...Information Security Detroit Hospital Security Breach CMGT441 John Ebel May 18, 2014 Information Security Detroit Hospital Security Breach Security breaches can be a detrimental to any company, especially if the breach brings out sensitive information belonging to individuals. Sensitive information is as simple as a name, dates of birth, personal records, or any other type of personal information that is able to be used by someone to defraud any other individual or a business. The impacts of such a security breach like the one that occurred at the Henry Ford Health Systems hospital in Detroit, Michigan when a laptop was used to store data that was compiled on a spreadsheet that was not encrypted. This is just one example, though there were a few incidents at this hospital where data was stolen. Incident Background A laptop was stolen from an office at the Henry Ford Health System hospital, the laptop did contain password protection software but it was standard protection that could easily be broken by anyone that knew their way around a computer slightly. The information on the laptop didn’t include social security or health insurance information, but it did have “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). The laptop is thought to have had about 4,000 patient’s information, and all records were related to services that were done over the past eleven...
Words: 948 - Pages: 4
...[pic] Incident Response Plan Template for Breach of Personal Information Notice to Readers Acknowledgments Introduction Incident Response Plan Incident Response Team Incident Response Team Members Incident Response Team Roles and Responsibilities Incident Response Team Notification Types of Incidents Breach of Personal Information – Overview Definitions of a Security Breach Requirements Data Owner Responsibilities Location Manager Responsibilities When Notification Is Required Incident Response – Breach of Personal Information Information Technology Operations Center Chief Information Security Officer Customer Database Owners Online Sales Department Credit Payment Systems Legal Human Resources Network Architecture Public Relations Location Manager Appendix A MasterCard Specific Steps Visa U.S.A. Specific Steps Discover Card Specific Steps American Express Specific Steps Appendix B California Civil Code 1798.82 (Senate Bill 1386) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Gramm-Leach-Bliley Act (GLBA) Appendix C Escalation Members (VP Level of Management) Auxiliary Members (as needed) External Contacts (as needed) Notification Order Escalation Member Notification List Notice to Readers Incident Response Plan – Template for Breach of Personal Information does not represent an official position of the American Institute...
Words: 8476 - Pages: 34
...the information security breach and its effects: * Breach of authentication system * Effects: Access to over 145,000 customers real time data * Access to their personal information and or credit information * Gaining access to customer SSN’s, Driver Licenses Numbers, etc. * Effects: Criminals had access to personal information pertaining to those specific customers * Criminals had in some instances abbreviated credit reports * Identity Theft/Credit Reports * Effects: Criminals had access to customer bankruptcies, liens, and judgments * Criminals also gained access to professional licenses and real property data * Publicly-known investigation overall * Effects: ChoicePoint had to pay back considerable expenses, a class-action lawsuit, and a Senate investigation * Overall, ChoicePoint experienced a 20% drop in the share price Tangible Effects | Intangible Effects | The physical breach of ChoicePoint’s authentication system | Loss of business reputation | Loss of money | Loss of customer loyalty | 20% loss of share price | Loss of customer trust | A class-action lawsuit | Loss of future customers | A senate investigation | Loss of brand image | High cost for replacement systems/security | Loss of employee reputation/satisfaction | Physical access to over 145,000 customers personal information | Loss of future business sales | 2.) Action Taken | Effects of Action | Contact of...
Words: 675 - Pages: 3
...Network Security Darren Jackson NTC/411 April 18, 2013 Dennis Williams Network Security White Lodging Security Breach In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a “suspected” breach of point-of-sale systems at 10 locations. Banking sources back in February 2015 stated that the cards compromised in this most recent incident looked like they were stolen from many of the same White Lodging locations implicated in the 2014 breach, including hotels across the country. Those sources said the compromises appear once again to be tied to hacked cash registers at food and beverage establishments within the White Lodging run hotels. The sources said the fraudulent card charges that stemmed from the breach ranged from mid-September 2014 to January 2015. White Lodging president and CEO, Hospitality Management, Dave Sibley stated in a press release issued April 8, 2015 that “after suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security technology and managed services. These security measures were unable to stop the current...
Words: 933 - Pages: 4
...nature of the information security breach at ChoicePoint and how this adversely affected the organization. Be sure to include both tangible and intangible losses in preparing your response. [table] Nature of Breach Affect on Organization A pass of the authentication of customers • Data soon became available after authentication breach • Revealed hole in ChoicePoint security system • Trust of security standards instantly lost Social security numbers accessed • Many individuals lost their SSN to the criminals • More info can be accessed as a result which makes the customer or ChoicePoint more vulnerable to other crimes Basic data accessed • Private info such as telephone numbers and addresses of customers was taken Accessed credit reports • Personal info on credit cards were taken Identity theft • ChoicePoint customers had their identity’s compromised and ultimately stolen • The compromise of their identity means that they criminals could use their names and info for other purposes • ChoicePoint was effected by the Class-action lawsuit as a result • Were being investigated by the U.S Senate Tangible Losses Intangible Losses Expenses for new security Loss of Reputation Expenses for the lawsuit Harder to bring in new customers as a result of trust as well 2. What actions were taken by both ChoicePoint and the “authorities” to address the crisis, and what is your assessment of each action taken? [table] Action Taken Assessment ChoicePoint...
Words: 576 - Pages: 3
...IPad Security Breach Kimberly Parker Dr. Brenda Harper The Business Enterprise- BUS 508 Strayer University May 25, 2011 Hacking a Website A group of expert hackers breached Eidos Montreal website which disclosed information of more than 25,000 email addresses along with more than some 350 resumes dated May 13, 2011. The details of the incident were reported by the company as "Square Enix who could verify that several hackers gained entry to portions of Eidosmontreal.com website along with several of the merchandise locations. Our company immediately removed the sites to further investigate the incident of what other information had been compromised. After a lengthy and thorough investigation, our company began to take the necessary precaution to safeguard the safety of these and of all our websites, before permitting the sites to go on-line again"(Square enix confirms data lifted in website raids • the register ). Nonetheless, data related with online e-commerce transactions and credit cards was available but not associated with the website. Similarly, many applicants have applied for recent job openings at the studio, their resumes were also stolen, revealing educational background, home address and contact numbers. However, the organization claimed that only email addresses were stolen. The businesses did however, verified that individual email addresses were also taken. However, the organization...
Words: 1946 - Pages: 8
...Global Crime Issues Margaret Locklear CJA/394 Dave Sicilian June 15, 2015 Global Crime Issues Crime exists in all walks of life, and all over the world. Some crimes only affect the country in which they are committed. However, many crimes make an impact on the criminal justice system on a global level. When a crime can harm every country, it can be harder to combat. It takes the unity of each country to slow down or put an end to global criminal issues. Examples of crimes that disturb the criminal justice system on a global level are drug and weapon trafficking. One crime in particular that has been brought to light in recent years that affects the world is human trafficking. One way that human trafficking is becoming a worldwide issue is through the use of the internet. Perpetrators or organized crime groups can go on the internet and find people they want to “buy.” Most of the websites are considered “underground or black market” sites and access is available through memberships. The pages to follow will address what human trafficking is and how the worldwide criminal justice systems are combatting the issue. There will be a summary of a news story covering a cybercrime that had a worldwide impact. Following the story, will be a discussion on how the worldwide criminal justice systems handle the incident. Lastly, an opinion on the effectiveness of the systems’ response to the issue and suggestions for future responses to combat or prevent cyber crimes will be provided....
Words: 2110 - Pages: 9
...HCS 533 WEEK 4 Security and Privacy Paper Security and Privacy Paper As an information systems manager, you will need to consider a very important aspect of your operation—patient information, privacy, and security. Review the following case scenarios and select one to use for your management plan for security and privacy. Case Scenario 1 (Security Breach) The administration at St. John’s Hospital takes pride in its sound policies and procedures for the protection of confidential client information. In fact, it serves as a model for other institutions in the area, however, printouts discarded in the restricted-access IS department are not shredded. On numerous occasions, personnel working late have observed the cleaning staff reading discarded printouts. What actions, if any, should these personnel take toward the actions of the cleaning staff? What actions, if any, should be taken by IS administration? Case Scenario 2 (Natural Disaster): Living on the Gulf Coast is a benefit that many residents of this small Southern town enjoy, however, natural disasters are a concern. The town has just been struck by a hurricane and the entire basement of your operation is flooded by the storm surge. Patient files were destroyed or washed away with the receding water. What actions do you take when patients ask for their health records? What processes did you have in place to protect your records in anticipation of such an event? Choose one of the scenarios above and develop...
Words: 285 - Pages: 2
...Goatse Security By Derek Peacock 5-28-11 Strayer University The Business Enterprise Instructor: Alan Tillquist Abstract In this paper, I plan to determine if hacking a Web site system is justifiable and explain why Goatse Security hacking of AT&T was. Then, explain why IT Hack Solutions, a computer security firm would encourage hacking. Next, I plan to discuss why and how companies like Gawker Media are socially responsible for finding threats. Third, I plan to explain how CEOs should respond to security breach in the IT network. Finally. I will write an email by AT&T to customers explaining informing, the security breach and what was done to correct the issue. Determine if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. Yes, there are justifiable means for web site and network system to be hacked. Hacking is both a science and an art what isn’t taught by colleges. Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations, and unwanted contact. However when a company wants to get business or show off skills then, hacking is like building a resume. Once hackers have proven themselves, they can show off their resume to both government and corporation for business. For example, the AT&T and Apple IPad hacking by Goatse Security was justifiable for three reasons. One...
Words: 1126 - Pages: 5
...Insurance BCP William Gardner May 9, 2015 Task B. Create a business contingency plan (BCP) that the company would follow if faced with a major business disruption (e.g., hurricane, tornado, terrorist attack, loss of a data center, the sudden loss of a call center in a foreign country, the collapse of a financial market or other catastrophic event) in which you include the following: 1. Analyze strategic pre-incident changes the company would follow to ensure the well-being of the enterprise. 2. Analyze the ethical use and protection of sensitive data. 3. Analyze the ethical use and protection of customer records. 4. Discuss the communication plan to be used during and following the disruption. 5. Discuss restoring operations after the disruption has occurred (post-incident). Since 1919, A.I.I. has been in the business of insuring businesses and people from losses incurred through disasters. For 95 years (A.I.I.) has stood by its clients as they faced many challenges from the financial collapse of 1929 to the drought of the dust bowl years and even the ravages of World War Two. Assisting our clients in the face of hurricanes, tornados and even terrorist attacks is an everyday occurrence at A.I.I... However, who is planning and preparing for A.I.I.? A BCP is a plan to do exactly that, during the financial collapse of 2008 several flaws in the existing plans were exposed; flaws that not even the terrible events of September 11th 2001 had exposed....
Words: 3242 - Pages: 13
...sent to AT&T customers informing them of the security breach and a plan to resolve the issue. Explain your rationale. To the Loyal Employees and Contractors of AT&T, We are contacting you because we have learned of a serious data security incident that occurred on between July 29, 2011 and August 1, 2011 that involved some of your personal information. The data security breach occurred as a result of the theft of an AT&T laptop computer. Such breach has compromised several of our major commercial accounts and may have included up to 2000 of our independent cellular phone users. The information breached contained customer names, mailing addresses, payment information that was saved on our virtual “cloud” network. At this time it is uncertain whether or not PINs, security codes, and social security numbers were released. As loyal employees we understand that some of you are also customers. We are notifying you so you can take action along with our efforts to eliminate potential harm. We have advised the three major U.S. credit reporting agencies about this incident and notified them about the presence of your specific information in the data breach. Because this is a serious incident, we strongly encourage you to take preventive measures now to help prevent and detect any misuse of your information. To protect you and our customers we have retained Identity Theft ABC Inc, a specialist in identity theft and IT Security USA, Inc to work closely with us and out IT...
Words: 359 - Pages: 2
...Information security is always at risk from both external and internal sources attacks, both malicious and naïve. Any information located on a computer, especially one that is utilized by a human being is not one hundred percent secure from malicious activity. A person occupying a computer is more likely to be at risk to be infected with viruses, Trojans, and malicious software. This is because an employee may unaware that his poker playing website contains malicious software that is currently being downloaded onto his work computer. This is where an incident response plan comes into play in case of something like this may come along. The intentions of an incident response plan are to mitigate the damage caused by misappropriation or mistreatment of a corporation's workstations or system assets and to thwart the forfeiture of or impairment to electronic communication assets (UC-Davis, 2001). There are many reasons for using an incident response plan such as how attacks can be handled more efficiently, therefore the loss or damage is reduced. This builds confidence with shareholders and cuts losses to the company’s bottom line, or profit. Information on current standards, hardware, software, and procedures, is enhanced. Since there is a current plan in place the only thing that can happen is that improvements are made to the flow of the steps taken to the incident response team. This will reduce the chaos of responding and everything will run more smoothly boosting...
Words: 1935 - Pages: 8
...to act like an ordinary careful person. 2.Breach of Duty, which comes after establishing standard of care; hotel was negligence, the hotel should have protected its gusts, and it should have monitored the elevators from any strangers. 3.Causation, this element comes after the establishment of the breach of duty. This element often used to determine the causes of an accident. The “but for” test which determines the defendant action or absence of action, that could have prevented the injury. 4.Proximate Cause, which is the negligence that cause the injury. It must be the main cause of injury, and not another negligence. 5.Damages, which means that Mr. Margreiter must establish the damages that resulted from the hotel negligence. 1. The duty, this element requires the Mr. Margreiter to act like an ordinary careful person. Also the hotel has a duty to protect the gusts from any attack from a third person. However, the hotel was negligence, because it fails to protect Mr. Margreiter from the attack which happens inside the hotel. 2. Breach of Duty, which comes after establishing standard of care, and determining the duty, the hotel was negligence, the hotel should have protected its gusts, and it should have monitored the elevators from any strangers. Moreover, the hotel does not have cameras, and there were only one guard to monitor the whole hotel which is very huge. The back door has no guard. All of these are a breach of the duty. 3. Causation, this element...
Words: 1622 - Pages: 7
...(1) that you believe to be the best solution to reporting the plan to address the problem and state why Of the four commentaries that follow the case, the one that I believe to be the best solution to address the issues faced by Flayton Electronics is that of James E. Lee. I particularly liked his recommendations because it addressed all the key areas that are necessary in a risk response plan. Lee’s recommendations are typical of contingency planning; according to Heldman (2005), contingency planning is a form of acceptance because if the risk occurs, you are willing to accept the consequences and devise a plan to deal with those consequences. He is in favor of acting with urgency by addressing the affected parties, as the longer it takes for the company to do this will make then appear less credible. Lee also recommended that once the risk is discovered, timing is an important element in implementing a risk response plan to minimize damages. This should be in the form of a prompt public disclosure once adequate information has been gathered; brand restoration should be initiated through public statements to help improve the company’s image; toll-free hotlines should be set up to address customers concerns; loyalty incentives in the form of discounts and sales should be given to compensate those customers that still stay loyal to Flayton’s; releasing a formal public relations statement to acknowledge the breach and to assure the public that the matter is being taken care of;...
Words: 1650 - Pages: 7
...the one (1) that you believe to be the best solution to reporting the plan to address the problem and state why. Of the four commentaries, the one that I believe to be the best solution to address the issues faced by Flayton Electronics is that of James E. Lee. I particularly liked his recommendations because it addressed all the key areas that are necessary in a risk response plan. Lee’s recommendations are typical of contingency planning; according to Heldman (2005), contingency planning is a form of acceptance because if the risk occurs, you are willing to accept the consequences and devise a plan to deal with those consequences. He is in favor of acting with urgency by addressing the affected parties, as the longer it takes for the company to do this will make then appear less credible, Lee also recommended that once the risk is discovered, timing is an important element in implementing a risk response plan to minimize damages. This should be in the form of a prompt public disclosure once adequate information has been gathered; brand restoration should be initiated through public statements to help improve the company’s image; toll-free hotlines should be set up to address customers concerns; loyalty incentives in the form of discounts and sales should be given to compensate those customers that still stay loyal to Flayton’s; releasing a formal public relations statement to acknowledge the breach and to assure the public that the matter is being taken care of; finally...
Words: 1683 - Pages: 7
