- This topic has 10 replies, 11 voices, and was last updated 3 years, 7 months ago by Kridsada Sirichaisit.
-
AuthorPosts
-
-
2020-09-16 at 11:31 pm #22508Sila KlanklaeoParticipant
1. Provide a brief description of the story.
Orlando Orthopaedic’s transcriptionist vendor misconfigured access to a database during a software upgrade, which resulted in the exposure of 19,101 patient records for about two months.2. What is/are the impact of this data breach? Consequences of the data breach.
The fines and penalties as a result of a data breach.
Patient information was revealed.3. How did the data breach occur?
The vendor misconfigured access to a database during a software upgrade.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The third-party vendor error.5. How could you prevent this data breach attack?
Assess your vendors for risk before you enter a relationship.
Incorporate risk management into your contracts. -
2020-09-26 at 11:45 pm #22796NaphatParticipant
Thank you for shortly explain and I agree with you in risk management for third party before agreement.
-
2020-09-26 at 11:51 pm #22799Khaing Zin Zin HtweParticipant
It is totally agreeable to assess vendor’s risks before entering relationship with it. Understanding the vendor’s security framework well will provide benefits both parties on collaboration.
-
2020-09-28 at 2:37 am #22822Wachirawit SupasaParticipant
I agree with you. And I would like to add a prevention method: by testing the system before it goes online.
-
2020-09-28 at 11:05 pm #22831SaranathKeymaster
Agree with you all, we should carefully choose a trusted third-party vendor. Contract should include risk management section.
-
2020-09-29 at 11:25 pm #22866Phone Suu KhaingParticipant
Thanks for short and sweet explanation!
Assessment of vendor and contracting with risk management that you have mentioned are very important facts to consider! So, we must have terms and conditions related to security since the beginning of the business! -
2020-09-29 at 11:31 pm #22867Ornpicha ThiampolParticipant
I agree with the risk management part. It’s the big issue that we should focus on it.
-
2020-09-30 at 3:54 am #22877Saravalee SuphakarnParticipant
Thank you for the briefly explanation. I totally agree with you. I have some opinion on on the prevention. I’m not sure that in this case, can the company increase the database security. It may helps for stronger prevention the breach.
-
2020-09-30 at 11:08 pm #22903Navinee KruahongParticipant
We might need to require qualified information of the third-party before we hire them to take care our database.
-
2020-10-02 at 1:49 am #22909Kaung Khant TinParticipant
Thank you so much for this informative report. Hiring a third party vendor would be a technically demanding job. Anyway, we should take serious precautions as well as backup plans when hiring such vendors.
-
2020-10-20 at 11:12 pm #23437Kridsada SirichaisitParticipant
I agree with you. Many third party software in hospital not concern about privacy data. In risk management process, risk identification and risk intervention and prevention must use to manage this problem.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here