Professional Documents
Culture Documents
Question 1
Question 1
Although Mon Health System indicates that it discovered a data breach in the
middle of December, it learned of potential data theft about two weeks after the
hack. Patients, employees and companies were affected.
(TNS) — According to published reports, Mon Health System began notifying its
patients, employees and companies with which it does business about a cyber-attack
that may have resulted in their data being stolen.
The Morgantown-based health care services company discovered the hack Dec. 18,
when some of its IT systems were disrupted, but learned of the potential data theft only a
couple of weeks later. The attackers had access to the organization's network between
Dec. 8 and Dec. 19.
According to the report in Security Week magazine, the data breach may have
resulted in patient information as well as employee, provider and contractor data
being stolen.
However, the attackers were not able to access the organization's electronic health
records systems.
"Affected data, Mon Health says, includes names, addresses, birth dates, Social
Security numbers, health insurance claim numbers, medical record numbers, patient
account numbers, medical treatment information, and variou s other data," Security
Week reported.
When they learned about the attack, Mon Health officials took down parts of its network,
reset passwords across the company, hardened its network, and notified the relevant
authorities.
Mon Health officials said the company has begun notifying impacted patients by way of
mail, but did not provide details on the number of affected individuals.
NAME JEEVANRAJ VARMA A/L RAJENDRA VARMA
REGISTRATION NO 25DDT20F2040 MARKS
DATE 16/3/2022
CLASS DDT3B IS / 100
CODE/SUBJECT DFS30023 – INFORMATION SECURITY
CASE STUDY 1
LECTURER NURULFARIDA BINTI MOHAMAD NADZRI
The attack impacted roughly 400,000 people, the company told the U.S. Department
of Health and Human Services in December
Reference:https://www.govtech.com/security/morgantown-w-v-hospital-data-breach-
impacts-400k-people
Intergrity
In 4th paragraph they has been reported that Security Week magazine, the data breach
may have resulted in patient information as well as employee, provider and contractor
data being stolen. So they fail to save the data of their company.
Availability
As they mention in 3rd paragraph the health care services company discovered the hack
Dec. 18, when some of its IT systems were disrupted, but learned of the potential data
theft only a couple of weeks later.
In additionally, as reported in 5th paragraph Health says, includes names, addresses, birth
dates, Social Security numbers, health insurance claim numbers, medical record
numbers, patient account numbers, medical treatment information, and various other data,
which refers to availability.
Furthermore the 6th paragraph has been mentioned the companies network and
passwords has been reset.
Confidentiality
In last paragraph the companies had been reported that the company has begun
(b) Prepare the best practice for security awareness related to affected data that have
been mentioned in figure 1.
(CLO2
,P2)
Training
The company should give more attention to the cyber crime department to
avoid data breach.
Employees must be trained to update the system once in a week.
Meeting
General manager should shares every single problem that was face by the
company , so that employee will be more carefull regarding data theft.
General manager should divide the task to the employee so that in short
term they could settle down many problem.