- This topic has 5 replies, 6 voices, and was last updated 2 years, 11 months ago by Weerada Trongtranonth.
-
AuthorPosts
-
-
2021-09-25 at 4:22 am #31628Anawat ratchatornParticipant
1.Provide a brief description of the story.
– On August 4, approximately 3.30am Indiana-based Eskenazi Health was attacked by ransomware. The attack lead to diversion of ambulances that take about 5 days to be fixed, during the diversion all incoming ambulances being rerouted to other hospitals and hospital was forced to cancel all elective procedure. EHR and email were also shut down to ensure security, so during the attack healthcare providers had to write down on paper. Another important issue was Patient Identifiable Information (PII) and employees’ information might be breached and reveal online. After attack happened, according to information security protocols prepared for this kind of event, the system went back to normal on August 9 and the event was reported to FBI.2. What is/are the impact of this data breach? Consequences of the data breach.
– The serious impact of this data breach is Patient Identifiable Information and employees’ information leakage that might lead to many others unwanted events such as further fraud, scam, terrorist attack, hacking.
– Other than data breach, this event significantly affect healthcare services. Diversion of ambulance is a serious problem that can lead to death for many people needed emergency treatment. Furthermore, when EHR is shut down, healthcare provider cannot access to patient history and other system that can result in negative effect to patient.3. How did the data breach occur?
– The data breach and attack started around 3.30 am on August 4, then ambulance diversion began around 7.51am and then EHR and email were forced to shut down to ensure data security. It took about 5 days for the system to return to normal.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
– This event was caused by ransomeware. Although there was no specific cause mentioned in article, at the end of article, some suggest about cybersecurity was written and according to my further reading, causes that lead to ransomeware attack are spam/phishing, poor user practice, poor cybersecurity practice and training.5. How could you prevent this data breach attack?
– According to NIST suggestion, organizations should use antivirus software, patch all computers, restrict the use of personal devices on an organization’s network, and avoid clicking on links from unknown sources.
– in my opinion, other than what NIST suggested and technical aspect about cybersecurity, personal awareness about cybersecurity such as awareness to avoid spam, awareness about good password setting, is another important issue that can help preventing from ransomeware. -
2021-09-25 at 11:49 am #31634Ashaya.iParticipant
Thank you for your summarization, I agree with you, personal awareness is one of the importtant issue that the organization should concern to prevent ransomeware and also the another malware aside from anti-malware software installation. We must keep our operating system up to date along with keep the employee’s awareness up to date to know the cibercriminal’s trick.
-
2021-09-25 at 9:08 pm #31644chanapongParticipant
Thanks for sharing this case. I totally agree with you about using the NIST suggestion combined with personal awareness to prevent ransomware. Increasing personal awareness is the most important task to prevent malware despite how much strong your data security is.
-
2021-09-27 at 11:43 am #31679Hazem AbouelfetouhParticipant
Thank you for sharing. Besides raising user’s awareness, I agree with you that it is better to restrict the use of personal devices or any tool that can transfer unknown files to any device on the organization’s network as it is one of the main reasons for ransomware attacks.
-
2021-09-29 at 9:03 pm #31720SaranathKeymaster
Agree with you all. I think not everyone in most organization really know about ransomware. Increase awareness plus system protection measures would be really helpful to prevent the attack.
-
2021-10-07 at 1:51 am #31931Weerada TrongtranonthParticipant
Totally agree with you.
Personal awareness is very important that organization should concern and provide some basic knowledge to prevent malware or other ransomwares
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here