- This topic has 5 replies, 6 voices, and was last updated 2 years, 7 months ago by Pisit Saiwangjit.
-
AuthorPosts
-
-
2021-09-20 at 8:29 am #31426Sri Budi FajariyanParticipant
1.Provide a brief description of the story.
Ransomware attack experienced by carePointe INT in Indiana, a provider of ear, nose, throat, sinus, and hearing healthcare services. The attack took place on June 25 and took personal data of patients which included 48,000 records. The individual data is electronic health records in the form of information included Social Security numbers, names, addresses, birthdates, and health insurance information.
2. What is/are the impact of this data breach? Consequences of the data breach.
CarePointe believes that attackers are more interested in money than the data they take. attackers will threaten to disseminate data and demand ransom. by taking personal data attackers can carry out phishing scams so carepointe gives a warning message to patients to freeze their credit cards and be aware of suspicious messages
3.How did the data breach occur?
the attacker gained access to the provider’s encrypted system containing electronic health records
4.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
Data breach is a dangerous risk that can threaten data. User data and information accessed by other parties who do not have the authority. Data breaches can be carried out by various methods, such as:
a.Phishing
fraud against users handing over their personal data. the attacker will act as an authorized person or organization. the information shared will be used by attackers for illegal actsb.Ransomware
an attack that encrypts user data with a unique secret code known only to the attacker. the attacker will usually ask the user for moneyc.HIPAA violation
violation of protected health information. failure to comply with an aspect of HIPAA standards and provisions.d.Database misconfiguration
misconfiguration normally happens when a system or database administrator or developer does not properly configure the security framework of an application, website, desktop, or server leading to dangerous open pathways for hackers.e.Human error
human error can cause data breach, for example by not storing passwords properly so that other people can access the account. Human error can be an element of unintentional in sending confidential data to people who are not supposed to receive or have access to that information.f.Third-party vendor error
vendors do not implement a good security system to protect data5.How could you prevent this data breach attack?
Some ways to avoid data breaches are to install application software that has a good reputation and a high level of security and keeps it up to date. Use a unique password and change it every three months. backup data regularly, if the attacker takes the data and intends to delete the data then we already have backup data
-
2021-09-20 at 6:52 pm #31430Arwin Jerome Manalo OndaParticipant
Thanks for summarizing the case. It’s good that the company advised its affected consumers of the security incident.
Other preventive measures include deployment of multiple layers of security aside from antiviruses, which include firewalls as well as the users themselves (through educational campaigns). Likewise, stored data encryption should also be employed such that in the event that the data are stolen, it would be nearly impossible for the hacker to makes sense of the gathered data since they are encrypted anyway.
-
2021-09-22 at 6:04 am #31464SaranathKeymaster
What is the main cause of this ransomware attack? Was it due to human error, system error, or third party vendor error?
-
2021-09-22 at 10:49 pm #31565Napisa Freya SawamiphakParticipant
I agree with installing application and backing up. Also, updating the latest version of the software all times and considering backup data at cloud storage may prevent and minimize the impact from ransomware attack.
-
2021-09-23 at 10:49 pm #31605TARO KITAParticipant
Thank you very much for sharing the case study. I agree with your idea of installing a reliable security system, and regularly back up data. It is also important to provide essential knowledge and training to those in charge, regularly update relevant software and OS.
-
2021-09-26 at 1:48 pm #31661Pisit SaiwangjitParticipant
Thanks for the sharing your thoughts, I love to hear it. I appreciate your ideas on the prevention of the data breach attack. In my opinion, if we could back up the electronic health record to the another secure database, it would help in this case.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here