General case exercise:
The Choice Care Health Group (CCHG), in operation for over 30 years, is made up of 12 general practitioners (GPs) who also function as family physicians. The front desk uses four terminals to schedule patients and to complete billing tasks. In addition, the terminals are connected to two centralized personal computers that run an old version of the Linux operating system. They are also connected to several older printers used to print billing forms and other pertinent financial information. This system was installed almost 12 years ago by a local computer business that has since closed.
CCHG has hired Mary Jordan, a certified Healthcare Information Security and Privacy Practitioner, to help them determine what their needs are and gradually introduce new technology. Mary and Jake Thomas, the CCHG office manager, have been meeting to discuss the technologies that CCHG might want to consider purchasing and installing.
Mary also met with the GPs about how implementing new technologies could benefit CCHG. Although they are interested in new technologies that can help CCHG, several voiced concerns about security. One GP’s home computer was recently the victim of a virus attack. Although the damage was minimal and the system was restored, it still has made him very cautious about the security of the computers at CCHG. The GP wants to know what security protections CCHG needs to protect the computers and information from attackers. How will Mary respond?
Assume you are in Mary’s position as the consultant.
For this case, complete the following:
1. What type of attacks should CCHG protect itself against? Lists at least four different attacks, how they could impact CCHG if successful, and what CCHG should do to protect its information from these attacks.
2. Jake is particularly concerned about phishing attacks because there is no technology that can be used to stop them. He has asked Mary to create a training session for CCHG’s employees. Research the Internet regarding phishing attacks and defenses. Develop a bullet list that describes phishing, how to recognize a phishing attack, and what employees should do in the event of an attack.
3. Jake also tells Mary that CCHG’s data backup system does not always function properly. What type of data backup would you suggest for CCHG?
4. How can Mary the Healthcare Information Security and Privacy Practitioner (HCISPP) in this scenario most effectively communicate the risk to CCHG senior management?
The question first appeared on Write My Essay