SlideShare a Scribd company logo

Systems Thinking on a National Level, Part 2Drew David.docx

Download as DOCX, PDF
P
perryk1

This document discusses various cybersecurity threats faced by the healthcare industry, including phishing emails, SQL injection attacks, eavesdropping, and viruses. Phishing emails are a major issue, accounting for 93% of breached healthcare data. Hackers use phishing emails that appear legitimate to trick staff into revealing sensitive information. The document also examines ways to better protect against these threats, such as password protection, data loss prevention, access controls, and staff training. Overall, the document analyzes the cybersecurity risks healthcare organizations face and ways to decrease breaches through education and prevention methods.

Education
1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
Systems Thinking on a National Level, Part 2 Drew Davidson, Eric Sinclair Banyon, Shady Navarro, Shalamar Santana, Ziomara Pagan, & Stephanie Jean Coute MHA/505 February 11, 2019 Rachael Kehoe Running head: SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2 1 SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2 10 Systems Thinking on a National Level, Part 2 Cybersecurity breaches in the Healthcare industry pose a significant threat to those organizations. According to Gordon et al., cybersecurity breaches not only affect the patient’s information but it can also affect the organization's creditability (2017). When an organization creditability comes into question due to a cybersecurity breach, that organization may lose customers due to the fear of their information not being appropriately protected. In Healthcare it is crucial that we understand the impact of cybersecurity breaches. Most of the major hospital in the United States are using electronic medical records (EMR). A lot of hackers are using phishing methods to
trick hospital and breaching their security protocol by tricking staff members into disclosing sensitive and personal information (Winder, 2014). Therefore, the following will discuss way cyber security breaches happen in the healthcare industry and way to prevent them from happening in the future. Cyber Security Breach Diagram Malicious and Non-Malicious Cyber security breaches in healthcare can happen in several different ways. These different types of breaches can either be malicious or non-malicious. A malicious cyber security breech in healthcare, is when an individual or individuals purposely hacked into and attack or gain unauthorized access to members PII. Unauthorized access (such as hacking) to protected healthcare systems is the result of malicious behavior, things like holding the system ransom or stealing private information are acts of malicious behavior (Katz, 2018). Penetrating a system manually and disabling the systems defenses or by downloading software programs are other types of malicious behavior. Hacking is a malicious behavior, but just because the system is hack doesn’t necessarily mean any personal information is compromised. A number malicious cyber security breach may not be done intentionally but can cause just as many issues as a malicious cyber security breech. When data is unintentionally left exposed to an authorized access it is a non- malicious behavior. Cyber security breaches in healthcare can be the result of employee error or negligence. In healthcare malicious behavior is a portion of the inflow of cyber security breaches and non-malicious behavior is the portion of the outflow of a cyber security breech. Eavesdropping As a group, we have identified a multitude of cybersecurity breaches that are growing concerns amongst the healthcare providers and companies that offer their services to the community. Another one of these concerns’ hails in the form of
eavesdropping. Eavesdropping is a dilemma within the healthcare industry. As we advance in the use of technology about how we communicate patient’s private information, eavesdropping is one of those breaches that causes heighten awareness. As the industry advances in the transmission of information via cyberspace, the threat of information falling in the hands of those who seek criminal activities are more prevalent. According to Epic University (“Epic University, ”2019) The term 'eavesdropping' is used to refer to the interception of communication between two parties by a malicious third party. Since the beginning of the digital age, the term has also come to hold great significance in the world of cybersecurity. Using wireless services, smartphones, and handheld computers must have protection at all cost. The encryption of these devices is by far the most critical aspect of protecting consumers information where this level of communication rules. If these devices are not able to be encrypted to protect the consumers, they should not take precedent. Eavesdropping, within the industry, affect all areas of cybersecurity. This phase of cybersecurity is like the kryptonite of all virus. Eavesdropping can infiltrate all aspects of cybersecurity and reap major havoc for any organizations. It is essential that we understand what eavesdropping can do to an organization and provided the necessary tools to combat these threats. We as individual and organizations must obtain the required education, training, and etcetera to help protect the consumer's personal information. SQL Injection Attacks Not only is eavesdropping being a problem, but so is having to deal with SQL injection attacks. Eavesdropping along with the other forms of cybersecurity attacks cannot be ignored, but this attack can cut a bit deeper and cause an organization to lose creditability. This attack affects the coding of a healthcare organization, and coding within the healthcare system is like peanut butter and jelly. It’s like mostly you cannot have one without the other. Here we are talking about getting deep into a
database to retrieve a personal information phone number, address, financial information, etcetera. If the wrong individual obtains that vital information, an organization will have to deal with potential liability that is tough to recover. This type of attack is getting to the heart of the administrative side of thing. Some of the most critical information is housed for the patients, and information that violates so many different aspects of a patients record. Imagine if this attack happens at a large Hospital and the Cyber thieves were able to decode the system and completely wipe their database system. I know this is not something you would want to be a part of figuring out. These attacks are why it is super essential for employees to be very cautious when handling patient’s information. Protecting the privacy of your passwords, not opening phishing emails, not violate HIPAA rules, not leaving data exposed, and etcetera is vital. This type of attack happens typically via a company Website. All in all, education of how to spot these threats, and not allowing or minimizing vulnerability goes a long way. This attack, as well as the other attacks mention, will forever be a part of our lives. But being prepared to combat these threats can make the difference between success and failure of any organization. HIPPA HIPPA is an internal source of threats to healthcare information security. Goals of data security are to allow access to healthcare information to authorized individuals, allow access only when needed and retrieve what is accurate for use (Donald & Berwick, 2018). HIPPA has many gaps which should be addressed. First, the privacy rule should be made applicable to all healthcare entities and not only those covered. This means, it must be made a mandatory. Second, the security rule should not only cover electronically stored data but also paper records. Lastly, all covered entities have not fully complied with HIPPA requirements, a more serious threat to information. Unless these are addressed, insecurity will still be a problem.
Data Loss As an industry, healthcare institutions need to implement strategies that can prevent data loss while ensuring privacy and security of information. Prevention of data loss can be done by configuring solutions that are designed to protect sensitive data (Abouelmehdi et al., 2018). This data include Electronic Medical Records, Protected Health Information and other data so that it is not accessed and misused in anyway by unauthorized users (Abouelmehdi et al., 2018). Data loss prevention tools are helpful for monitoring endpoints, streams of network data and cloud, thus protecting data from any potential loss to any insider or outsider. Phishing Emails Phishing emails are a huge thing for hackers to get into health care systems and get protected health information. In fact, ninety-three percent of the breached data in the health care industry is due to phishing emails ("Perils Of Healthcare Phishing And What You Can Do About It", 2019). Then calculated the eighty-three percent of all doctors have experienced cyber-attacks from phishing emails ("Perils Of Healthcare Phishing And What You Can Do About It", 2019). Many of these attacks have caused a full day of clinical downtime. How do the hackers do it? The phishing emails look just like an email a staff member would receive that is safe and from a trusted source ("Perils Of Healthcare Phishing And What You Can Do About It", 2019). Phishing emails have caused one- hundred and fifteen million-dollar lawsuits on health care facilities ("Most Common Phishing Emails Identified", 2019). That is more than most have for revenue in a year. Then there are at least six-teen phishing emails sent to the facility and each staff member every thirty days ("Most Common Phishing Emails Identified", 2019). There has to be quarterly training on the newest phishing email trends according to HIPAA. The most common phishing email in the health care industry is fake payments. Health care in America has become so costly and the hackers have caught on that all healthcare providers have an
account that is in default so making malware look as though it is a payment or is about a payment is the easiest way in to the protected health information ("Most Common Phishing Emails Identified", 2019). Data Exposure The increase of technology in the healthcare industry has provided many health organizations with the ability to monitor their patients remotely through digital devices and electronic health records. The healthcare data is often collected and stored into a cloud base system where healthcare providers can have access anywhere to the patient's data in real-time. However, the vast network of devices that are connected directly with each other to collect, process, and share vital information has put many healthcare organizations at great risk for cybersecurity breaches. "Failed security has resulted in massive data breaches that have led to the loss or compromise of millions of personally identifiable healthcare records. Historically, the security of information systems, in general, has not been seriously considered in many instances until a breach has occurred." (Moganedi, 2018, p. 297). Therefore, it is significant for healthcare companies to take measurable actions to prevent their patient's information from being accessible to unwanted users. Such measures can be made by performing annual HIPPA security risk analysis, implementing role base permission only for individual employees to have access to certain areas of the database, and requiring employees to change their username and password frequently. Password Protection Password protection is so very important when dealing with access to protected health information. Having to change passwords at least every three months seems so difficult and so annoying to many health care providers. HIPAA is in healthcare it may be the first true definition learned. HIPAA has certain requirements that are put on passwords for accessing protected health information. HIPAA wants there to always be a two factor authorization for logging in to protected health
information ("The HIPAA Password Requirements And The Best Way To Comply With Them", 2018). This means that a username and password are required plus a pin number ("The HIPAA Password Requirements And The Best Way To Comply With Them", 2018). Protected health information is personal and should always be protected especially when getting the information or storing the information electronically. HIPAA also requires every password to access the protected health information to be at least eight characters long("The HIPAA Password Requirements And The Best Way To Comply With Them", 2018). This of course is using numbers and letters. A suggestion from HIPAA for making a password to gain access to protected health information is that the capitalization is random and that you take a phrase that you can remember then mix up the spelling ("HIPAA Security And Privacy ", 2003).There are penalties involved with sharing passwords for gaining access to protected health information one is up to two-hundred and fifty thousand dollars in a fine and the other is up to ten years in prison ("HIPAA Security And Privacy ", 2003). There are simple rules to follow when making sure that your password is protected. It can be devastating if someone unauthorized gains access to protected health information. Take our military and wars into consideration, what if during a war a main terrorist is after a certain general and hackers can decode a password to protected health information to find the generals information of what hospital he is at. Think about law enforcement there have been many in the news lately and an officer involved shooting can cause quite an uproar. Imagine the wrong person gaining access to the officer involved address or where he was being treated at. The results from these situations would make a bad situation even worse. These are just a few reasons why password protection in the health industry is so important. Viruses All it takes is one click, and the virus could spread like wildfire. That is why it is so vital that healthcare organization train their employee on how to look out for possible phishing
emails which is the highest risk for health organizations to receive a virus. “Before 2016, healthcare organizations were not thought to be a primary target for ransomware. However, 14 hospitals had become the target of ransomware, and a total of 173 hacking/information technology (IT) incident data breaches had been officially reported by October 16, 2016, 17, 18. Hospitals have become an easy target for hackers for two reasons: The necessity of computer storage of information associated with patient care and the security holes in IT systems" (Spence, Bhardwaj, & Paul, 2018, p. 2). Therefore, healthcare organization must take actions by training their staff never to open up unknown emails, documents or download unknown files. Also, healthcare organizations must implement preventive measures such as having the latest virus software and running daily virus scans on all electronic devices within the organization. Without the proper actions taken to prevent data breaches within the healthcare industry, the percentages of cybersecurity attacks will continue to rise putting patients at risk. Conclusion Cybersecurity breaches in the Healthcare industry pose a significant threat to those organizations. That is why security breaches in the healthcare organizations must be handled immediately for the safety and security of the patients. Therefore by educating the staff about various ways security breaches can occur and ways to prevent them from within and outside the organization, then the decrease in cybersecurity beaches will began to improve in the healthcare industry. Reference Epic University (2019). What is Eavesdropping in Computer Security? Retrieved from https://www.ecpi.edu/blog/what-is-eavesdropping-in- computer-security. Gordon, W. J., Fairhall, A., & Landman, A. (2017). Threats to information security—Public health implications. New England
journal of medicine, 377(8), 707-709. Moganedi, S. (2018, June). Undetectable Data Breach in IoT: Healthcare Data at Risk. Cyber Warfare and Security, 8(1), 296- 298. Retrieved from https://search-proquest- com.contentproxy.phoenix.edu Most common phishing emails identified (2019). Retrieved from https://www.hipaajournal.com/most-common-healthcare- phishing-emails-identified Perils of Healthcare phishing and what you can do about it(2019). Retrieved from https://healthitsecurity.com/features/perils-of-healthcare- phishing-and-what-you-can-do-about-it Spence, N., Bhardwaj, N., & Paul, D. (2018, June). Ransomware in Healthcare Facilities: A Harbinger of the Future? Perspectives in Health Information Management, 1-22. Retrieved from https://search-proquest- com.contentproxy.phoenix.edu Storm, D. (2015). MEDJACCK. Hackers Hijacking Medical Devices to Create Backdoors in Hospital Networks. The HIPAA Password Requirements and the Best Way to Comply With Them(2018). Retrieved from https://www.hipaajournal.com/hipaa-password-requirements Winder, D. (2014). "Phish Your Own Staff: Arming Employees to Beat Modern Attacks," Info security, Nov. 28, 2014.

More Related Content

PDF
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...
The Lifesciences Magazine
 
PDF
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Protected Harbor
 
PPTX
Cyberattacks on Healthcare Systemss.pptx
JoeOrlando16
 
PDF
Cybersecurity Challenges in the Healthcare Industry.pdf
Mobibiz India
 
PDF
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
IJNSA Journal
 
PDF
Cyber Security Notes Unit 2 for Engineering
nctitacademic
 
PDF
Cybercrime and the Healthcare Industry
EMC
 
DOCX
Running head Information security threats 1Information secur.docx
wlynn1
 
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...
The Lifesciences Magazine
 
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Protected Harbor
 
Cyberattacks on Healthcare Systemss.pptx
JoeOrlando16
 
Cybersecurity Challenges in the Healthcare Industry.pdf
Mobibiz India
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
IJNSA Journal
 
Cyber Security Notes Unit 2 for Engineering
nctitacademic
 
Cybercrime and the Healthcare Industry
EMC
 
Running head Information security threats 1Information secur.docx
wlynn1
 

Similar to Systems Thinking on a National Level, Part 2Drew David.docx (20)

PDF
Cybercrime and the Healthcare Industry
EMC
 
PDF
Cybersecurity
Christopher Daza
 
DOCX
Hello Shreya,Detailed analysis of data breaches that occurred in
SusanaFurman449
 
PDF
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
PDF
Reasons for the Popularity of Medical Record Theft
OPSWAT
 
PDF
Big data and cyber security legal risks and challenges
Kapil Mehrotra
 
PDF
Improve Cybersecurity Education Or Awareness Training
Triskele Labs
 
PDF
Protected Harbor Data Breach Trend Report
Protected Harbor
 
PDF
[Infographic] 5 Security Threats in Healthcare Industry
Seqrite
 
PPTX
Cyber security
Satbharai Sethar
 
PDF
Why healthcare is the biggest target for cyberattacks-converted.pdf
Sparity1
 
PDF
IBM Security Services
Rainer Mueller
 
PDF
How to secure information systemsSolutionAnswerInformation.pdf
rohit219406
 
PDF
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
DOCX
Classmate 1Cybersecurity risk can be characterized as the ris.docx
bartholomeocoombs
 
PDF
How Vulnerable Is Your Industry to Cyber Crime?
David Hunt
 
PDF
Corporate role in protecting consumers from the risk of identity theft
IJCNCJournal
 
DOCX
Article 1 currently, smartphone, web, and social networking techno
honey690131
 
PDF
[Infographic] Healthcare Cyber Security: Threat Prognosis
FireEye, Inc.
 
PDF
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
mosmedicalreview
 
Cybercrime and the Healthcare Industry
EMC
 
Cybersecurity
Christopher Daza
 
Hello Shreya,Detailed analysis of data breaches that occurred in
SusanaFurman449
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Reasons for the Popularity of Medical Record Theft
OPSWAT
 
Big data and cyber security legal risks and challenges
Kapil Mehrotra
 
Improve Cybersecurity Education Or Awareness Training
Triskele Labs
 
Protected Harbor Data Breach Trend Report
Protected Harbor
 
[Infographic] 5 Security Threats in Healthcare Industry
Seqrite
 
Cyber security
Satbharai Sethar
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Sparity1
 
IBM Security Services
Rainer Mueller
 
How to secure information systemsSolutionAnswerInformation.pdf
rohit219406
 
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
bartholomeocoombs
 
How Vulnerable Is Your Industry to Cyber Crime?
David Hunt
 
Corporate role in protecting consumers from the risk of identity theft
IJCNCJournal
 
Article 1 currently, smartphone, web, and social networking techno
honey690131
 
[Infographic] Healthcare Cyber Security: Threat Prognosis
FireEye, Inc.
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
mosmedicalreview
 

More from perryk1 (20)

DOCX
Take a few moments to research the contextual elements surrounding P.docx
perryk1
 
DOCX
Table of Contents Section 2 Improving Healthcare Quality from.docx
perryk1
 
DOCX
Take a company and build a unique solution not currently offered. Bu.docx
perryk1
 
DOCX
Tackling a Crisis Head-onThis week, we will be starting our .docx
perryk1
 
DOCX
take a look at the latest Presidential Order that relates to str.docx
perryk1
 
DOCX
Table of Contents-Perioperative Care.-Perioperative Med.docx
perryk1
 
DOCX
Take a look at the sculptures by Giacometti and Moore in your te.docx
perryk1
 
DOCX
Table of ContentsLOCAL PEOPLE PERCEPTION TOWARDS SUSTAINABLE TOU.docx
perryk1
 
DOCX
Table of Contents Title PageWELCOMETHE VAJRA.docx
perryk1
 
DOCX
Take a few minutes to reflect on this course. How has your think.docx
perryk1
 
DOCX
Taiwan The Tail That Wags DogsMichael McDevittAsia Po.docx
perryk1
 
DOCX
TABLE 1-1 Milestones of Medicine and Medical Education 1700–2015 ■.docx
perryk1
 
DOCX
Tackling wicked problems A public policy perspective Ple.docx
perryk1
 
DOCX
Tahira Longus Week 2 Discussion PostThe Public Administration.docx
perryk1
 
DOCX
Tabular and Graphical PresentationsStatistics (exercises).docx
perryk1
 
DOCX
Table 4-5 CSFs for ERP ImplementationCritical Success Fact.docx
perryk1
 
DOCX
Table 7.7 Comparative Financial Statistics Universal Office Fur.docx
perryk1
 
DOCX
TableOfContentsTable of contents with hyperlinks for this document.docx
perryk1
 
DOCX
Tajfel and Turner (in chapter two of our reader) give us the followi.docx
perryk1
 
DOCX
tabOccupational Safety & Health for Technologists, Enginee.docx
perryk1
 
Take a few moments to research the contextual elements surrounding P.docx
perryk1
 
Table of Contents Section 2 Improving Healthcare Quality from.docx
perryk1
 
Take a company and build a unique solution not currently offered. Bu.docx
perryk1
 
Tackling a Crisis Head-onThis week, we will be starting our .docx
perryk1
 
take a look at the latest Presidential Order that relates to str.docx
perryk1
 
Table of Contents-Perioperative Care.-Perioperative Med.docx
perryk1
 
Take a look at the sculptures by Giacometti and Moore in your te.docx
perryk1
 
Table of ContentsLOCAL PEOPLE PERCEPTION TOWARDS SUSTAINABLE TOU.docx
perryk1
 
Table of Contents Title PageWELCOMETHE VAJRA.docx
perryk1
 
Take a few minutes to reflect on this course. How has your think.docx
perryk1
 
Taiwan The Tail That Wags DogsMichael McDevittAsia Po.docx
perryk1
 
TABLE 1-1 Milestones of Medicine and Medical Education 1700–2015 ■.docx
perryk1
 
Tackling wicked problems A public policy perspective Ple.docx
perryk1
 
Tahira Longus Week 2 Discussion PostThe Public Administration.docx
perryk1
 
Tabular and Graphical PresentationsStatistics (exercises).docx
perryk1
 
Table 4-5 CSFs for ERP ImplementationCritical Success Fact.docx
perryk1
 
Table 7.7 Comparative Financial Statistics Universal Office Fur.docx
perryk1
 
TableOfContentsTable of contents with hyperlinks for this document.docx
perryk1
 
Tajfel and Turner (in chapter two of our reader) give us the followi.docx
perryk1
 
tabOccupational Safety & Health for Technologists, Enginee.docx
perryk1
 

Recently uploaded (20)

PDF
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Lesson notes of climatology university.
sgladness67
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
RMMM.pdf make it easy to upload and study
sajedul2
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 

Systems Thinking on a National Level, Part 2Drew David.docx

  • 1. Systems Thinking on a National Level, Part 2 Drew Davidson, Eric Sinclair Banyon, Shady Navarro, Shalamar Santana, Ziomara Pagan, & Stephanie Jean Coute MHA/505 February 11, 2019 Rachael Kehoe Running head: SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2 1 SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2 10 Systems Thinking on a National Level, Part 2 Cybersecurity breaches in the Healthcare industry pose a significant threat to those organizations. According to Gordon et al., cybersecurity breaches not only affect the patient’s information but it can also affect the organization's creditability (2017). When an organization creditability comes into question due to a cybersecurity breach, that organization may lose customers due to the fear of their information not being appropriately protected. In Healthcare it is crucial that we understand the impact of cybersecurity breaches. Most of the major hospital in the United States are using electronic medical records (EMR). A lot of hackers are using phishing methods to
  • 2. trick hospital and breaching their security protocol by tricking staff members into disclosing sensitive and personal information (Winder, 2014). Therefore, the following will discuss way cyber security breaches happen in the healthcare industry and way to prevent them from happening in the future. Cyber Security Breach Diagram Malicious and Non-Malicious Cyber security breaches in healthcare can happen in several different ways. These different types of breaches can either be malicious or non-malicious. A malicious cyber security breech in healthcare, is when an individual or individuals purposely hacked into and attack or gain unauthorized access to members PII. Unauthorized access (such as hacking) to protected healthcare systems is the result of malicious behavior, things like holding the system ransom or stealing private information are acts of malicious behavior (Katz, 2018). Penetrating a system manually and disabling the systems defenses or by downloading software programs are other types of malicious behavior. Hacking is a malicious behavior, but just because the system is hack doesn’t necessarily mean any personal information is compromised. A number malicious cyber security breach may not be done intentionally but can cause just as many issues as a malicious cyber security breech. When data is unintentionally left exposed to an authorized access it is a non- malicious behavior. Cyber security breaches in healthcare can be the result of employee error or negligence. In healthcare malicious behavior is a portion of the inflow of cyber security breaches and non-malicious behavior is the portion of the outflow of a cyber security breech. Eavesdropping As a group, we have identified a multitude of cybersecurity breaches that are growing concerns amongst the healthcare providers and companies that offer their services to the community. Another one of these concerns’ hails in the form of
  • 3. eavesdropping. Eavesdropping is a dilemma within the healthcare industry. As we advance in the use of technology about how we communicate patient’s private information, eavesdropping is one of those breaches that causes heighten awareness. As the industry advances in the transmission of information via cyberspace, the threat of information falling in the hands of those who seek criminal activities are more prevalent. According to Epic University (“Epic University, ”2019) The term 'eavesdropping' is used to refer to the interception of communication between two parties by a malicious third party. Since the beginning of the digital age, the term has also come to hold great significance in the world of cybersecurity. Using wireless services, smartphones, and handheld computers must have protection at all cost. The encryption of these devices is by far the most critical aspect of protecting consumers information where this level of communication rules. If these devices are not able to be encrypted to protect the consumers, they should not take precedent. Eavesdropping, within the industry, affect all areas of cybersecurity. This phase of cybersecurity is like the kryptonite of all virus. Eavesdropping can infiltrate all aspects of cybersecurity and reap major havoc for any organizations. It is essential that we understand what eavesdropping can do to an organization and provided the necessary tools to combat these threats. We as individual and organizations must obtain the required education, training, and etcetera to help protect the consumer's personal information. SQL Injection Attacks Not only is eavesdropping being a problem, but so is having to deal with SQL injection attacks. Eavesdropping along with the other forms of cybersecurity attacks cannot be ignored, but this attack can cut a bit deeper and cause an organization to lose creditability. This attack affects the coding of a healthcare organization, and coding within the healthcare system is like peanut butter and jelly. It’s like mostly you cannot have one without the other. Here we are talking about getting deep into a
  • 4. database to retrieve a personal information phone number, address, financial information, etcetera. If the wrong individual obtains that vital information, an organization will have to deal with potential liability that is tough to recover. This type of attack is getting to the heart of the administrative side of thing. Some of the most critical information is housed for the patients, and information that violates so many different aspects of a patients record. Imagine if this attack happens at a large Hospital and the Cyber thieves were able to decode the system and completely wipe their database system. I know this is not something you would want to be a part of figuring out. These attacks are why it is super essential for employees to be very cautious when handling patient’s information. Protecting the privacy of your passwords, not opening phishing emails, not violate HIPAA rules, not leaving data exposed, and etcetera is vital. This type of attack happens typically via a company Website. All in all, education of how to spot these threats, and not allowing or minimizing vulnerability goes a long way. This attack, as well as the other attacks mention, will forever be a part of our lives. But being prepared to combat these threats can make the difference between success and failure of any organization. HIPPA HIPPA is an internal source of threats to healthcare information security. Goals of data security are to allow access to healthcare information to authorized individuals, allow access only when needed and retrieve what is accurate for use (Donald & Berwick, 2018). HIPPA has many gaps which should be addressed. First, the privacy rule should be made applicable to all healthcare entities and not only those covered. This means, it must be made a mandatory. Second, the security rule should not only cover electronically stored data but also paper records. Lastly, all covered entities have not fully complied with HIPPA requirements, a more serious threat to information. Unless these are addressed, insecurity will still be a problem.
  • 5. Data Loss As an industry, healthcare institutions need to implement strategies that can prevent data loss while ensuring privacy and security of information. Prevention of data loss can be done by configuring solutions that are designed to protect sensitive data (Abouelmehdi et al., 2018). This data include Electronic Medical Records, Protected Health Information and other data so that it is not accessed and misused in anyway by unauthorized users (Abouelmehdi et al., 2018). Data loss prevention tools are helpful for monitoring endpoints, streams of network data and cloud, thus protecting data from any potential loss to any insider or outsider. Phishing Emails Phishing emails are a huge thing for hackers to get into health care systems and get protected health information. In fact, ninety-three percent of the breached data in the health care industry is due to phishing emails ("Perils Of Healthcare Phishing And What You Can Do About It", 2019). Then calculated the eighty-three percent of all doctors have experienced cyber-attacks from phishing emails ("Perils Of Healthcare Phishing And What You Can Do About It", 2019). Many of these attacks have caused a full day of clinical downtime. How do the hackers do it? The phishing emails look just like an email a staff member would receive that is safe and from a trusted source ("Perils Of Healthcare Phishing And What You Can Do About It", 2019). Phishing emails have caused one- hundred and fifteen million-dollar lawsuits on health care facilities ("Most Common Phishing Emails Identified", 2019). That is more than most have for revenue in a year. Then there are at least six-teen phishing emails sent to the facility and each staff member every thirty days ("Most Common Phishing Emails Identified", 2019). There has to be quarterly training on the newest phishing email trends according to HIPAA. The most common phishing email in the health care industry is fake payments. Health care in America has become so costly and the hackers have caught on that all healthcare providers have an
  • 6. account that is in default so making malware look as though it is a payment or is about a payment is the easiest way in to the protected health information ("Most Common Phishing Emails Identified", 2019). Data Exposure The increase of technology in the healthcare industry has provided many health organizations with the ability to monitor their patients remotely through digital devices and electronic health records. The healthcare data is often collected and stored into a cloud base system where healthcare providers can have access anywhere to the patient's data in real-time. However, the vast network of devices that are connected directly with each other to collect, process, and share vital information has put many healthcare organizations at great risk for cybersecurity breaches. "Failed security has resulted in massive data breaches that have led to the loss or compromise of millions of personally identifiable healthcare records. Historically, the security of information systems, in general, has not been seriously considered in many instances until a breach has occurred." (Moganedi, 2018, p. 297). Therefore, it is significant for healthcare companies to take measurable actions to prevent their patient's information from being accessible to unwanted users. Such measures can be made by performing annual HIPPA security risk analysis, implementing role base permission only for individual employees to have access to certain areas of the database, and requiring employees to change their username and password frequently. Password Protection Password protection is so very important when dealing with access to protected health information. Having to change passwords at least every three months seems so difficult and so annoying to many health care providers. HIPAA is in healthcare it may be the first true definition learned. HIPAA has certain requirements that are put on passwords for accessing protected health information. HIPAA wants there to always be a two factor authorization for logging in to protected health
  • 7. information ("The HIPAA Password Requirements And The Best Way To Comply With Them", 2018). This means that a username and password are required plus a pin number ("The HIPAA Password Requirements And The Best Way To Comply With Them", 2018). Protected health information is personal and should always be protected especially when getting the information or storing the information electronically. HIPAA also requires every password to access the protected health information to be at least eight characters long("The HIPAA Password Requirements And The Best Way To Comply With Them", 2018). This of course is using numbers and letters. A suggestion from HIPAA for making a password to gain access to protected health information is that the capitalization is random and that you take a phrase that you can remember then mix up the spelling ("HIPAA Security And Privacy ", 2003).There are penalties involved with sharing passwords for gaining access to protected health information one is up to two-hundred and fifty thousand dollars in a fine and the other is up to ten years in prison ("HIPAA Security And Privacy ", 2003). There are simple rules to follow when making sure that your password is protected. It can be devastating if someone unauthorized gains access to protected health information. Take our military and wars into consideration, what if during a war a main terrorist is after a certain general and hackers can decode a password to protected health information to find the generals information of what hospital he is at. Think about law enforcement there have been many in the news lately and an officer involved shooting can cause quite an uproar. Imagine the wrong person gaining access to the officer involved address or where he was being treated at. The results from these situations would make a bad situation even worse. These are just a few reasons why password protection in the health industry is so important. Viruses All it takes is one click, and the virus could spread like wildfire. That is why it is so vital that healthcare organization train their employee on how to look out for possible phishing
  • 8. emails which is the highest risk for health organizations to receive a virus. “Before 2016, healthcare organizations were not thought to be a primary target for ransomware. However, 14 hospitals had become the target of ransomware, and a total of 173 hacking/information technology (IT) incident data breaches had been officially reported by October 16, 2016, 17, 18. Hospitals have become an easy target for hackers for two reasons: The necessity of computer storage of information associated with patient care and the security holes in IT systems" (Spence, Bhardwaj, & Paul, 2018, p. 2). Therefore, healthcare organization must take actions by training their staff never to open up unknown emails, documents or download unknown files. Also, healthcare organizations must implement preventive measures such as having the latest virus software and running daily virus scans on all electronic devices within the organization. Without the proper actions taken to prevent data breaches within the healthcare industry, the percentages of cybersecurity attacks will continue to rise putting patients at risk. Conclusion Cybersecurity breaches in the Healthcare industry pose a significant threat to those organizations. That is why security breaches in the healthcare organizations must be handled immediately for the safety and security of the patients. Therefore by educating the staff about various ways security breaches can occur and ways to prevent them from within and outside the organization, then the decrease in cybersecurity beaches will began to improve in the healthcare industry. Reference Epic University (2019). What is Eavesdropping in Computer Security? Retrieved from https://www.ecpi.edu/blog/what-is-eavesdropping-in- computer-security. Gordon, W. J., Fairhall, A., & Landman, A. (2017). Threats to information security—Public health implications. New England
  • 9. journal of medicine, 377(8), 707-709. Moganedi, S. (2018, June). Undetectable Data Breach in IoT: Healthcare Data at Risk. Cyber Warfare and Security, 8(1), 296- 298. Retrieved from https://search-proquest- com.contentproxy.phoenix.edu Most common phishing emails identified (2019). Retrieved from https://www.hipaajournal.com/most-common-healthcare- phishing-emails-identified Perils of Healthcare phishing and what you can do about it(2019). Retrieved from https://healthitsecurity.com/features/perils-of-healthcare- phishing-and-what-you-can-do-about-it Spence, N., Bhardwaj, N., & Paul, D. (2018, June). Ransomware in Healthcare Facilities: A Harbinger of the Future? Perspectives in Health Information Management, 1-22. Retrieved from https://search-proquest- com.contentproxy.phoenix.edu Storm, D. (2015). MEDJACCK. Hackers Hijacking Medical Devices to Create Backdoors in Hospital Networks. The HIPAA Password Requirements and the Best Way to Comply With Them(2018). Retrieved from https://www.hipaajournal.com/hipaa-password-requirements Winder, D. (2014). "Phish Your Own Staff: Arming Employees to Beat Modern Attacks," Info security, Nov. 28, 2014.