- This topic has 5 replies, 5 voices, and was last updated 2 years, 7 months ago by Saranath.
-
AuthorPosts
-
-
2021-09-22 at 8:08 pm #31524Ashaya.iParticipant
1. Provide a brief description of the story.
Amazon Web Services and unnamed hacker was sued by Florida-based SalusCare, the mental healthcare provider, the allege state that AWS is hosting healthcare data which was stolen from SalusCare on their platform. Saluscare was detected a slowdown of their network so they perform the further investigate and found that their data has been sent to AWS storage buckets. SalusCare concerns about the irreparable harm to their patient and also their employee, so the lawsuit seeks a temporary restraining order to stop the attacker to access the data.
2. What is/are the impact of this data breach? Consequences of the data breach.
The impact of the data breach is the patient’s data was stolen not only sensitive health data such as psychiatric issue, addiction counseling and treatment but also financial information, social security, and credit card number. If all those data have been disclosed, it may cause irreparable harm. The lawsuit asks to order Amazon to deliver the patient’s content of the bucket and the audit logs of transferred data in and out of the bucket. Also, Amazon must be immediately take action about the hacker’s account that accessible to the buckets.
3. How did the data breach occur?
It occurs by the hacker stole the health data of the patient from Florida-based SalusCare, a mental health and substance abuse care provider, and sent to AWS storage buckets.
4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
In my opinion, the cause of this data breach possible from both human error, phishing and database misconfiguration. First of all, the cause of hacker’s attack is from their employee clicked a link in a phishing e-mail. Secondly, in terms of database misconfiguration, SalusCare might have some flaw within their database despite they can early detect the error of their network. Their IT team may not configure or update their system correctly resulting in its attacked by hacker.
5. How could you prevent this data breach attack?
Since this data breach attack cause by human error, phishing, and database misconfiguration, we can prevent this situation by provide the knowledge to all employee about how to prevent cyber-attack to increase their awareness of data security. In case of preventing database misconfiguration, IT team must always monitor about their database properly and perform consistent misconfiguration audits to ensure the security of database.
-
2021-09-22 at 9:17 pm #31530Karina Dian LestariParticipant
Thank you for the brief summary. I agree that the employees need to be educated on data security and also cybersecurity attacks like phishing. In addition, SalusCare also needs to implement a security system for email. If someone sends an email with link, there should be a warning to remind the recipient before they clicking link or download attachment.
-
2021-09-23 at 1:00 am #31572Tossapol PrapassaroParticipant
Thank you for your sharing. I totally agree with you both that employees education is an important factor to protect the organization from cyber-attacks.
-
2021-09-26 at 10:28 pm #31672Anawat ratchatornParticipant
Thank you for sharing. This event is very interesting.
I totally agree that to educate all employee is essential to prevent this bad event.
Although company’s policy contain many regulation about data security and privacy, it should be tracked that employees will follow the policy. -
2021-09-29 at 9:23 pm #31725SaranathKeymaster
@Anawat- Good point. Most companies have policy and regulations about data security and privacy. However, the policy needs proper enforcement. Staff should be trained regularly about the policy, SOPs, and regulations.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here