- This topic has 6 replies, 7 voices, and was last updated 2 years, 7 months ago by Saranath.
-
AuthorPosts
-
-
2021-09-22 at 10:36 pm #31562chanapongParticipant
1. Provide a brief description of the story.
There was a ransomware attack, named VOIDCRYPT/ SPADE, at Saraburi Hospital on 5 September 2020. This incident caused HIS to work improperly. This ransomware requested 200,000 BTC to return the function of HIS.2. What is/are the impact of this data breach? Consequences of the data breach.
The impact of this ransomware caused limit patient data access. So, the hospital services could not run smoothly as before. And the patients had to prepare their previous medical history to receive current hospital services. In addition, the waiting time was increasing greatly, due to switch HIS system to a manual system.3.How did the data breach occur?
It was a random attack on hospital officers’ email or main hospital email.4.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The main cause of this incident was ransomware from some of the officers using computers at the workplace, connected to the hospital system, and clicked on the link attached to the email that caused the data breach.5.How could you prevent this data breach attack?
Updating the data security of the hospital computer is one solution to prevent attacks. Having a timely backup plan and different backup methods is also an essential part. The last part is to provide knowledge to officers about data security and threats. -
2021-09-23 at 1:39 am #31574Tossapol PrapassaroParticipant
Thank you for sharing. I agree with you that providing knowledge to health officers is crucial. In addition, we probably have to promote computer security awareness by giving information about cyber-attacks and reassessing computer users yearly.
-
2021-09-23 at 10:32 pm #31604TARO KITAParticipant
Thank you very much for sharing the case study. I totally agree with your idea of providing the essential knowledge to those in charge. In addition to updating data security, it is also important to regularly update all software and OS, and enable email filtering systems to block emails containing unwanted or potentially malicious links.
-
2021-09-25 at 12:43 pm #31636Ashaya.iParticipant
Thank you for a brief description. I’ve heard this case before but I do not know the exactly cause of it. I agree with you all about providing the knowledge of data security to all employees is so significant. Data security training should be implemented seriously and continually to update employee’s knowledge as well as updating software security.
-
2021-09-26 at 2:09 pm #31663Pisit SaiwangjitParticipant
I love to hear your thoughts, thanks for sharing your ideas. I appreciate your analysis on this case study. In my point of view, I think to raising the awareness of phishing email should help in this scenario because the employees might be more cautious when the emails are attached with suspicious attachments.
-
2021-09-26 at 10:25 pm #31671Anawat ratchatornParticipant
Thank you for sharing. I really agree that to train or give best practice knowledge to officer is very essential to prevent ransomeware.
In my opinion, another thing should be done is about policy and regulation to make sure that officers follow the policy. -
2021-09-30 at 6:17 am #31734SaranathKeymaster
A regular backup is also important to avoid the impact of ransomware. If the hospital has a proper backup, it could retrieve the data and HIS system back in time.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here