- This topic has 5 replies, 6 voices, and was last updated 3 years, 10 months ago by
.
-
Posts
-
-
Please read your friend’s report and provide comments on “Are there any other preventive measures to avoid the attack?”.
Case study 1: 65,000 patient records breached by New York provider’s misconfigured database (https://www.healthcareitnews.com/news/63500-patient-records-breached-new-york-providers-misconfigured-database)
1.Provide a brief description of the story.
-The story about how to protect health patient data meaning of privacy , security and confidentiality and policies to manage public health patient information.
2.What is/are the impact of this data breach? Consequences of the data breach.
-The patient has no personal privacy and the feeling of stigma and data breach.
3.How did the data breach occur?
– Disclosure patient data is beneficial to the care of the general public.
4.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
– The Institute of Medicine observed that the Privacy Rule “impedes the conduct of important health research”.Violationof HIPAA In many cases these negative impacts are due to misunderstanding by providers
5.How could you prevent this data breach attack?
-There are factors which prevent data breach attack such as
- Block some process with rule of firewalls to protect unwanted software.
- Security to access data with authentication such as password, smartcard or biometrics and protect data by Cryptography
- System security to access web site with web site security with rule of group ip to access , encrypt web data traveling with “https” , encrypt information traveling back and forth between the user and the web site with “secure sockets layer” or SSL.
-
Last step when the program has completed process and use In the beginning, users may not be familiar and may cause some problems. Therefore, there must be a person to supervise and check the operation. Program maintenance is a procedure that programmers write and find the error of the program while users use the program and improve the program when an error occurs.
-
Software testing is important before release to the users.
Make regular maintenance. Do everything in life cycle of software development (Planning,Ayalysis,Design,Implementation,Testing & Integration, Maintenance).
If the developers skip one of those step, there may be some bugs or error in software and configuration of database. -
-
The issue is from the developing process. In the process of development, the developer can use the same configuration in all environments to avoid misconfigured during development. Like said above, software development is a handmade and human error that can happen anytime, testing process is a key. So, apart from ensuring good practices for the developer, as a user, we should not take a convenient by default setting.
-
Software should be tested for the security setting before release. The databases all ship with default accounts, and when you install applications on your database, they install default accounts, too. All those default accounts have default passwords, and all those default passwords are easy to find on the Internet. So if you leave them in place, it’s kind of like you’re leaving a window open into the database. The authenthication can be misconfigured so all users can access without right. Lastly, the system security should be authorized only few staff to gain access and need regular update configuration frequently.
-
You must be logged in to reply to this topic. Login here