- This topic has 2 replies, 3 voices, and was last updated 3 years, 10 months ago by
.
-
Posts
-
-
Please read your friend’s report and provide comments on “Are there any other preventive measures to avoid the attack?”.
Case study 1: 65,000 patient records breached by New York provider’s misconfigured database (https://www.healthcareitnews.com/news/63500-patient-records-breached-new-york-providers-misconfigured-database)
Report:
For every day, another hospital is in the news as the victim of a data breach. The health
industry experiences more data breaches than any other sector. According to the New York-based
Middletown Medical is notifying 63,551 of its patients that their data may have been breached
due to a misconfigured radiology interface.Breaches are widely observed in the healthcare sector and can be caused by many
different types of incidents, for examples, malicious or criminal attacks, human error, and system
fault. In this case, it occurred from a limited number of patient data that could have been accessed
by unauthorized users. For consequences of data breach, a patient’s information, for example,
names, birthdates, client identification number or other patient’s data that is stored in the
database can be used by cybercriminals for medical fraud.To prevent data breach attack issue, it should have security policies, ransomware
prevention tools, warning notification, procedure or also implemented additional security
measure or notify the quantity of patient’s records to ensure that the patient data remain
confidence. Moreover, to education and training for employees can assist them in preventing
simple mishaps from occurring.1.Provide a brief description of the story.
The story is about data breach that occur form a misconfigured radiology interface. This
major problem across all sectors, especially in the healthcare sector.2. What is/are the impact of this data breach? Consequences of the data breach.
The impact of this data breach is a patient data could have been accessed by
unauthorized user, if the database was indeed accessed. For consequences of data breach, a
patient’s information, for example, names, birthdates, client identification number or other
patient’s data that is stored in the database can be used by cybercriminals for medical fraud.3. How did the data breach occur?
The data breach occurred from a misconfigured radiology interface.
4. What should be the main cause of the data breach? Provide a brief explanation of the cause
of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration,
human error, third-party vendor error)?For main cause or the data breach such as malicious or criminal attacks, human error, and
system fault. There are many causes of data breach. Human error is often regarded as the
main cause of cyber security incidents, for example, data was sent to the wrong recipient,
input wrong data to into the healthcare system.
For brief explanation of phishing, it is a method of exploitation for malicious reasons
using targeted communications (email/messaging), for example, usually an email telling the
recipient to click on a link – that allow hackers to access the recipient’s computer network or
introduce malware.5. How could you prevent this data breach attack?
To prevent this data breach attack, it should have security policies, ransomware
prevention tools, warning notification, procedure or also implemented additional security
measure or notify the quantity of patient’s records to ensure that the patient data remain
confidence. Moreover, to education and training for employees can assist them in
preventing simple mishaps from occurring. -
-
Software misconfiguration should be tested for the security setting before release. The databases all ship with default accounts, and when you install applications on your database, they install default accounts, too. All those default accounts have default passwords, and all those default passwords are easy to find on the Internet. So if you leave them in place, it’s kind of like you’re leaving a window open into the database. The authenthication can be misconfigured so all users can access without right. Lastly, the system security should be authorized only few staff to gain access and need regular update configuration frequently.
-
You must be logged in to reply to this topic. Login here