Health Care Information and System Security
In September 2018, ransomware attacked the Wolverine Solutions group information system impacting data for approximately 600000 patients. The rolling notification shows that the WSG system was attacked in September, while decryption and refurbishment extended to October. The breach interfered with a substantial amount of data containing patients’ details such as social security numbers and demographic information. Information from the department of health and human services information tool demonstrated that 48471 patients were affected contrary to figure from the attorney general that is 600000 Michigan natives.
One option that could have prevented the incident from happening would be Wolverine inoculating itself by encrypting data-at-rest. The data breach might have been made possible through encryption of all information in the portable devices. The study by ( ) reveals that more than 30% of all data breaches in the organization are enhanced by unencrypted information in mobile devices such as laptops. Also, the organization could have considered performing the yearly HIPPA safety risk analysis. It could have prevented the incident by putting into perspective all significant adjustments that take place on the course of the year. It could have noted changes such as new system implementation, IT infrastructure developments, and workers turnover that could have inspired the breach.
Organizations that fail to upheld privacy and integrity of health information are subjected to various penalties. The first is related legal costs that are those related to investigations. The entity can also be made to pay reparations that are compensation on the impacted clients. Attorney fees and OCR investigations costs are a typical form of penalties in case the entity is subjected to lawsuits. Ultimately the organization is at risk of attracting negative public relations, which can boost the sentences ending incurring a lot of money.
Part 2
24th April 2020
To: Senior Management
From: Information Technology Expert
Topic: Funding for Safety Oriented Technological Health Care Information Initiatives
Due to the critical implications of health information security breaches, I wish to inform you of why it is justified to direct resources towards technology-driven data systems.
One of the reasons is the alarming rate of security breaches on health organizations recently that has compromised the health and safety of millions of patients. Funding such initiatives would prevent this organization from experiencing a similar fate.
Also, funding these projects would protect the organization from punitive penalties such as reparations costs, attorney fees, investigations, and ultimately organization privacy. It can only be achieved by directing substantial resources in projects that guarantee safety from breaches.
Walker-Roberts, S., Hammoudeh, M., & Dehghantanha, A. (2018). A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access, 6, 25167-25177.