Scribd Logo
Upload

Welcome to Scribd!

  • Question 1

    Uploaded by

    silent killer
    16 views3 pages
    The document discusses a data breach at Mon Health System in Morgantown, West Virginia where hackers accessed the organization's network between December 8-19, potentially stealing personal information of around 400,000 patients, employees, providers, and contractors. While the electronic health records were not accessed, the stolen data is reported to have included names, addresses, birth dates, social security numbers, health insurance information, medical records, and more. The health system took steps to secure its network and reset passwords in response to the breach and began notifying impacted individuals.

    Original Description:

    Original Title

    QUESTION 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses a data breach at Mon Health System in Morgantown, West Virginia where hackers accessed the organization's network between December 8-19, potentially stealing personal information of around 400,000 patients, employees, providers, and contractors. While the electronic health records were not accessed, the stolen data is reported to have included names, addresses, birth dates, social security numbers, health insurance information, medical records, and more. The health system took steps to secure its network and reset passwords in response to the breach and began notifying impacted individuals.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    16 views3 pages

    Question 1

    Uploaded by

    silent killer
    The document discusses a data breach at Mon Health System in Morgantown, West Virginia where hackers accessed the organization's network between December 8-19, potentially stealing personal information of around 400,000 patients, employees, providers, and contractors. While the electronic health records were not accessed, the stolen data is reported to have included names, addresses, birth dates, social security numbers, health insurance information, medical records, and more. The health system took steps to secure its network and reset passwords in response to the breach and began notifying impacted individuals.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    QUESTION 1

    Morgantown, W.V., Hospital Data Breach Impacts 400K People

    Although Mon Health System indicates that it discovered a data breach in the
    middle of December, it learned of potential data theft about two weeks after the
    hack. Patients, employees and companies were affected.

    (TNS) — According to published reports, Mon Health System began notifying its
    patients, employees and companies with which it does business about a cyber-attack
    that may have resulted in their data being stolen.

    The Morgantown-based health care services company discovered the hack Dec. 18,
    when some of its IT systems were disrupted, but learned of the potential data theft only a
    couple of weeks later. The attackers had access to the organization's network between
    Dec. 8 and Dec. 19.

    According to the report in Security Week magazine, the data breach may have
    resulted in patient information as well as employee, provider and contractor data
    being stolen.
    However, the attackers were not able to access the organization's electronic health
    records systems.

    "Affected data, Mon Health says, includes names, addresses, birth dates, Social
    Security numbers, health insurance claim numbers, medical record numbers, patient
    account numbers, medical treatment information, and variou s other data," Security
    Week reported.

    When they learned about the attack, Mon Health officials took down parts of its network,
    reset passwords across the company, hardened its network, and notified the relevant
    authorities.

    Mon Health officials said the company has begun notifying impacted patients by way of
    mail, but did not provide details on the number of affected individuals.
    NAME JEEVANRAJ VARMA A/L RAJENDRA VARMA
    REGISTRATION NO 25DDT20F2040 MARKS
    DATE 16/3/2022
    CLASS DDT3B IS / 100
    CODE/SUBJECT DFS30023 – INFORMATION SECURITY
    CASE STUDY 1
    LECTURER NURULFARIDA BINTI MOHAMAD NADZRI

    The attack impacted roughly 400,000 people, the company told the U.S. Department
    of Health and Human Services in December

    Reference:https://www.govtech.com/security/morgantown-w-v-hospital-data-breach-
    impacts-400k-people

    Figure 1 : Morgantown, W.V., Hospital Data Breach Impacts 400K


    People

    (a) Describe the confidentiality, integrity and availability based on figure 1.


    (CLO2,P1)

    Intergrity

     Firstly Health System indicates that it discovered a data breach in the


    middle of December, it learned of potential data theft about two weeks after the
    hack. This case refers under intergrity.

    As they mention in 2nd paragraph the employees and companies with which it
    does business about a cyber-attack that may have resulted in their data being
    stolen. So this case will be under Intergrity.

     In 4th paragraph they has been reported that Security Week magazine, the data breach
    may have resulted in patient information as well as employee, provider and contractor
    data being stolen. So they fail to save the data of their company.

    Availability

     As they mention in 3rd paragraph the health care services company discovered the hack
    Dec. 18, when some of its IT systems were disrupted, but learned of the potential data
    theft only a couple of weeks later.
     In additionally, as reported in 5th paragraph Health says, includes names, addresses, birth
    dates, Social Security numbers, health insurance claim numbers, medical record
    numbers, patient account numbers, medical treatment information, and various other data,
    which refers to availability.
     Furthermore the 6th paragraph has been mentioned the companies network and
    passwords has been reset.

    Confidentiality

     In last paragraph the companies had been reported that the company has begun
    (b) Prepare the best practice for security awareness related to affected data that have
    been mentioned in figure 1.
    (CLO2
    ,P2)

    Training

     The company should give more attention to the cyber crime department to
    avoid data breach.
     Employees must be trained to update the system once in a week.

    Meeting

     General manager should shares every single problem that was face by the
    company , so that employee will be more carefull regarding data theft.

     General manager should divide the task to the employee so that in short
    term they could settle down many problem.

    Goal of security policies

     The main goal is company must achieve CIA.


     Skillfull employee and knowledge

    You might also like