Week 2 Case study 2: Phishing attacks (Anothai)

[Saranath]

Please read your friend’s report and provide comments on “Are there any other preventive measures to avoid the attack?”.

 

Case study 2 : Two phishing attacks on Minnesota DHS breach 21,000 patient records (https://www.healthcareitnews.com/news/two-phishing-attacks-minnesota-dhs-breach-21000-patient-records)

 

1. Provide a brief description of the story.
Two of the employees at Minnesota DHS were received phishing email from hacker. Maybe they were unaware to click on malicious link within the email. So the hacker could get controlled in their email account, and then access or copy the important emails that contain 21,000 patient records with personal data such as names, addresses, phone numbers, Social Security numbers, employment information.

2. What is/are the impact of this data breach? Consequences of the data breach.
Patients’ personal information was leakage from the Minnesota DHS for at least 2 month period. This impacts with the reputation of the Minnesota DHS. Patients may lose their confidential trust with the DHS. Further investigation of the data breach may reveal another employee as a phishing target, especially for DHS executives. This lead to awareness and improvement in security measures of DHS.

3. How did the data breach occur?
The hacker may sent the phishing emails to many employees of DHS, and somehow trick them to click on the malicious link or file from the email. Then their emails were compromised. Hacker can access or copy email within their account, that contain personal information of the patients.

4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The main cause of data breach is phishing. Maybe the employees were unaware or inexperience with the phishing, but it took 2 months period for detection of the phishing, I think that it was much delayed. So the real cause will be insufficient training of the employees and also insufficient in security monitoring of the organization.

5. How could you prevent this data breach attack?
1) The personal data of the patients must by encrypted and required password login before sent in the email.
2) Restriction on email account that can receive or send the personal data of the patients.
3) Training the employees to know about the phishing attack forms and patterns, especially in executives or someone who can received or send the personal data of the patients.
4) Force the data responsible employees to change the email password every 3 months, but can be every 6 months for other employees.
5) Force the employees to check for the reliable source of the email and try to ask the sender for confirmation before clicking on the links or attachments
6) All of the employees must use the organization email instead of personal email when handle with personal data of the patients, and activities of the organization email must be monitored, such as login access, and recheck with the user of that email, so as to early detect of abnormal activities in the email by the hacker.

• This topic was modified 3 years, 11 months ago by admin.
• This topic was modified 3 years, 11 months ago by admin.

[Chalermphon]

I think increase high levels of security and privacy of server.

[Pyae Phyo Aung]

High level security of mail server. Use two factor authentication for every login. Do not click “save password or remember me” in any login attempt. Make suspicious to every mail and read carefully. If the mail is luring or forcing you to fill a form/ request something, contact the IT admin before doing so.

[tullaya.sita]

-All users in the organization should be aware of phishing email. If there are some email that they are not familiar with, they should not click on the link.
-Personal data record should not be sent via email. They may use another form of data transfer such as cd-rom if applicable.

[Ameen]

(Continued from Phishing attacks (Penpitcha)
The system can be a quarantine system, detecting if it’s surely phishing. If it’s, it will eliminate the email and the email will never go to eemployee’s inbox. Other emails that are suspicious, the same as the earlier, will not be sent to the employee’s inbox, but be cached and sending some report in a periodically (like an hourly report) to the user of a list of cached email. When the user receives they will review the report (by practices) and which shows up with a score of the chance of being a phishing email, subject, the sender. Then they will retrieve the trustable email to directly send to their inbox. If the decision is wrong, there are another filter to block the phishing email. The second blocked email will be eliminated. The system will help reduce numbers of suspicious emails to review by an employee or to reduce risk exposure.

[Penpitcha Thawong]

One thing I realize is we both forgot to concern about the security system or program. The hospital should have or develop a program to protect the system from a phishing email; or, alert when it finds a strange email.

[Author]

Posts