- This topic has 10 replies, 10 voices, and was last updated 3 years, 6 months ago by Kridsada Sirichaisit.
-
AuthorPosts
-
-
2020-09-20 at 4:46 am #22671Ornpicha ThiampolParticipant
Employee error exposed data 16,000 Blue Cross patients online for three months
Independence Blue Cross is a health insurer based in Philadelphia. They upload a member data around 16,000 patients online for three months between April 2018 and July 2018, due to employee error. This data includes names, dates of birth, diagnosis codes, provider details, and information used for claim processing purposes. There is no detail that the employee intentionally or accidental. However, this cybercriminal can use this data for medical fraud. The officials permanently removed the file since they noticed. Furthermore, they will take the appropriate action with the employee responsible.
According to news, this company was hit with a cyberattack that breached 10.5 million patients’ data before in 2015. There is still a phishing attack that breached the personal data of 6800 in April 2018. This situation reminds the organization to have proper access controls and network monitoring to prevent human errors or detect improperly uploaded data.
Besides, the organization should have user security. They should provide authentication to ensure the user’s identity is confirmed by password or biometrics, data integrity for protecting information from unauthorized alteration, and availability for preventing interference with system access by authorized users. The employee should then reveal the information before uploading it online again or using only “intranet” which is limited for authorized users in the company. Human error can happen anytime while they are careless. So, we can reduce human error by adding more concentrate by using the authentication and double-check by other related people to ensure no error is happening.
Ornpicha Thiampol
-
2020-09-24 at 12:10 am #22709Ornpicha ThiampolParticipant
The post above is my report, so here is a short answer to the question.
1. Provide a brief description of the story.
Independence Blue Cross is a health insurer based in Philadelphia. They upload a member data around 16,000 patients online for three months between April 2018 and July 2018, due to employee error. This data includes names, dates of birth, diagnosis codes, provider details, and information used for claim processing purposes. There is no detail that the employee intentionally or accidental. However, this cybercriminal can use this data for medical fraud.
2. What is/are the impact of this data breach? Consequences of the data breach.
The data includes names, dates of birth, diagnosis codes, provider details, and information used for claim processing purposes. So, this cybercriminal can use this data for medical fraud. It means they can lend themselves to abuse when referrals are made for service that isn’t even needed, such as X-rays cost, MRIs cost, prescription drugs cost, etc.3. How did the data breach occur?
Some employee uploads a member data online on the website.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
Human error is the main reason for this problem, but the company needs to prove its intention or accident.5. How could you prevent this data breach attack?
The organization should have proper access controls and network monitoring to prevent human errors or detect improperly uploaded data. Besides, the organization should have user security. They should provide authentication to ensure the user’s identity is confirmed by password or biometrics, data integrity for protecting information from unauthorized alteration, and availability for preventing interference with system access by authorized users. The employee should then reveal the data before uploading it online again or using only “intranet”, which is limited for authorized users. Human error can happen anytime while they are careless. We can reduce human error by adding more concentrate by using the authentication and double-check by other related people to ensure no mistake is happening.
-
2020-09-26 at 11:39 pm #22795Khaing Zin Zin HtweParticipant
Thank you for the report indicating the need for double-check for data uploads. Human error is a difficult one to control, and employee contracts for data confidentiality should be signed annually.
-
2020-09-26 at 11:51 pm #22800NaphatParticipant
Privacy and security is very importance, Including confidentiality also.
-
2020-09-28 at 2:33 am #22821Wachirawit SupasaParticipant
I agree with your idea. Human error is the most causative network security breach. The hospital should enforce more on the policy.
-
2020-09-28 at 11:10 pm #22832SaranathKeymaster
Agree! Human error is the most difficult thing to convene. The system must be well designed to avoid errors that could happen by human.
-
2020-09-29 at 11:11 pm #22865Phone Suu KhaingParticipant
Thanks for thorough explanation of the case study!
I totally agree on strengthening security by authentication and other related measures. I would also say that strict rules and regulation related to staff code of conduct is also important to avoid similar situation! -
2020-09-30 at 3:42 am #22876Saravalee SuphakarnParticipant
Thank you for explanation this case. I strongly agree with you that the main cause of this problem was human error. In addition to user security, to prevent the situation, the organization should improve the risk management and software security design.
-
2020-09-30 at 10:57 pm #22901Navinee KruahongParticipant
Human error could be eliminated by well designed system, procedure, and training.
-
2020-10-02 at 2:00 am #22911Kaung Khant TinParticipant
Thank you so much for this informative report. I agree with your preventive measures as to tackle this issue. I think human error are prevalent in terms of data security. Managing the users account by controlling which user has access to which level of data privileges would be a solution too.
-
2020-10-21 at 12:00 am #23445Kridsada SirichaisitParticipant
Thank you for brief story. Human error is the problem but if the system can prevent this problem such as code condition in application that use to upload to prevent this error.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here