Introduction

The data breach at the Utah Department of Health (UDOH) impacted more than 780,000 patients. Several security vulnerabilities caused the breach, including lack of appropriate security measures and lack of appropriate staff training on protecting sensitive patients’ health information against unauthorized access. Besides, the DOTS staff were not sufficiently trained and ready to manage cyber risks and vulnerabilities. Specifically, they were less conversant with access controls, secure internet connections, secure password management. Consequently, UDOH had financial problems, which limited its efforts to manage the breach and prevent future similar cyber-attacks. This security plan will assess the UDOH breach and present significant measures to ensure the security and privacy of PHI in the institution’s health systems.

Project Plan: Training Initiatives

To control cybersecurity risks in the future, both UDOH and DOTS staff need to undergo ongoing education and training programs on cybersecurity. Ideally, using lectures, conferences, and role-playing, the leadership of the organization and HIM professionals needs to organize the structure of the education and training programs to be presented to the employees and formulate associated films and videos, among other applicable educational and training materials, to power the education and training program. To ensure a practical training and education initiative, it is essential to categorize the UDOH and DOTS staff based on several factors, including IT competence and role in the facility. We will essentially segregate the IT staff from the other staff since they already have a background in IT systems and cybersecurity.