Part 2
Use the research sources and tools described in Chapter 1 and the lecture slides to collect what information you can on a company of your choice. Prepare a short report (no more than 4-5 pages) and deliver by the next class.
Please use a tool such as Maltego or Recon-NG to create your report – these are available from Kali.
Important: This is a footprinting exercise, NOT a scanning exercise. Passive lookups only!
Security and Privacy of Electronic Docs.
2-3Pages with references
You work for a company that is allowing its sales people to work from home
They use Google WorkSpace for:
As the risk management group:
8
The impact of COVID-19 on cybercrime trends in healthcare: A Comparative study of healthcare agencies in Virginia.
Objectives
The objectives of the study are to reflect the developing cybercrime trends that have been brought by the pandemic. The study will also provide strategies that healthcare sector in Virginia can employ to contain cybercrimes and also discuss how the study relates to the master plan of containing cybercrime activities in healthcare centers in Virginia.
Project Plan
Particularly in Virginia, cases of cyber criminals targeting patient portals with the aim of stealing patients’ information has become rampant owing to the fact that many patients are using these portals to access a wide variety of services from their health facilities and they are unaware of potential scammers who may be targeting them with false ads with the intention of stealing their data. the project will therefore begin by analyzing the top trends that criminals are using to steal data from the patients while they are accessing medical services through portals and then follow the emerging issues within the health sector as the pandemic continues to prevail. The study will then proceed to reflect on the strategies the health sector in Virginia can employ to safeguard their patient data, and illustrate how this content is relating to the master program.
Top Trends of the Cybercrimes in the Healthcare Industry
Using the connectivity of the internet is one of the most widespread method used in the healthcare industry and in safeguarding sensitive client information have vastly changed. Historically, health data and client information were paper records that were safeguarded within hospitals and required a physical data breach or a misplaced file to effect hundreds to thousands of patients. But today, both health data and sensitive client client’s information is kept in a large quantity on a network easily assessable by staffs from different locations, which offers various access points for a data breach, potentially affecting millions of patients. Much of this sensitive information can be accessed using the internet of things (IoT). There is an increased use of IoT in the healthcare industry with no increase in cybersecurity measures which increases the possibilities of a cyberattack by creating multiple access points into a weakly defended network (Kruse et al., 2017). The healthcare industry continues to be a lucrative source for cybercriminals to gain profit from. Cybercriminals can gain profit from selling identity information, insurance credentials, medical credentials, or from gaining access to prescription medication.
Cybercriminals are using various trends including phishing which is disguising some information as genuine content and trick the user to click on them and submit vital information such as their social security numbers. In most cases, these criminals pose as genuine health care agents requesting patients to fill out numerous forms to update or read certain content that they must download using their personal data. another technique is through malware which are trackers that are installed by the hackers to detect patient’s activity while they are online. These trackers capture patient’s information through screenshot which the criminals can easily take advantage of (Yadav et al., 2021)). Cyber criminals are going to the extent of attacking patients through the sledge hammer technique which is by guessing their passwords as they believe that patients have a tendency of reusing their passwords for the fear of forgetting if they add a new password. Therefore, criminals can easily guess most common passwords that people use such as their birthdays especially if they are popular persons and use them to steal their personal data.
The healthcare industry in Virginia remains at a great risk to cyberattacks and cybercrimes, as it has not kept up adequately with modern trends and threats to cybersecurity. Most of the healthcare organizations in Virginia are unprepared, ill-equipped, lack funding and expertise necessary to deal with cyberattacks and threats. Currently, there are set rules and regulations aimed at protecting sensitive patients’ information such as the cyber disclosure act 2015, the 1999 Gramm-Leach-Bliley act, the omnibus rule, homeland security act, and the health insurance portability and accountability Act of 1996 (Lallie et al., 2021). On the other hand, these laws and regulations are unclear in outlining security expectations and procedures. These vague laws coupled with a lack of cybersecurity expertise and funding further aggravate the issues. Mostly, the top management in healthcare are not actively involved in taking time to really understand cybersecurity safeguards or vulnerabilities in their system and take actions which are lacking data to boost them. There is no cybersecurity certification mandating compliance in the healthcare which may be seen in other industries and the HITECH Act only requires healthcare specialist to report a security breach when more than 500 patients have been affected.
Emerging Issue in the Healthcare Industry
The health care industry is continuing to adapt to the innovations of technology and the transition to electronic-based system and telehealth services, the organizations are left vulnerable to experiencing cybercrimes. Healthcare devices are constantly changing and evolving and becoming more and more interconnected with other hospital devices and networks. The new measures to contain the virus requires healthcare facilities to maximize the services they provide their patient with through online self-service portals. These portals are not adequately safeguarded and they can therefore be used by cyber criminals to access the healthcare network. Patients and healthcare professionals are using remote and IoT medical equipment for various reasons such as keeping track of how many beds are vacant, medication notifications, monitoring patients, sending device and health information, telemedicine, and education. In the healthcare industry, IoT devices have been very useful yet they leave the organization more susceptible to cyberattacks when compared to the regular computers due to weaker security systems as well as lack of updates. Through the process of medical Device Hijacking, cybercriminals take the advantage of the IoT’s flaws to exploit unprotected medical devices. This process happens when a hacker injects malware into medical IoT to move through the hospitals networks until they connect with a device, they are interested in. For instance, a hacker can inject malware into diagnostic equipment such as an MRI and spread to other equipment such as ventilators until it has reached the nurses station computer where it can then access medical records and send information to the hacker
There is an increased cyberattacks on the already vulnerable healthcare industry in Virginia, due to COVID-19 pandemic. In a rush to identify effective treatment for the deadly COVID-19 virus, the Virginia healthcare industry has been unable to strengthen their already weak security systems and shop for more secure network protections. The pandemic has caused a shift in how the healthcare system operates, moving large quantities of health data online with government access, moving operations to new locations, and increased use of IoT devices. When the pandemic was in full force, the healthcare in Virginia was forced to rollout various designs to assists in the treatment and communication of patients virtually, this created further access points for cybercriminals. Additionally, due to the quantity of patients needing treatment for the virus, health facilities across Virginia were forced to move operations to off-site remote medical centers that required a large amount of funding, making them vulnerable. Cybercriminals have taken advantage of the current climate and sought to steal valuable data from agencies rapidly deploying remote work.
Strategies to contain cybercrimes in health care
The first strategy is by educating the patients and employees on how they can protect themselves as they are accessing the online services. This involves training them on how to identify fake advertisements and messages which the criminals use to trap them into submitting their personal information. This is ideal in providing them with full knowledge that will encourage them to surf the internet by using the relevant caution when it comes to handling their own data while online. Another way is to limit the number of devices the patients are using to access their portals (Fuentes, 2017). Therefore, healthcare facilities should limit the number of devices that are accessing a certain patient’s page at a go to minimize the ability of criminals to hacking into the system and compromise the patient information. Additionally, healthcare in Virginia must ensure to limit the number of people who can access patient data and ensure that they provide the employees with one time passwords to prevent third parties from learning the passwords and use it to access patient data.
Results
The outcome of this research is that it will play an integral role in raising awareness to the healthcare facilities around Virginia on the prevalence of cybercrime threats that are facing their patients and hospital systems as well. The report has revealed the techniques that the criminals are using to trick patients into giving out their personal information to these criminals who later use them for their own benefits such as acquiring loans or sell them to other third parties for greater profits. The study also intends to educate the healthcare facilities on the strategies they can use to contain cybercrimes in the healthcare industry such as educating patients on strategies they can use to identify false messages sent to them by criminals. Another strategy is to limit the number of devices that are accessing the patient’s portal at the same time to reduce the opportunity of criminals from using this as an advantage and increase the vulnerability of the entire patient data.
Relationship to master program
This report directly relates to the master programs because it will be delivered at a time when many healthcare agencies have started to report cybercrime attempts targeting to steal valuable healthcare data research in the middle of the pandemic. I also know that various classes(IT 597, 547, 545 and 670)in my cybersecurity program will play major role in my project work. According to a mid-year report that was released by Fortified found that 60% of data breaches to the healthcare system, were mainly caused by cybercrime as opposed to those working for the healthcare systems. Besides that, ransomware attacks on the healthcare system appears to have spiked in April 2020 (Wells, 2021). After the reports of cyber-attacks on healthcare system were released, cyber security and infrastructure security agency started advising healthcare organizations to strengthen the password security and establish a two-factor authentication for sensitive healthcare data and information. There is a rise that has been created by the pandemic in sophisticated cyberattacks as the world began becoming increasing connected.
References
Fuentes, M. R. (2017). Cybercrime and other threats faced by the healthcare industry. Trend Micro.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10.
Abulencia, J. (2021). The cost of cybercrime in the US healthcare sector. Computer Fraud & Security, 2021(11), 8-13.
Lallie, H. S., Shepherd, L. A., Nurse, J. R., Erola, A., Epiphaniou, G., Maple, C., & Bellekens, X. (2021). Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 102248.
Wells, R. M. (2021). Identifying Trends Associated with Cyber-Crime in Healthcare Industries (Doctoral dissertation, Northcentral University).
Yadav, H., Gautam, S., Rana, A., Bhardwaj, J., & Tyagi, N. (2021). Various Types of Cybercrime and Its Affected Area. In Emerging Technologies in Data Mining and Information Security: Proceedings of IEMIS 2020, Volume 3 (pp. 305-315). Springer Singapore.
Writing a Literature Review
1
.
What is a literature review?
A literature review is a description of the literature relevant to a particular field or topic. This is often written as part of a term paper or project. A critical literature review is a critical assessment of the relevant literature. It is unlikely that you will be able to write a truly critical assessment of the literature until you have a good grasp of the subject, usually at some way into the project.
How does a literature review differ from other assignments?
The review, like other forms of expository writing, has an introduction, body and conclusion, well-formed paragraphs, and a logical structure. However, in other kinds of expository writing, you use relevant literature to support the discussion of your thesis; in a literature review, the literature itself is the subject of discussion.
What counts as ‘literature’?
‘Literature’ covers everything relevant that is written on a topic: books, journal articles, newspaper articles, historical records, government reports, theses and dissertations, authoritative Web sites, etc. The important word is ‘relevant’. Check with your professor when in doubt.
2.
Why do a literature review?
A literature review gives an overview of the field of inquiry: what has already been said on the topic, who the key writers are, what the prevailing theories and hypotheses are, what questions are being asked, and what methodologies and methods are appropriate and useful.
A critical literature review shows how prevailing ideas fit into your own thesis, and how your topic agrees or differs from them.
How many references to look for?
This depends on what the literature review is for, and what stage you are at in your studies. Your professor should specify a minimum number of references.
The number of references in a literature review is given in the syllabus:
3.
How to write a literature review
The literature search
Find out what has been written on your subject. Use as many bibliographical sources as you can to find relevant titles. The following are likely sources:
· Bibliographies and references in key textbooks and recent journal articles. Your professor can help determine which are the key texts and relevant journals.
· Authorative Web sites,
· Abstracting databases, and
· Citation databases.
Many abstracting journals and electronic databases are available through the University Library’s Aladin system (https://www.aladin.wrlc.org)
Using the specialist librarians
The University Library has two specialist librarians devoted to the School of Business Administration:
Mason Yang – specializes in information technology and management science
Marcia Dursi – specializes in other business topics
They can help you decide which databases and bibliographies are relevant to your field, and can advise you on other sources for your literature search.
Noting the bibliographical details
Write down the full bibliographical details of each book or article as soon as you find a reference to it. This will save you time later on.
Finding the literature
The full text of many journal articles can be found on electronic databases found through the Aladin system.
Once you have what looks like a list of relevant texts, you have to find them. The Aladin system provides information on material available at Marymount or other university libraries in the area.
If the book or journal you want is not held at Marymount, you may be able to access it through inter-library loans. Check with the library annex on the 5th floor of the Ballston Center or the main library on campus.
Reading the literature
Before you begin to read a book or article, make sure you written down the full citation as stated above.
Take notes as you read the literature. You are reading to find out how each piece of writing approaches the subject of your paper or project, what it has to say about it, and (especially for research students) how it relates to your own thesis:
· Is it a general textbook or does it deal with a specific issue(s)?
· Is it an empirical report, a theoretical study, a sociological or political account, a historical overview, etc? All or some of these?
· Does it follow a particular school of thought?
· What is its theoretical basis?
· What definitions does it use?
· What is its general methodological approach? What methods are used?
· What kinds of data does it use to back up its argument?
· What conclusions does it come to?
Other questions may be relevant. It depends on the purpose of the review.
You should never just sit down to read academic works as if they were novels or magazine articles. Academic study is not suited to such an approach, and the chances are you could spend hours reading and then not have a clue what you have been reading about. Instead, think about the following:
·
Be selective
Check through the items on your list.
Which are basic texts, and which are more detailed? (Will you need basic information or more specific information for your assignment?)
Which are the most accessible to you? (Texts which are crystal clear to one person may be incomprehensible to another, and vice versa—this is not a matter of ‘intelligence’, but of a preference for a particular presentation and style)
Which are reasonably available? (It is no good pinning your hopes on a book if there is one copy in the library and 30 students wanting it.)
·
Set a realistic time frame for any reading task
Do not read any longer than you can concentrate. It doesn’t matter if your attention span is short—just set your tasks accordingly.
·
Never read without specific questions you want the text to answer
If you want your reading to stay in your memory, you must approach your text with a list of questions about the particular information you are after, and search the text for the answers to those questions. Don’t just read with the hope that an answer will appear.
·
Never start reading at page 1 of the text
If there is a summary, a conclusion, a set of sub-headings, or an abstract, read that first, because it will give you a map of what the text contains. You can then deal with the text structurally, looking for particular points, not just reading ‘blind’ and so easily getting lost.
·
Read only as much as you need to get the information you are after
For example, if a piece of information you need is in the abstract of an article, why read the whole article unless you have time to spare?
If a point is clear from reading a summary, is there any benefit in reading through the complete text of a chapter?
If you are interested in the overall findings of a study, do you really need to read the methodology and results sections?
Always keep in mind what you need, what is relevant to the question you are asking the text.
·
Don’t panic if you cannot get hold of a particular text
Information may be found in various places. Think about looking further afield and being creative in your information searches.
Writing the review
Having gathered the relevant details about the literature, you now need to write the review. The kind of review you write, and the amount of detail, will depend on the level of your studies.
Important note:
do not confuse a literature review with an annotated bibliography
.
An annotated bibliography deals with each text in turn, describing and evaluating the text, using one paragraph for each text.
In contrast, a literature review synthesises many texts in one paragraph. Each paragraph (or section if it is a long thesis) of the literature review should classify and evaluate the themes of the texts that are relevant to your thesis; each paragraph or section of your review should deal with a different aspect of the literature.
Like all academic writing, a literature review must have an introduction, body, and conclusion.
The introduction should include:
· the nature of the topic under discussion (the topic of your thesis)
· the parameters of the topic (what does it include and exclude)?
· the basis for your selection of the literature
The conclusion should include:
· A summary of major agreements and disagreements in the literature
· A summary of general conclusions that are being drawn.
· A summary of where your thesis sits in the literature (Remember! Your thesis could become one of the future texts on the subject—how will later research students describe your thesis in their literature reviews?)
The body paragraphs could include relevant paragraphs on:
· historical background, including seminal texts;
· current mainstream versus alternative theoretical or ideological viewpoints, including differing theoretical assumptions, differing political outlooks, and other conflicts;
· possible approaches to the subject (empirical, philosophical, historical, postmodernist, etc);
· definitions in use;
· current research studies;
· current discoveries about the topic;
· principal questions that are being asked;
· general conclusions that are being drawn;
· methodologies and methods in use
Citations
All citations should be in the American Psychological Association (APA) format, the standard for the School of Business Administration. The overall format is:
Contributors’ names (Last edited date). Title of resource. Retrieved from http://Web address For example:
Angeli, E., Wagner, J., Lawrick, E., Moore, K., Anderson, M., Soderland, L., & Brizee, A. (2010, May 5). General format. Retrieved from http://owl.english.purdue.edu/owl/resource/560/01/
1