- This topic has 3 replies, 4 voices, and was last updated 2 years, 6 months ago by Pimthong Sinchai.
-
AuthorPosts
-
-
2021-09-17 at 10:30 pm #31363Auswin RojanasumapongParticipant
Provide a brief description of the story.
– Advocate Aurora Health, a health care system that has multiple hospitals and sites of care, reported the incidence of a health data breach, and the incident impacts over 68,000 patients. The attack was targeted at Elekta, Inc., a third-party company that the Advocate Aurora Health uses to coordinate the delivery of oncology radiation services and therapies of their patients. Many identifiable patients’ health data was affected. Elekta, Inc also investigating the incident that occurred.What is/are the impact of this data breach? Consequences of the data breach.
– Personal health data stored on the impacted system were accessible from unauthorized persons. Those data including patient’s first and/or last name; social security number; street address; date of birth; height; weight; driver’s license number; medical diagnosis; medical treatment details; appointment confirmations; and other information that Advocate Aurora may have about its patients.How did the data breach occur?
– The data breach occurred due to the first-generation cloud-based storage system has vulnerable to data security.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
– The main cause of the data breach is the third-party vendor error. The data from Advocate Aurora Health is stored in Elekta, Inc. (the third-party company that provides the oncology radiation systems and related services) cloud-bases system which is an outdated system and vulnerable to data security. Due to an outdated system, it is easier for hackers to access the data from the storage system.How could you prevent this data breach attack?
– As a health care system manager choosing a third-party vendor to manage the personal health information, I should look for the vendor that has a good reputation for managing data security, which is not only about the latest security tools or technology, but also includes the good practice about data handling and monitoring data security continuously.
– While it is not the best method to protect the third-party error, a contractual agreement that specifies data protection, standards of practice, and compensation agreement when the error occurs might be useful to guarantee that the vendor doing their best to protect the data.
– As a third-party vendor, I should update the latest version of the software and tools for data management and storage to ensure that the data is safe from hackers. -
2021-09-20 at 7:12 pm #31432Arwin Jerome Manalo OndaParticipant
Excellent summary.
To add, I would advise Advocate Aurora Health to perform independent audits on the vendor’s system to help in identifying potential security flaws. Audit reports would generate the necessary actionable points for improvement, and/or assess the capability of the vendor to address the further audit findings.
-
2021-09-22 at 6:15 am #31466SaranathKeymaster
Even though the data breach was due to third party error, we as the one who hire the vendor has to take responsibility for this incidence. It is important to check the company’s performance and record, also pay attention on the contract agreement with the vendor company.
-
2021-10-15 at 10:44 pm #32192Pimthong SinchaiParticipant
Clearly explanation and addition. I think to prevent third-party error, we should improve the security system and give some basic knowledge house the system to all staff.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here