Assignment Question:
In your responses to your peers, identify a cost or benefit of this choice.
PEER POST # 1
Considering the data breach scenario at Strand Memorial Hospital, it is imperative to approach the issue from a security and privacy perspective. However, my primary approach would be from a security perspective, focusing on protecting the data through encryption. This approach is justified by the need to safeguard sensitive patient information, such as social security numbers and insurance details, found in plain text on the stolen USB drive.
As Kim and Solomon outlined in “Fundamentals of Information Systems Security,” encryption is a fundamental security measure for safeguarding data. It involves converting data into a secure code that can only be deciphered with the appropriate encryption key. By encrypting sensitive patient data, even if the USB drive is lost or stolen, the information remains unreadable to unauthorized individuals. This provides robust security against data breaches and protects patients’ privacy.
However, it is crucial to recognize that encryption alone may not suffice. A privacy perspective should also be considered. Protecting the data by not moving it outside of the network in the first place is a vital step. This can be achieved through access controls, network segmentation, and strict data handling policies.
In essence, a dual approach is essential. Encryption adds a robust security layer, preventing unauthorized access to data even if it falls into the wrong hands. Simultaneously, from a privacy perspective, minimizing the movement of sensitive data outside the network reduces the risk of exposure. These two strategies work in synergy to protect both data security and privacy.
In conclusion, the approach to addressing the data breach at Strand Memorial Hospital should prioritize data security through encryption while also considering privacy measures to limit data movement. This approach aligns with the principles of information systems security and helps maintain the confidentiality of patient information.
PEER POST # 2
Just as the case study from previous week it was unfortunate that Dr. Beard had lost all that data first his laptop, the his USB drive, daily planner and lastly his username and password was on the back of his laptop. There was a lot of red flags that happened within that case study. Major information could be leaked out. Just as now, it’s released in an article that his USB drive contains sensitive patient data information including SSN, and insurance numbers as well. In this situation if I was the practitioner you next in line, meaning you under your Dr. So, I would need to take into consideration of not just both my job and his but think about the patients information. It’s already leaked about the USB drive, it’ll be another outbreak if the public found out that there was nothing being done about this situation and how am I going to contain this. First thing first is to react. I would consider to approach this situation from a security perspective. Using my resources that I have within the hospital working with the IT team to get it resolved. We also have to keep in mind that this is also a HIPPA violation that occur. Just as in the first case it’s against policy to work remotely, being that Dr. Beard did he caused an incident to happen that could’ve been avoided. But none the less I would work with my team to try to contain the information by encrypting it. Now, if it had gotten way out of hand that the team that’s in the hospital aren’t at that level to contain the situation then I would reach some outside resources finding cybersecurity professionals to help contain the situation. On the other hand I would consider privacy perspective as well because, if that person who leaked the information tries to come back to the facility acting like a sick patient or anything in that matter could potentially try to hack the system or even get information from the hospital it self.
In a security perspective I would also want to know who else has access to these files besides Dr. Beard. Was there multiple users who had access. And could we potentially add another form of security to it before it’s to late. For example, perhaps a second authentication like a two step verification would this be a possibility. I would ask my self multiple questions on how we can try to contain the information that could potentially be leaked out fully or haven’t. The twist stated that it was leaked but never said if the information was leaked just yet. So, time is of an essence here.
