Deliverable
Prepare
a report to address all aspects of the case study/assignment. This
report should be no less than 10 pages of content. You need to include
outside sources and properly cite and reference your sources. You must
have at least 10 references, 7 of which must be scholarly peer-reviewed
articles. In addition to the 10 pages of content, you will want a title
page and a reference sheet. This report needs to be in proper APA
format.
Assignment
Smith Hospital is a
leading health care provider within Kentucky (having five locations
throughout the entire state). The system they use is a popular
Electronic Health Record system called EPIC. To learn more about this
EHR system visit: https://www.epic.com/. On September 15, Daniel Brown (CIO of Smith Hospital) was notified that about two major incidents.
The
first incident occurred at the northeast office in which the IT server
room was burglarized during normal business hours. It was determined
that iPhones, laptops, flash drives and one server was stolen. Local
police were notified, and the incident was reported on that date.
The
second incident occurred at the southwest campus in which the entire IT
system was hacked. Local information security staff determined that 80%
of patient’s PII to include social security, insurance provider,
mailing address and phone number were obtained.
You are Daniel Brown and need to respond to these incidents by taking action immediately.
You will need to complete the following:
- Develop
an Incident Response Policy for Smith Hospital that will be used to
help with Scenario #1 and #2 (create two separate response policies) (this is an attachment that should be included in your paper and referenced in your presentation). - Upon developing the Incident Response Policies, evaluate the incidents described above:
- Summarize the data incident and potential level of risk, include why?
- Upon
identifying the types of data that could potentially be impacted and
what laws/regulations could be in violation of non-compliance if this
data was breached - Develop your action plan to evaluate this data incident (include your rationale for why the steps were necessary)
- Describe how the Incident Response Policy supported your actions
- Identify any issues that made the evaluation more difficult
- Identify areas of future risk mitigation actions should a similar incident occur (look at the gaps or issues with this scenario)
- Close
the incident (NOTE: The outcome of the incident did not surface any
major risks or data breach to the company, but it took the evaluation to
get to this conclusion)
0 comments