- This topic has 10 replies, 11 voices, and was last updated 3 years, 7 months ago by Kridsada Sirichaisit.
-
AuthorPosts
-
-
2020-09-23 at 8:49 am #22691Pongsakorn SadakornParticipant
1.Provide a brief description of the story.
Over 19K patient records of Orlando Orthopaedic Center were revealed publicly over 2 months due to the vendor misconfigured of the database.
2. What is/are the impact of this data breach? Consequences of the data breach.
Due to the data breach in Orlando Orthopaedic Center, the hospital was fined a $475,000 fine in January 2017. Importantly, the 19K patient records including patient names, dates of birth, insurance details, employers, and medical treatment were revealed to the public.
3. How did the data breach occur?
The vendor of Orlando Orthopaedic Center was misconfigured to the database and made an error during a software upgrade which led to the reveal of 19K patients records publicly.
4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The third-party vendor error is the main cause of this case.
5. How could you prevent this data breach attack?
To prevent the data breach attack, the organization should enhance privacy and security levels and build well-third-party risk management.
-
2020-09-26 at 11:47 pm #22797Khaing Zin Zin HtweParticipant
I agree with you on the need of the organization for risk management of the third-party vendor. It is also crucial to associate with trusted vendors only. Moreover, the organization needs to well understand the third-party’s security settings.
-
2020-09-28 at 2:40 am #22823Wachirawit SupasaParticipant
Thank you for your report. The consequence of exposing sensitive to data is unmeasurable and the hospital should enforce more on privacy policy.
-
2020-09-28 at 11:00 pm #22830SaranathKeymaster
This event reminds us to think hardly when we hire the third party to work on our database. We should be able to check whether their procedures were well conducted.
-
2020-09-29 at 11:33 pm #22868Phone Suu KhaingParticipant
Thanks for your report!
I totally agree that the organization should have risk management in contract with vendor and should also well understand about security system of vendor! -
2020-09-30 at 12:58 am #22875Ornpicha ThiampolParticipant
This shows the company should double-check the third party for the work process.
-
2020-09-30 at 4:52 am #22882Saravalee SuphakarnParticipant
Thank you for the brief explanation. I agree with you that third-party risk management is necessary. Furthermore, database security is the one thing that the organization should improve.
-
2020-09-30 at 10:52 pm #22900Navinee KruahongParticipant
We need to understand what we hire the third-party to do. Also, we need to be able to check and critique their procedures.
-
2020-10-02 at 2:04 am #22912Kaung Khant TinParticipant
Thank you so much for this informative report. I agree with your preventive measures. I think making a contract, which covers the data security measures including terms and conditions, with the third party vendor should be done before entering into such business.
-
2020-10-06 at 10:25 pm #23072NaphatParticipant
Thank you for shortly brief and explained. I agree with you in “should enhance privacy and security levels and build well-third-party risk management” because this is sensitive and must to be confidential for patients information
-
2020-10-20 at 11:26 pm #23440Kridsada SirichaisitParticipant
Thank you for your brief story. IT department must review all third party software that will use in hospital, in detail such as technology that use to create software, operating system, internet connection, port that use, tele viewer and everything that can cause leak of patient data.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here