CMGT400 Week 2 Individual Assignment Common Information Security Threats
CMGT400 Week 2 Individual Assignment Common Information Security Threats
Popular in Course
verified elite notetaker
Popular in Department
This 0 page Study Guide was uploaded by tophomework Notetaker on Sunday November 15, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 18 views.
Reviews for CMGT400 Week 2 Individual Assignment Common Information Security Threats
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/15/15
CMGT4OO Common Information Security Threats Ohio Health I have chosen the institution or business that I work for namely the Ohio Health Organization The Ohio Health Organization is one with a long history The quotOhio Health Our Historyquot 2012 website states that it was arguably started in 1891 when Protestant hospital was officially granted nonprofit status making it a corporation It was constructed in 1898 and for the next one hundred and fourteen years a family of hospitals and ancillary care providers would be gathered together to form the organization that is number 62 of the Top 100 Places to Work according to Money magazine and its sister website CNNMoneycom Highlights like Protestant hospital changing its name to White Cross hospital in 1922 then changing its name again to Riverside in 1961 picking affiliations with Scioto Memorial and Southern Hill Hospitals in 1983 being an instrumental part of the formation of the US Health Corporation which brought Mercy Hardin and Morrow County hospitals to the fold in 1984 This tradition of success continued with the introduction of a Home CareHospice department 1985 the acquisitionsaffiliations of Marion General 1986 Portsmouth 1987 Grant 1989 Galion 1994 Finally becoming Ohio Health in 1997 Not content to rest on their laurels this burgeoning medical force is still moving forward As of this decade institutions like O39Bleness Memorial Genesis and Samaritan have all joined the fold The future for this organization is a large one Unfortunately with success there come those would exploit or attempt to sabotage said success In mid2010 the Ohio Health interests were attacked en masse by a variant of the Sality virus The virus attacked the registry of all infected pc and caused throughput and application response time to slow to a virtual standstill It was perhaps a fortuitous happening because once the immediate problem was resolved OhioHealth recognized a serious need to revamp and restructure their data protection plans The Beginning of Change In this case it would seem that Ohio Health was to blame for their own misery Coincidentally three main contributing factors aided in the successful breach of Ohio Health39s information resources The first is that in 2010 Ohio Health39s only protection against intrusion was provided by MicroTrend When used properly this software can be reasonably adequate protection for smaller businesses and pcs However the version of Trend Micro that was used was outdated and inadequate In addition to these woes the virus had gotten past the AV program and was collecting valuable and sensitive information Lastly this large company had no real policy of structured access to company information This enabled the virus to spread unchecked and with alacrity The problem got to the point that it became untenable and to finally rectify the situation they had to y in an engineer from Trend Micro to create and implement a Sysclean application After that debacle the Ohio Health system realized that its current system of information security or lack thereof could no longer stand Three Main Problems A business like Ohio Health is a medical one so the main problems are easy to diagnose no pun intended Patient information patient privacy and employee information are the main areas that need to be addressed There is always a market for consumer information of any kind and an individual s medical information is no different It may even be more valuable than the normal information that a phishing or hacking attack would normally gather from a retail account This information could be used to embarrass extort or target market patients and employees The plan to fix these issues is not a hard one to follow The task of creating it has even been taken by the federal government Two federal mandates have been created to establish parameters of protection and accountability from healthcare providers the HIPAA and HITECH initiaiveshave been enacted and all American healthcare providers are under federal pressure to become compliant under President Obama s healthcare initiative by 2014 HIPAA according to the website HIPAA 101 stands for the American Health Insurance Portability and Accountability Act of 1996 is a set of rules to be followed by doctors hospitals and other health care providers HIPAA helps ensure that all medical records medical billing and patient accounts meet certain consistent standards with regard to documentation handling and privacy HITECH according to the website Vormetric stands for the Health Information Technology for Economic and Clinical Health Act This is part of the American Recovery and Reinvestment Act of 2009 ARRA ARRA contains incentives related to health care information technology in general e g creation of a national health care infrastructure and contains specific incentives designed to accelerate the adoption of electronic health record EHR systems among providers These two initiatives provide a much needed superstructure and pathway to an information security plan that is tailor made for the medical industry Possessing scalability and versatility this plan is close to being adopted nationwide by all healthcare providers perhaps also aided by the incentive provided by the caveat that all businesses that become HIPAA compliant by the 2014 deadline will receive a cash outlay The backside of this is that financial sanctions will also be imposed if a facility is not HIPAA compliant The New Safeguards To be sure Ohio Health has risen to the mandate A new host of safeguards have been initiated and are under constant review and revision both to make the compliance deadline as well as to insure the stability and security of the organization s livelihood What stands out the most are three separate measures The use of biometrics on all pcs and laptops helps to provide accountability and security in the form of fingerprint readers both implanted in new keyboards and separate from keyboards these latter are referred to as Blueberries The second is the use of what is termed PGP Whole Disk Encryption this is a safeguard against theft If a piece of Ohio Health computer equipment is lost or stolen it is impossible to even gain basic access without first entering a passcode to allow access to the desktop interface Lastly a system of job related access protocols has been established This prevents anyone from accessing portions of the massive database that are not directly realted to the person s job or position Even though it seems that it was a lesson learned the hard way Ohio Health has made the changes it needs to in order to stay a viable force in healthcare for the coming years References HIPAA 101 2012 Retrieved from httpWWWhipaa101com on March 13 2012 CNN Money 2012 Retrieved from httpmoneycnncommagazinesfortunebestcompanies2011indexhtml on March 13 2012 Vormetric Enterprise Encryption and Key Management Simplified 2012 Retrieved from httpWWWhipaasurvivalguidecomhitechactsummaryphp on March 13 2012 Ohio Health Our History 2012 Retrieved from httpWWWohiohealthcomohiohealthhistory on March 13 2012