- This topic has 1 reply, 2 voices, and was last updated 4 years, 5 months ago by tullaya.sita.
-
AuthorPosts
-
-
2019-10-27 at 8:48 pm #15213adminKeymaster
Please read your friend’s report and provide comments on “Are there any other preventive measures to avoid the attack?”.
Case study 5 : Employee error exposed data of 16,000 Blue Cross patients online for 3 months (https://www.healthcareitnews.com/news/employee-error-exposed-data-16000-blue-cross-patients-online-3-months)
1.Provide a brief description of the story.
Philadelphia-based Independence Blue Cross is notifying 16,762 patients — about 1 percent of its members — that their data was exposed online for a number of months, due to an employee uploading a member file online.
Independence Blue Cross is an independent licensee of BlueCross BlueShield. Its Privacy Office was notified on July 19 that member information was accessible online to the public between April 23 and July 20. Upon discovery, officials permanently removed the file from the website. After an investigation alongside a forensics firm, officials determined an employee uploaded a file to a public-facing website.
No details were provided on whether the employee intentionally exposed the data, or whether the incident was accidental.
The breached information included names, dates of birth, diagnosis codes, provider details and information used for claim processing purposes. While officials said that no Social Security numbers, financial data or credit cards were included in the breach.
2.What is/are the impact of this data breach? Consequences of the data breach.
The breached information included names, dates of birth, diagnosis codes, provider details and information used for claim processing purposes. As a result, the exposed individuals easy targets for threat actors engaged in account hijacking, financial loss, information disclosure and psychological or physical harm.
3.How did the data breach occur?
It can occur in many ways, malware, phishing, human error.
4.What should be the main cause of the data breach?
The main causes of this data breach should be from employee negligence or human error. They could lose a laptop or USB containing information, misconfigure databases, accidentally disclose information.
- Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
Phishing : generic messages sent in bulk in the hope of catching people off guard
Ransomware: A kind of malware asking for ransom to hand over the decryption keys
HIPAA violation: Protected Health information (PHI) is disclosed without patient consents
database misconfiguration: the database is ignored or mishandled, like insecure default settings left unaltered to changes made by administrators that leave the database open to attack
third-party vendor error: the business associate causes the breach, like during the software upgrade
5.How could you prevent this data breach attack?
- Organisations must emphasize information security staff awareness training. It will help employees understand their security responsibilities, as well as helping the organisation understand its weaknesses and what it needs to improve.
-
2019-10-30 at 9:35 pm #15328tullaya.sitaParticipant
Human error is hard to manage. In this case, I’m not sure whether it is intentionally or not to publish private information online. If it unintentionally, the systems should have an alert for private data before they go online or use double authorization to recheck for the private data that will go online. However, if this event occurred intentionally a strategy to prevent the next event should be the education of data privacy policy and also the punishment for the previous event.
In addition, the system should have an alert system for new data that goes online every time and have a personel to recheck the data release on the website periodically, as in this situation the detection is quite late.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here