- This topic has 5 replies, 6 voices, and was last updated 2 years, 7 months ago by Saranath.
-
AuthorPosts
-
-
2021-09-22 at 9:08 pm #31528Theekhathat HuapaiParticipant
Provide a brief description of the story.
– on June 21, protected health information of 12000 was leaked from the Heart of Dixie cardiology department in St. George, Utah. This department is a part of Revere health, the largest medical organization in Utah.What is/are the impact of this data breach? Consequences of the data breach.
– Data that was compromised are medical records numbers, patient names, birthdates, procedures, provider names, and appointment details. No payment information was included in the compromised data. But IT team cut off email access within 45 minutes.How did the data breach occur?
– Patient data was compromised when the organization fell victim to a phishing attack by clicking the link in the email. The attacker was using an employee’s credentials to remotely view medical data.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
– The cause of this cyber attack incident was carried by a phishing attack on an employee’s email. Although Revere health suggests that the attacker didn’t want to steal medical information. The attacker just wants to spread phishing emails and gather usernames and passwords. But leaked user credentials can be used for further attacks.How could you prevent this data breach attack?
– Employees must be updated about cybersecurity every year.
– Password must have complex characters such as alphabet in uppercase and lowercase, number, sign. Two-step verification should be implemented in the system. Physical verification such as fingerprint, chip, RFID should be a standard protocol in the administrator panel.
– On the technical side, Software should be regularly updated. Suspicious activity detection protocol is a crucial part of cyberattack prevention. Blocked access from an untrusted external network. Limited bulk traffic activity. -
2021-09-22 at 9:39 pm #31538Karina Dian LestariParticipant
A yearly reminder of the danger of cybersecurity attacks will be very beneficial for the employees and company. I may also add that the IT personnel should also implement a strong email security system to reduce suspicious emails from unknown and untrusted senders.
-
2021-09-22 at 10:21 pm #31561Napisa Freya SawamiphakParticipant
Agree with you on yearly remind and annual cybersecurity training to raise employee awareness. Also, creating the organization policy to report suspicious events or support a phishing report button (where the employees can click easily from their email and it will be automatically informed IT team) may be beneficial.
-
2021-09-23 at 1:15 pm #31598Navin PrasaiParticipant
The data breach was due to a Phishing attack in an employee’s email. To prevent such attacks we need to be aware of emails from an unknown sender, anti-virus software should be used and updated as needed. Also, Employees’ awareness and education for phishing techniques are recommended to prevent attacks.
-
2021-09-23 at 11:12 pm #31606TARO KITAParticipant
Thank you very much for sharing the case study. I agree with your idea of providing essential information to employees with regard to cyber security. In addition to preventive measures to phishing attacks, organizations may consider enabling an email filtering system that could block emails potentially containing malicious links.
-
2021-09-30 at 6:22 am #31735SaranathKeymaster
Agree with you all that beside educating people, the prevention measures should be implemented on the system such as filter emails.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here