Hello Shreya,Detailed analysis of data breaches that occurred in
- 1. Hello Shreya, Detailed analysis of data breaches that occurred in the healthcare sector The instances of data breaches have now been prevalent because the security networks have some loopholes by which the intruders’ penetration and accessibility become easier and efficient. The authors also illustrated in the article the diverse factors that accelerate data breaching concerning technological advancement (McLeod & Dolezel, 2018). Apart from the loopholes in the organizational elements, certain gaps in business procedure also expose the security threats facilitating data breaches multiple times. In this scenario, technological availability is one of the major reasons for occurring data breaches. The healthcare sector incorporates diverse advanced technologies to secure their stored patients’ information pieces concerning technological improvements. Lack of technological skills leads to human errors from where data breaches have become more general, reflecting the severity of the attack i n the healthcare sector that is articulated in the article. Accordingly, employees’ unawareness about the information systems also leads to data breaches. Due to their lack of concern, the specifications in the security applications have not been processed, ultimately leading to the massive failure in securing the patients’ data. Reasons of causing those problems Data breaches that occurred in the healthcare sector might be caused by insisting on diverse factors. Human error is an important factor, proliferating the vulnerable areas within databases and other information systems multiple times. The intruders acquire the opportunities to access the databases compromising massive data. The certain erroneous actions of employees also lead to massive failure in business procedures, exposing the severity of data breaches. Accordingly, using weak passwords in databases containing the patients’ information and
- 2. leaving those data unencrypted has also led to severe problems, facilitating easier data hacking methods. In addition, while the authority does not patch software periodically, the vulnerability within the software has been exposed from where the hackers have acquired the possibility for intrusion and proceeded with data breaches. Due to technological incapability, sometimes, the healthcare authority does not regulate data transmissions actively, leaving the stored data susceptible and actively enhances the risks of exposure to data breaches. Human errors always enhance these loopholes multiple folds from where the severe problems have been facilitated. Potential solutions against the threat factors Hello DEEPESH, Technology in healthcare is providing numerous opportunities to transform and improve the services such as improving clinical outcomes, reducing human errors, keeping patient data up to date for research purposes etc. Information Systems, Internet of medical things, cloud services have transformed the healthcare industry digitally. Data has become an important part for the healthcare industry to provide better services. With the increase in demand to the technology and reliability on data in healthcare industry, there is also a spike in the data breaching instances. As per a report, In the United States 600 healthcare data breaches has been reported in year 2020 which was the 55% increase than the previous year. These figures depict the increased impact of cybersecurity and data breaches (Vaidya, 2020). Health insurance companies are the main victims of data breaches which exposed the personal data of their customers including birth dates, place, names, addresses, SSN, and other important info. Financial data easily become unusable as people can easily change their debit/credit numbers but in case of medical data, it is unvindicable and hence become so useful for cybercriminals. Mostly they target data from pharmaceutical
- 3. and biotech intellectual property. In the healthcare industry everything like health application over phone, insulin pumps are well networked which leaves unique openings for hackers and leads to security breaches. Data in technology plays a crucial role, so the necessary steps should be taken to prevent it from compromising. Healthcare industry should follow HIPAA security and privacy rules. Apart from this, educating healthcare staff about the security measures is also very necessary. Implementing data usage controls, encrypting data, giving only necessary access to staff, securing mobile devices, conducting regular risk assessments, mitigating connected device risks, logging and monitoring use, restricting access to data and applications, carefully utilizing off-site data backup are the other important measures to be practiced (Lord, 2020). Hello Pritesh, Discussing the case study in detail According to Wang & Johnson (2018), the discussion is mainly on the data breach incident in Equifax. This cyber-attack case happened in March 2017, where the personal data of millions of people was stolen from the system of Equifax. Through this incident, Equifax has faced a lot of financial problems, and the condition of the people's health also became a great concern for the company. This case study shows some of the important information of how the situation has happened in the company and what things are lacking within the system for which the attackers get the chance to involve within the system. Reasons for having this data breach problem As per the cyber-security experts' report, several security lapses within the system allow the attackers to enter into the system. Another reason is an SSL certificate that they used for security purposes also expired, and for that incoming traffic network could not be decrypted properly. The attackers get the chance to involve and encrypt their activities and make some decent
- 4. changes within Equifax's server. It is seen that Equifax was unaware of the suspicious activities, and also they are lack in this situation's knowledge, and for that reason, this problem has arisen within the system. Around 143 million customers suffered from this incident, and this is one of the biggest data breach incidents that causes a big failure to the company's reputation, work culture and trust that they gained from the customers all goes in vain with this incident. The technologies that have been involved within the company did not work as it required to be done, and for that, they fail to protect this personal data of the customers, and this made a big blunder for the company to manage the situation well. Potential solutions As per the discussed situation, it could be said that Equifax needs to update the SSL certificate procedure first as it the main equipment of Equifax to protect any unethical or unauthorized operation done within the Hello Akif, Cause of the problem Data is very vulnerable at the same time, very important for any organisation. A lot of data is generated in different organizations. They are also doing a lot to make sure that the data is protected in the right manner. In healthcare as well, the concept of data integrity has become a major concern (Pandey et al., 2020). Data breaches in healthcare can result in a lot of consequences. Managing the data in healthcare is very critical, but it is also very difficult to handle them due to composite it since it is also complex in the hospital and can feel capacity pressure. The leakage of patient information is very vulnerable. Due to huge complexity and constant pressure, it becomes very difficult to handle the data in the right order. The solution to the problem
- 5. The Healthcare sector is one of the vulnerable areas, and thus it is important to solve the problem, but initially, it is important to find the issue through which it occurred so that we can go in finding the right solution to mitigate the risk. One of the areas is human error, as per which there are various reasons why humans become an unknown reason for the data breach. Due to a lack of consciousness or any carelessness of the internal associate, the problem may take place, and thus it is important to have detailed information about the same (Chernyshev et al., 2019). Thus it is very important to have a good policy that employees of the organisation should follow. The data breach situation can also be resolved with the help of proper technological equipment in the company. The new data help fill the gap between the two ministers; the companies need to keep updating uses and adopt new approaches that will help better understand. It is essential to give the staff in the organisation a proper understanding of what is to be done if the need use any quick action can be taken. The restriction must be there concerning the data and its access so that it will be more secure, and thus the action and track of people will be kept. It is important to keep monitoring because the update and all can be properly taken place with. For the double security aspect, it is beneficial to always encrypt the data as the data will remain safe even if it is stolen since then, the attacker will not be able to harm me. Mobile devices are connected with security and all of those aspects (Seh et al., 2020). Various risks are also incorporated with the connected devices, and thus it is important to keep track of the same. It is also used to mitigate the risk so that it wouldn't be transferred. It is also a good action to keep doing the risk assessment since it will be well known what is to be done in the case of the risk. It is also important to keep the password, and other protecting elements keep changing since it blocks the path of the mitigation.