Outline the regulations that are relevant to the hospital.
October 7, 2022
You shouldbegin working on the Stand-Alone Project early in the course. Each assignment provides a benchmark for completing the Stand-Alone Project in a timely manner while working through the course. You’ll find this information in the “Stand-Alone Project Benchmark” section of each assignment.
Overview: Making recommendations for securing a healthcare entity
You work in a large hospital that’s based in the US. The hospital has supported more than 40 million patients. The healthcare system offers specialized treatment that attracts patients from around the world, including many patients from Europe. Last year, the company experienced a cybersecurity breach that exposed all patient records. A careless employee clicked on a link within an email with the subject line “Your New Patient Diagnosis” that led to an imposter hospital employee website. The employee logged in with a username and password. Over the next few months, unknown to the employee and company, external parties were able to log into the user’s account and carry out various unauthorized activities. A loophole in the access process allows employees to create new administrator accounts that have the highest level of access to all systems in the hospital. The attacker was able to use this loophole to create an administrator account. The breach was discovered six months later when a security researcher found the hospital’s entire database of patient data for sale on the dark web. The entity was required to notify all affected patients; however, news outlets learned of the incidents and published the story before notifications were sent. News outlets around the world picked up the story as it went viral, startling investors and causing the company’s stocks to plummet. Lawsuits also began to accumulate as patients reported that their identities had been stolen. The healthcare system was criticized in the media for taking six months to discover the breach, and even longer to notify patients.
You’ve been tasked with improving the cybersecurity program plan to help a hospital prevent another breach in the future.
Part 1: Understanding your environment (Two pages | 30 points)
Discuss the five key participating groups relevant to healthcare delivery and describe the kinds of data they may interact with, collect, and provide to your hospital.
Identify five electronic health records or data components relevant in hospital environments and document them in a data classification table. Discuss whether the information is confidential, for internal company use only, or open to the public. Explain why hackers might want to steal this information.
Identify five examples of technology systems or devices relevant to hospital environments. Discuss security and legal issues associated with each.
Part 2: Outlining regulatory and governance requirements (Five pages | 70 points)
Outline the regulations that are relevant to the hospital. Summarize the purpose and core requirements of each regulation.
Identify the information security policies that should be created and adopted by the company. Discuss why the policies are necessary and who should adhere to them.
Create an official end-user agreement and an incident reporting policy for the hospital. Example templates can be found here, https://www.sans.org/security-resources/policies/general
HomeworkMaven pre-written answers and study guides are crafted by real teachers and professors, so no matter what you're studying they can ease your homework headaches and help you score high on exams.