[Solved] 5-2 Final Project Part I Submission: Risk Analysis
Introduction
The provided case highlighted a data
breach at the UDOH, which impacted more than 780,000 patients. Various security
lapses led to the data breach, including lack of security measures and
inadequate employee training on their role in safeguarding PHI against
unauthorized access. Consequently, the Utah DOTS staff were insufficiently
prepared to manage secure connections to the internet firewalls or to manage
passwords and access controls properly. During the attack, UDOH had financial challenges
that limited its capability to correct the attack and prevent it from
reoccurring in the future.
Inventory: Data Systems Life Cycle
The UDOH server was hacked as a result of an incorrect
firewall configuration. Coupled with the firewall not being monitored by the
Utah DOTS staff, sensitive patient information, such as social security
numbers, among other vital information, were accessed by unauthorized users.
This occurred at the data collection/creation stage of the data lifecycle. Importantly,
key processes that were meant to ensure data security at the data
creation/collection stage of the data lifecycle, such as monitoring and turning
on of the intrusion detection systems (IDS), alignment and monitoring of the
remote access points, complete set-up and monitoring of the firewall software,
among others, were not applied. As a result, unnecessary data were collected or
created during the lifecycle s data collection/creation stage, which exposed
the system to a considerable risk.
Click to view the full document!
View Document