Professional Documents
Culture Documents
Student’s Name
Institution
Course
Professor’s Name
Date
HEALTHCARE DATA BREACHES 2
The reliance on technological tools to manage data and run healthcare facilities initiates a
new wave of challenges. The information technology tools and systems manifest weaknesses,
including breakdowns and possible attacks from malicious individuals. As such, IT professionals
must be prepared at all times to manage IT failures whenever they occur. This paper employs the
WGU hospital scenario to evaluate privacy and security concerns involved in the use of
technology in a healthcare setting, especially after an attack on the systems. The outcomes of the
privacy and security outcomes should help develop systems and structures that should help
address similar breaches before and after they occur in the future.
Determining the number of patients whose information was breached should be among
the primary steps in mitigating the damages. Present data analytics assign users data access
profiles. With such profiles, each user is assigned the amount of data they can access (Hewitt,
Dolezel, & McLeod, 2017). In the case of the hospital, each doctor’s profile is assigned a
specific number of patients. The plan to determine the number of affected patients is to
triangulate the affected doctor's profile and possibly seal all their access.
The organization should explore three steps in comprehensive, focused risk analysis to
mitigate the outcomes of the breach. The first step in the risk analysis is to conduct triage. Every
breach should be analyzed by asking the “W” questions (Hewitt, Dolezel, & McLeod, 2017). The
HEALTHCARE DATA BREACHES 3
organization must attempt to answer the who, what, why, and where questions to address the
scope of the attacks. The IT security team and the incident team must collaborate in conducting
the triage. In the triage, the team assesses the areas affected most by the breach based on
triangulation data analytics outcomes. The second step should focus on managing the damage.
That is, the analysts should seal all the possible access points of the data breach. That should
happen by shutting down the system if the facility is still in charge. The third step in focused
risk analysis should be information. Every data breach comes with panic. The involved teams,
hence, must offer efficient and candid information to all the affected stakeholders.
The administration can implement multiple actions to prevent similar occurrences in the
future. The administrative safeguard activities emphasize the information system selection,
Primarily, the administration must implement policies on basic risk analysis and risk
management standards. That is, the organization must assess its systems periodically to
determine its weaknesses and strengths. The organization should also have a standard protocol
necessary in addressing possible breaches should they occur. The other administrative safeguard
measures worth considering include strategic information system activity reviews and
implementation of a sanction policy. When combined, such safeguard measures should assist in
A Technical Safeguard
HEALTHCARE DATA BREACHES 4
protect it from future breaches. The technical safeguard should control access to the health
information systems (Dolezel & McLeod, 2019). Some of the inputs to consider in developing
such a safeguard include user authentication and passwords to access the systems,
systems that track or audit employees with access to the systems. The organization can also
A Physical Safeguard
A healthcare organization can also protect its data from future breaches by implementing
a physical safeguard policy. A physical safeguard explores the physical procedures, policies, and
measures to protect the electronic information systems from unauthorized access (Dolezel &
McLeod, 2019). For example, the physical safeguard can consist of shredding unneeded
documents that can contain sensitive information, minimizing the amount of data in mobile
devices, and switching off mobile devices beyond some physical boundaries. The other aspects
of the physical safeguard measures should include locking offices and file cabinets and
controlling access to some areas in the facility with swipe card systems or photo identification
protocols.
The physician in the scenario should have two primary safekeeping practices to limit the
chances of similar occurrences in the future. Primarily, the physician should always ensure that
the mobile devices are kept in secure places (Wikina, 2014). Hence, the devices should be
HEALTHCARE DATA BREACHES 5
accessed or carried in places where their security is guaranteed. Carrying or accessing the device
beyond some physical boundaries should be a prohibition from the physician's point of view. The
physician should also ensure that the device is technically protected. The device should have
passwords or biometric access points activated to limit the chances of unnecessary access. Still,
the device should be attached to the mainframe so that it notifies the security team of any
possible breaches. Hence, physical safeguarding and technical safeguarding are ideal options for
HIPAA has a clearly defined policy on fines and penalties in case of a violation.
Primarily, willful violations of the rules should attract a minimum fine of $50,000. To the
responsible individual, the maximum penalty should be $250,000 (Towbin, 2019). Additionally,
restitution may be needed for the affected patients should the impacts be bigger. Finally,
depending on the impacts of the breach on the organization, the individuals responsible for the
violations can be charged legally and be eligible to serve jail terms if found guilty of criminal
violations.
A Software
Cisco ACI is a data security software that the organization can consider bearing its
futuristic features. ACI employs multiple data protection protocols to ensure the safety of its
systems. Some of the notable aspects of the software include adaptive authentication,
containerization, and the use of blockchain analytics. The ACI accords healthcare facilities an
HEALTHCARE DATA BREACHES 6
opportunity to protect their data from breaches or to limit the scope of damage from data
Notification Letter
Hello esteemed patients! The hospital is sorry to inform you that its health information
system database has been breached. The attack occurred five minutes ago and has since been
contained. You are required to stay calm as the IT security team assesses the scope of the
damage. You will receive an update within 10 minutes detailing the progress in managing the
breach. The organization thanks you for your cooperation and continued support.
Conclusion
Every healthcare facility’s security team should be prepared for data breaches. Even more
importantly, the organization must implement protocols to safeguard its data in the future.
Multiple options, including the use of physical, technical, and administrative safeguards, should
be considered for data protection. Ultimately, every stakeholder in a healthcare facility must be
References
breaches-on-health-care/docview/2489272141/se-2?accountid=130654
Dolezel, D. & McLeod, A., Ph.D. (2019). Cyber-analytics: Identifying discriminants of data
https://www.proquest.com/scholarly-journals/cyber-analytics-identifying-discriminants-
data/docview/2288653270/se-2?accountid=130654
Hewitt, B., PhD., Dolezel, D., EdD., & McLeod, A., Ph.D. (2017). Mobile device security:
device-security-perspectives-future/docview/1874376801/se-2?accountid=130654
multiple case study (Order No. 13809084). Available from Publicly Available Content
theses/protection-motivation-theory-approach-healthcare/docview/2207492982/se-2?
accountid=130654
Wikina, S. B. (2014). What caused the breach? An examination of the use of information
caused-breach-examination-use-information/docview/1690624031/se-2?
accountid=130654
HEALTHCARE DATA BREACHES 8