please reply to each DQ with 150-200 words each
Candace:
Data security refers to the process of securing data against illegal access and data corruption. Data encryption, hashing, tokenization, and key management are all data security strategies that safeguard data across all applications and platforms. Data security and threats within the health care system occurs when an attacker is able to link a record owner to a sensitive attribute in a publicly available data table, they pose a privacy risk (Abouelmehdi et al., 2018). Data theft, unauthorized access, inappropriate data disposal, data loss, hacking IT mishaps, and other dangers to data privacy and security are among the most prevalent. Common causes of information breaches in the healthcare sector include; Incidents involving the hacking of information technology systems. Some other common data securities and privacy threats are unauthorized information access and dissemination, theft of sensitive information such as paper documents and portable electronic devices, loss of devices containing sensitive information, and not properly disposing of PHI and e-PHI (Health Information & Privacy 2018).
The use of information technology is rapidly growing. As technology evolves so do security and data threats. Ways to prevent breaching of information in the healthcare sector begin with increasing the cybersecurity budget this will allow patient data to protect with advanced network security that can detect a compromise attempt be for an attack happens. Of course, once a good system is in place increase the network’s security by using the most up-to-date measures of security. Something that is embedded in my muscle memory from the Army is analyzing and mitigate the risk in this instance it would be risk pertaining to HIPAA and HITECH security risk and one of the simplest security risks to mitigate is securely destroying confidential health information containing PII and PHI when it is no longer needed (Health Information & Privacy 2018).
References:
Abouelmehdi, K., Beni-Hessane, A. & Khaloufi, H. Big healthcare data: preserving security and privacy. J Big Data 5, 1 (2018). https://doi.org/10.1186/s40537-017-0110-7
Centers for Disease Control and Prevention. (2018, September 14). Health Information & Privacy. Centers for Disease Control and Prevention. https://www.cdc.gov/phlp/publications/topic/healthinformationprivacy.html.
Chen, D., & Zhao, H. (2012, March 1). Data Security and Privacy Protection Issues in Cloud Computing. Data Security and Privacy Protection Issues in Cloud Computing | Proceedings of the 2012 International Conference on Computer Science and Electronics Engineering – Volume 01. https://dl.acm.org/doi/10.1109/ICCSEE.2012.193.
Hanna:
Concerns over the privacy and security of electronic health information fall into two general categories including concerns about inappropriate releases of information from individual organizations and concerns about the systemic flows of information throughout the health care and related industries. Inappropriate releases from organizations can result either from authorized users who intentionally or unintentionally access or disseminate information in violation of organizational policy or from outsiders who break into an organization’s computer system. The second category, systemic concerns refers to the open disclosure of patient-identifiable health information to parties that may act against the interests of the specific patient or may otherwise be perceived as invading a patient’s privacy. These concerns arise from the many flows of data across the health care system, between and among providers, payers, and secondary users, with or without the patient’s knowledge.
A breach can happen in a variety of different ways. However, one of the most common causes of breaches within the health care field is simply human error. Health care workers who use unauthorized cloud based apps can leave a patient’s information vulnerable to an attack. Other everyday problems like weak passwords, shared passwords between healthcare providers, stolen backup discs and poorly protected servers only add to the problem. Preventing breaches means improving security and constantly evolving to meet foreseeable problems. Providing only authorized employees like doctors or nurses with access codes can help to prevent information from falling into the wrong hands. Experts also recommend changing access codes and passwords often to improve security even more. You can also consider encrypting information, which will only become readable once an authorized user enters an accurate pin number. Another way of preventing breaches is scheduling regular meetings to discuss strengthening network security. Run refresher courses to remind employees about proper procedures and to brainstorm new ways to protect vital health care data.
References
Abouelmehdi, K., Beni-Hessane, A., & Khaloufi, H. (2018). Big healthcare data: preserving security and privacy. Journal of Big Data, 5(1). https://doi.org/10.1186/s40537-017-0110-7
Habib, M. A., Faisal, C. M., Sarwar, S., Latif, M. A., Aadil, F., Ahmad, M., Ashraf, R., & Maqsood, M. (2019). Privacy-based medical data protection against internal security threats in heterogeneous Internet of Medical Things. International Journal of Distributed Sensor Networks, 15(9), 155014771987565. https://doi.org/10.1177/1550147719875653
Sachi
Healthcare cybersecurity has become one of the significant threats in the healthcare industry. As a whole, IT professionals must continually address healthcare data security issues because of specifics outlined in the Health Insurance Portability and Accountability Act (HIPAA) laws and the ethical commitment to helping patients, and the damage that healthcare security breaches can have on their lives. Electronic health records, also referred to as EHRs, contain a host of sensitive information about patient’s medical histories, making hospital network security a primary IT concern.
In addition, EHRs make it possible for physicians and other healthcare professionals, and insurance companies to share essential information. This makes it easier to coordinate care and facilitate insurance matters (Jayanthi A. et al.). Never before have medical professionals been able to collaborate in such dynamic ways to meet patients’ needs. While this may seem straightforward, healthcare data security presents many challenges, both common to the IT field and unique to hospital cybersecurity. As a result, some potential threats are considered significant risks.
Staff: Employees have easy access to patient files. While the majority won’t abuse this power, there’s no guarantee some won’t steal sensitive information. Criminals can use this type of information in identity theft, but it can also intimidate or even blackmail people.
Malware and phishing attempts: Sophisticated malware and phishing schemes that plant malicious scripts on a computer or steal login credentials can compromise an entire system (Luna R et al.). One of the most challenging issues dealing with malware is that it only takes one seemingly authentic link to introduce a nefarious cyber presence into your network.
Vendors: Healthcare providers often work with vendors without assessing the accompanying risk. For example, if a hospital hires a cleaning company, its employees might gain access to computers.
Unsecured mobile devices: Healthcare facilities that allow mobile logins don’t always require the devices to meet security standards. This leaves their networks vulnerable to malware and hackers since all of the organization’s planning and security do not influence staff communication devices.
Lost and stolen mobile devices: Lost or stolen devices represent an enormous risk in much the same way. Any mobile device used to access a facility’s network becomes a liability as soon as it is lost or stolen.
Online medical devices: The security of online medical devices is often lacking, making them easy targets for hackers. There was a time that tools such as infusion pumps only provided information to the doctor and patient involved (Blanke SJ et al.). However, due to advancement, the threat was also raised.
Unrestricted access to computers: Computers that aren’t in restricted areas can easily be accessed by unauthorized personnel. In addition, if these open computers are connected to sensitive patient information, unauthorized staff or others in the area could quickly find damaging information. The Inadequate disposal of old hardware would be easy to believe that once you’ve deleted information, you no longer have to worry about people accessing it.
Reference
Jayanthi A. The first known ransomware attack in 1989 also targeted healthcare. http://www.beckershospitalreview.com/healthcare-information-technology/first-known-ransomware-attack-in-1989-also-targeted-healthcare.html.
Luna R, Rhine E, Myhra M, Sullivan R, Kruse CS. Cyber threats to health information systems: A systematic review. Technol Health Care. 2016 Jan 27;24(1): 1-9. Available from: 10.3233
Blanke SJ, McGrady E. When securing patient health information from breaches, your best medicine is a dose of prevention: a cybersecurity risk assessment checklist. J Healthc Risk Manag. 2016 Jul; 36(1): 14-24. Available from: 10.1002/jhrm.21230.
0 comments