Introduction

The provided case highlighted a data breach at the UDOH, which impacted more than 780,000 patients. Various security lapses led to the data breach, including lack of security measures and inadequate employee training on their role in safeguarding PHI against unauthorized access. Consequently, the Utah DOTS staff were insufficiently prepared to manage secure connections to the internet firewalls or to manage passwords and access controls properly. During the attack, UDOH had financial challenges that limited its capability to correct the attack and prevent it from reoccurring in the future.

Inventory: Data Systems Life Cycle

The UDOH server was hacked as a result of an incorrect firewall configuration. Coupled with the firewall not being monitored by the Utah DOTS staff, sensitive patient information, such as social security numbers, among other vital information, were accessed by unauthorized users. This occurred at the data collection/creation stage of the data lifecycle. Importantly, key processes that were meant to ensure data security at the data creation/collection stage of the data lifecycle, such as monitoring and turning on of the intrusion detection systems (IDS), alignment and monitoring of the remote access points, complete set-up and monitoring of the firewall software, among others, were not applied. As a result, unnecessary data were collected or created during the lifecycle s data collection/creation stage, which exposed the system to a considerable risk.