- This topic has 3 replies, 4 voices, and was last updated 2 years, 10 months ago by Saranath.
-
AuthorPosts
-
-
2021-09-26 at 1:41 pm #31660Pisit SaiwangjitParticipant
Provide a brief description of the story.
Five Rivers Health Centers in Ohio had suffered from data breach, stemming from phishing attack. A total of 155,748 patients whose their personally identifiable and health information were breached. The impacted emails were exposed to a two-month long unauthorized access.What is/are the impact of this data breach? Consequences of the data breach.
The attack resulted in the access of the patient health information. The impacted data could include patient names, contact details, dates of birth, patient account number, and other sensitive data. However, there still were a few numbers of patients which their crucial information was exposed to the attacker. The compromised data included financial account numbers, payment cards, driver’s licenses, etc.How did the data breach occur?
The employee sent their information to the scammers since they believed it was from trustworthy sender/organization, which is resulting the phishing attacker access their email access without their authorization. The attacker exploited these to breach the data from their health center.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
In my point of view, the unawareness of the phishing attacks and one-factor authentication should be the main cause of this phishing attack. If the victims of the phishing developed some awareness of the attack, they would have some cautious about the emails which asked for their confidential information and thus less likely to send their information. Even if the attacker obtained their password/account, they still were not able to unauthorized access to the account if there was two-factor authentication.How could you prevent this data breach attack?
There are several ways to prevent the phishing attack which including
• Raise awareness of phishing attacks
• Know some characteristics of phishing attacks (e.g., poor grammar, lots of typo, etc.)
• Not open the email attachments unless you are expecting them
• Scan for viruses before opening attachments -
2021-09-26 at 10:46 pm #31674Ashaya.iParticipant
Thank you for sharing this case study. I agree with you that the phishing attack prevention must start from the user such as knowing the phishing’s trick or developing the awareness of phishing attack etc.
In addition, another way to prevent phishing attack, the organization must install the security software and keep software up to date as well as provide data security knowledge training program to employee. -
2021-09-27 at 11:22 am #31678Hazem AbouelfetouhParticipant
Thank you for sharing. I agree with you that we should raise awareness and train all users on how to detect phishing attacks. I want to add that in addition to implementing the Two-factor authentication (2FA), the system should have an audit trail of all login attempts and should have the ability/tool to analyze these attempts and used IP addresses to detect the breach early as possible.
-
2021-09-29 at 9:12 pm #31722SaranathKeymaster
Thanks for sharing!
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here