- This topic has 5 replies, 6 voices, and was last updated 3 years, 4 months ago by Dr.Watcharee Arunsodsai.
2019-10-18 at 10:47 am #14921SaranathKeymaster
Please read your friend’s report and provide comments on “Are there any other preventive measures to avoid the attack?”.
Case study 1: 65,000 patient records breached by New York provider’s misconfigured database (https://www.healthcareitnews.com/news/63500-patient-records-breached-new-york-providers-misconfigured-database)
1.Provide a brief description of the story.
-The story about how to protect health patient data meaning of privacy , security and confidentiality and policies to manage public health patient information.
2.What is/are the impact of this data breach? Consequences of the data breach.
-The patient has no personal privacy and the feeling of stigma and data breach.
3.How did the data breach occur?
– Disclosure patient data is beneficial to the care of the general public.
4.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
– The Institute of Medicine observed that the Privacy Rule “impedes the conduct of important health research”.Violationof HIPAA In many cases these negative impacts are due to misunderstanding by providers
5.How could you prevent this data breach attack?
-There are factors which prevent data breach attack such as
- Block some process with rule of firewalls to protect unwanted software.
- Security to access data with authentication such as password, smartcard or biometrics and protect data by Cryptography
- System security to access web site with web site security with rule of group ip to access , encrypt web data traveling with “https” , encrypt information traveling back and forth between the user and the web site with “secure sockets layer” or SSL.
2019-10-22 at 3:41 pm #15037ChalermphonParticipant
Last step when the program has completed process and use In the beginning, users may not be familiar and may cause some problems. Therefore, there must be a person to supervise and check the operation. Program maintenance is a procedure that programmers write and find the error of the program while users use the program and improve the program when an error occurs.
2019-10-22 at 5:00 pm #15044Pyae Phyo AungParticipant
Software testing is important before release to the users.
Make regular maintenance. Do everything in life cycle of software development (Planning,Ayalysis,Design,Implementation,Testing & Integration, Maintenance).
If the developers skip one of those step, there may be some bugs or error in software and configuration of database.
2019-10-23 at 4:02 am #15051tullaya.sitaParticipant
-software testing before first launch is very important to detect the mistake, bug, or malfunction of the software. This process should be test simultaneously both software developers and program owners to identify the weak point or malfunction of the new software.
2019-10-23 at 8:29 pm #15070AmeenParticipant
The issue is from the developing process. In the process of development, the developer can use the same configuration in all environments to avoid misconfigured during development. Like said above, software development is a handmade and human error that can happen anytime, testing process is a key. So, apart from ensuring good practices for the developer, as a user, we should not take a convenient by default setting.
2019-11-16 at 7:35 pm #15607Dr.Watcharee ArunsodsaiParticipant
Software should be tested for the security setting before release. The databases all ship with default accounts, and when you install applications on your database, they install default accounts, too. All those default accounts have default passwords, and all those default passwords are easy to find on the Internet. So if you leave them in place, it’s kind of like you’re leaving a window open into the database. The authenthication can be misconfigured so all users can access without right. Lastly, the system security should be authorized only few staff to gain access and need regular update configuration frequently.
You must be logged in to reply to this topic. Login here