Term Project paper

Running head: Information security threats 1

Information security threats 7

Information security threats

Khaleem Pasha Mohammad

Campbellsville University

Introduction

The development of technology has been greatly embraced in hospitals, saved innumerable lives, and improved the quality of care provision. Not exclusively has technology changed patients knowledgeable and of their families but further consideration has had a significant impact on the strategy and practices of practitioners. One in every five of the areas that have greatly embraced technology is care data. Technology has helped inside the treatment of care records through the introduction of electronic health records, that's exchange paper records. With the availability of electronic care record (EHR) systems, a nurse can merely check for patients’ allergies, case history, weight, age, and prescription through the press of a button. However, the most quantity as institutions are clasp technology to stay up their health records, there are series of risks associated with these technologies. Since the start of technology inside the upkeep of care records, the care trade has been a primary target for cyber crimes. The motives behind cyber-attacks on care are clear as insurance firms, hospitals, care clinics, and totally different care suppliers keep health records that contain valuable information. The use of America Department of Health and Human Services for Civil Rights has acknowledged that over 100 million people square measure suffering from care data security breach. Gregorian calendar month 2015 was a foul month for electronic data jointly of the most important hacks on health care records on Anthem Blue Cross resulting in over seventy-eight million patients’ health data was taken. The cyber-attack scarf sensitive data that contained social securities, names, and residential addresses of people. Constant year, Premera Blue Cross reported that a cyber-attack has exposed medical information of over eleven million customers. Back in 2011, over 4.9 million health records were taken electronically from Science Application International Corporation. These are few cases of a care data breach with sensitive data falling into the hands of third parties. In guaranteeing that there are privacy and security in care records, bureau insurance mobility and responsibility (HIPPA) is providing legislation that hospital and totally different institutions that handle patient’s data to adopt in guaranteeing that varied security measures are enforced in protecting data.

HIPPA and Security Compliance

As much as institutions are clasp technology in storing care data, it is vital for institutions like HIPPA to regulate these bodies to substantiate that shopper rights are protected. The HIPAA Security Rule provides that electronic records of patients got to be protected in any respect times from any unauthorized access nonetheless the information being at rest or in transit. The HIPAA security rule was enforced and designed to be versatile enough to cover all areas of security whereas not requiring specific procedures. As a result, each organization is liable for shaping their security needs and implementing varied security measures to substantiate there are not any breaches. This rule applies to the coated institution and their business associates. Coated institutions embody care suppliers, health plans, associate degreed care clearinghouses administrative body use electronic care data whereas a business associate can be someone or Associate in a nursing entity that handles health data through the permission of coated entities.

HIPAA demands that coated institution implement three O safeguards in protecting electronic protected health information (ePHI). These safeguards are a body, physical, and technical safeguards. Body safeguards are the inner policies and procedures that a corporation adopts in determinative the documentation processes, roles, and responsibilities, data maintenance, work wants in handling ePHI. The physical safeguards are physical security measures to substantiate that ePHI. Such is not taken physically such measures embody framed windows, the safe location of serves and computers, security system and police investigation video, and fast doors. The last safeguard live can be a further sensitive area that touches the arena of technology. Technical safeguard permits the usage of technology to protect care records.

Institutions that are tagged as coated entities are required to by the Federal laws to all fits the foundations and regulation printed by HIPAA failure to which may lead to unwanted fines and penalties. The Civil penalties might even be huge up to $1.5 million. Those found accessing or commerce ePHI illegally face a jail term of up to 10 years or important fines amounting to $250,000. Simply just in case ePHI breach happens, coated entities are required to convey notice the affected patients and simply just in case the breach is further severe, the secretary of Health and Human Services or the media got to be notified.

Cases of ePHI stealing

Despite varied safeguards enforced by coated entities and their business entities, care data remains being taken massively through the assistance of technology. inside the past six years, care data breaches have intense in every size and frequency with the largest ePHI breach moving over seventy 9 million people. Once care breach happens, extraordinarily and sensitive information is exposed like a statement, welfare numbers, home addresses, names, insurance information, and patient’s case history. These health data contain valuable information that blackmailers can use to ransom victims. Health data breaches do not appear to be a tiny low issue facing every coated entity and medical customers. As of Feb 2017, care data beaches had affected over twenty-sixth of care customers with 5 hundredths of these victims stricken by medical fraud resulting in a median of $2,500 out of pocket costs. The U.S. Department of Health and Human Services geographical point for Civil Rights has reported that over 100 million yanks are victims of hacks and cybercrimes. Anthem Blue Cross has created history by news over eighty million people ePHI was taken in 2015. Inside an equivalent year, Premera Blue Cross, Excellus Blue Cross, and additionally the University of Golden State, la Health reported eleven million, 10 million and 4.5 million of taken care records severally. Such cases are still happening nearly daily. Most of these data breaches occur through cyber-attacks which means that hospitals got to adopt newer and security safeguards in guaranteeing that data is protected in any respect costs.

Technical Safeguards

Technical safeguards are technological processes that the hospital got to place in place to substantiate that data is protected. With the rise of technology, people have gotten smarter on the usage of computers and inside the strategy, such folks are utilizing their skills illegally and by hacking institutions like hospitals in accessing valuable data. Despite inflated cases of evildoing and hacking, hospitals got to make certain that they have updated and well-functioning technical systems to substantiate there is unrestricted access. As a corporation, it is vital to inform totally different employees members are all trained on the topic of care cybersecurity protocols. The foremost vulnerable and weakest cybersecurity link is medical staffs administrative body have no information of cybersecurity. As result, this individual is not on the face of it to line passwords on their computers or if they set passwords, the passwords are on the face of it to be short and easy to remember. To boot, the usage of one word across varied platforms to boot can increase the possibilities of being hacked. Therefore, employee’s members got to be educated on the use of durable passwords and passcodes for mobile devices. All a criminal needs are to urge one in operation word and then apply to its victim and steal data. To boot, these data thieves can go ahead with either leaky patient's data online or even modification patients data during a} very system. However, through work, employee’s member’s square measure usually galvanized to urge their passwords on a periodic basis. This will stop the security breach next time, as a result of the criminal would be allowed to access a given system. To boot, these passwords got to be held on in secure places and at constant time, these passwords got to never document that is on the face of it to be shared. Cases like writing passwords on sticky notes and protruding constant at a lower place the drawer got to be avoided.

Using advanced data Security

Many databases are primarily all-or-none information access that also is unbelievably vulnerable to modern cybercrimes. As a result, it is vital for hospitals to stipulate administrative body can access what data at the foremost granular level. The exposure to worry data electronically even to valid users might a time violate a patient’s privacy and place the health shopper at unwanted risk. As a result, dominant or prescribing the access of information at the info the information the information level eliminates such spare risk and extra considerably bars the exploitation of network or application flaws which can expose sensitive data to the overall public. Measures just like the Enterprise NoSQL information platforms that have MarkLogic infrastructure reassures medical employees that data is free from siphoning as data can exclusively be accessed from the information. This is often the huge step towards combating ePHI data breaches cases and extra considerably meeting evolving cybersecurity demand of the fashionable enterprise such cloud computing. MarkLogic 9 information has choices that in most cases tend to forestall unrestricted data access. MarkLogic 9 uses advanced cryptography that forestalls data from executive threats and external cyber security through utilizing advanced key management, standards-based cryptography, and granular separation of duties. To boot, this advanced information has element-level security measures that tend to allow specific information to be hidden from specific users like hackers. As a result, it's very arduous for hackers to access some specific information thus providing a further granular level of security.

Maintaining a stratified weapons system

WannaCry was one in every of the Ransomware virus that attacked many computers that traveled across network merely and invisibly. This Ransomware virus was able to unfold to institutions like hospitals as results of weakness during a} very network system. In most cases, people tend to use easy anti-virus on a laptop personal computer and expecting data to be safe. Like in physical safeguards, one should access, the foremost gate, then through the foremost door, notice a watcher stationed during a} very given door, a door with a padlock and then to servers that are strategically settled. Such a case gift a layer of security levels that one should encounter before accessing data. The constant case got to even be reflected in security systems. Using a stratified security system during a very network as having multiple layers might absolutely stop from gaining access to a hospital network. To boot, this multiple layer system offers the IT skilled to identify a hack as a result of the hacker is taken through varied layers before he/she can access the valuable data. A stratified security system got to have perimeter defenses that embody firewall, antivirus filter, and intrusion-detection system which can facilitate to stay dangerous traffic out of a network. Secondly, it got to have a network integrity system layer that's that the essential is between a network perimeter and additionally the applying weapons system. This security layer depends on up-to-date, automated, and policy-driven traffic management system which can establish network anomalies and within the time block these anomalies. The third security layer is that the applying entree layer that scrutinizes the content of the traffic in academic degree application. Choices like Secure Sockets Layer, XML security, and e-mail spam filters offer a mechanism to substantiate that traffic reaching a given application is clean, efficient, and secure. The fourth layer is that the host integrity layer that is a security system protection configuration. Examples embody intrusion-prevention code, host-based antivirus, and spyware tools. Being the innermost layer of security, they guarantee there is the last resort security for the application. With such refined layers of security during a} very network offers hackers a troublesome time in accessing vital information and as a result, a hacker might notice it arduous to attack a hospital network. To boot, hospitals that are unacquainted their vulnerabilities notice it a lot of sturdy to protect themselves from cyber crimes. Continuous analysis of a network ensures that vulnerabilities are acknowledged and effective measures are placed in a place to forestall security breaches.

Importance of Patients’ Security and Privacy

HIPAA provides a restrictive framework that hospitals got to abide by all times. Despite institutions provide relevant safeguards in guaranteeing that patient's data is protected, hackers have tried to be smart and are returning with newer ways of accessing data illegally. However, this does not indicate that hospitals got to quit on protecting their patients' data in any respect time. Non-compliance with HIPAA laws and regulation has resulted in the institution and other people being exposed to important fines and jail terms. One amongst the foremost necessary consequences of care data breaches is that the steep fines hospital is faced with. The costs associated with care data breaches amount to over $6.2 billion yearly that's identical of a median data breaching amounting to $ 3 million across all industries. On the alternative hand, in cases of health data breach institutions pays huge amounts with over $500,000 spent on compliance personnel to detail the information that broken and shut down the mess. Costs do not appear to be exclusively incurred in paying for fines and cleaning up the mess but to boot costs square measure usually incurred simply just in case a hacker asks for a ransom. In 2017, Indian based totally Cancer Service Centre servers and backup’s drives were attacked. The care data was stripped, encrypted and brought for ransom by the Dark Overload hackers. These hackers were rigorous a ransom of $42,000 and fifty-bit coins. These amounts are huge and should be avoided if correct security mechanisms are enforced in an exceeding company. For an evildoing to be effective, a hacker ought to notice the weakness within a system and exploit. Therefore, it's extremely necessary to assess technological security systems and provide measures to beat future evildoing attacks.

Reputation is academic degree quality that firms treasure most of the time. There are varied factors that will taint the reputations of institutions like hospitals. Once data breaches occur, patients’ vital information like names, bank details, addresses, case history, and allergies is exposed to third parties. Once patients move to hospitals they provide this information bearing in mind that the information they are giving out is sensitive and cannot be accessed by unwanted parties. The most quantity the most quantity as a result of the blame is to be placed to worry organizations, these organizations have enforced varied security measures to substantiate privacy and security of knowledge, but due to extended information in systems, hackers can access firm’s server and steal data. Once Anthem Blue Cross was hacked in 2015, the company had placed within the most up-to-date security measures but still, hackers were able to steal vital information. The bottom line of the breach is named injury as patients (customers) might perceive that these institutions that they have entrusted with vital info do not appear to be taking the obligatory steps to protect their data. Once the name is broken, a corporation might lose its customers and may finish in revenue reduction.

Conclusion

Electronic care data is unbelievably sensitive once it's on the inaccurate hand. In visiting hospitals, patients give out varied details regarding themselves like names, addresses, case history, welfare selection, and their bank details. Once such information leaks to the inaccurate hands, cases of fraud might even be the result. HIPAA is one in every one of the restrictive agencies that has championed ePHI privacy and security. As per HIPAA regulation, care institution got to provide body, physical, and technical safeguards to substantiate patients' data is protected. With technology, electronic data is further sensitive to evildoing. As a result, care suppliers are required to urge on my feet on prime of evildoing by adopting measures like advanced data management systems and stratified security system. Inside the adoption of such mechanism, care institutions can avoid the dire consequences of knowledge breaches that has important fines and name injury. Therefore, the most quantity as institutions are clasp treatment of health records, it's a necessity to implement technical security measures to assure data privacy and security.