial steps you would take for the investigation

Discuss the initial steps you would take for the investigation, depending on whether or not the attack is still in progress. Include how your actions would differ based on the current status of the incident.

  Web-based interface running on another server

Car Rental USA hired you as a consultant. They are building an in-house application system that will pull data from a database located on one server, and display it via a Web-based interface running on another server. What are security issues t..

  Relationship between infrastructure and security

Justify and support the relationship between infrastructure and security as it relates to this data-collection and analysis company. Present the rationale for the logical and physical topographical layout of the planned network

  Describe the packet-filtering router firewall system

Describe the Packet-filtering router firewall system, Screened host firewall system and Screened-Subnet firewall system.

  Calculate the value of the symmetric key

Explain your solutions for avoiding such attacks. Calculate the value of the symmetric key and the values of R1 and R2 in the Diffie-Helman Protocol for the set of given values.

  Estimating resources with the budget

Managing a project and I have an $850,000 budget. For the project, the resources include 4-developers and on project manager. A suppose that the average workweek per person is forty hours

  Create information security awareness and training program

Create an information security awareness and training program for a company and present a proposal for the program to company leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd