Home Page Health Risk Analysis: Utah Department of Health

Risk Analysis: Utah Department of Health

Last Updated: 27 Jul 2020
Pages: 4 Views: 124

In March 2016 Utah Department of Health was notified of a breach in their system. The current firewall had not been correctly set up to protect personal information. Intrusion Detection System was supposed to be turned on, but for some reason was off, and the remote access that medical staff use was not set up for restricted access segment in order to protect patient information.

THe Department of Technology services failed to complete their implementation of the security setup, which ultimately was the reason for the breach that has occured.

Network segmentation for security splits the network into zones that contain data with similar compliance requirements. By segmenting the network this way, you reduce the scope of compliance and simplify security policies. An accurate security policy involves segmenting the network into multiple zones with differing security requirements and enforcing a strict policy of what is allowed to move from one zone to another zone.

Order custom essay Risk Analysis: Utah Department of Health with free plagiarism report

feat icon 450+ experts on 30 subjects feat icon Starting from 3 hours delivery
Get Essay Help

Anything designated in the PCI zone should be isolated from the rest of the network as much as possible. Utah Department of Health was set up with the firewall. A firewall generally establishes a barrier between a trusted internal network and an untrusted external network, like the internet.

Data Life Cycle:

Data life cycle is the sequence of stages that a particular unit of data goes through from its initial stage to its eventual archival and/or deletion at the end of its useful life. Proper oversight of data throughout its life cycle is important to optimize its usefulness and to decrease the potential for errors as much as possible. Data life cycle management is a comprehensive approach to managing an organization's data, involving procedures and practices as well as applications.

Access:

The staff at the Utah Department of Health were not properly trained in utilizing the firewall, which is where the small hole occurred for this type of breach. The internal staff had not set up secure passwords which in turn allowed malware to enter into the system. Downloading items, searching the internet, and clicking on sites that may or may not be secure is where this began.

This failure to follow through from DOT, as well as the internal staff that continued to pursue surfing the internet with known knowledge of malware and viruses that occur within IT just scratches the surface for the breach of information. The employees, such as nurses, doctors, and administrators are the main stakeholders of this issue and are the ones that will be associated with the risk analysis and mitigation.

It is important that they have access to the information that was associated with the breach because they need to be able to use this as identifiers when dealing with each patient to avoid providing the wrong treatment, and or medications. Each patient is to be identified using 3 identifiers, such as date of birth, first and last name, and either address or social security number.

The roles and responsibilities that the stakeholders will participate in will start with the importance of surfing the internet on a company based server that has personal information attached to it.

Next would be to train each individual in setting up their own unique personal ID and password associated with access controls to prevent any further breach. Further training on how these systems should be used and what is an inappropriate site to enter such as social media, which should be done on their own devices, and downloading of documents that pertain to the facility or medical references.

Rating:

This breach of personal and health information will have a huge impact on not just the patient but on the staff as well. While UDOH has the proper security as far as being in compliance goes, they did not have the barriers up and running. Failing to correctly configure and monitor the firewall, and having internal and external securities out of date fall through keeping the health information system in compliance with regulations.

With that being said, if all walls were up and running and everything was kept up to date, it would have been harder for the breach to have occurred, warning flags would have popped up that they were entering into an unsecure site for example. With this issue at hand lies a trust issue.

"By properly segregating the network, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it, while enabling access for those that do (Reichenberg, March, 2014."

This breach will have the patients hesitant to provide the needed identification and information that is used to help the medical and administrative staff keep the patients safe. Patients will be reluctant to provide their identity for fear of that identity being stolen due to another possible breach.

"Many companies know their enterprise networks are not as secure as they would like. They have a perimeter firewall—and possibly other tools like Security Information and Event Management (SIEM), Intrusion Prevention System (IPS), Advanced Threat Detection (ATD) protecting the network perimeter, but behind that is the internal "trusted" network, with no standardized segmentation methodology. (E. Nelson, 2017)"

Conclusion:

In conclusion, patient privacy (AKA HIPAA) is to be protected at all costs.  "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules contain privacy, security, and breach notification requirements that apply to individually identifiable health information created, received, maintained, or transmitted by health care providers who engage in certain electronic transactions, health transactions, health plans, health care clearinghouses, and their business associates (HHS, 2018)."

HIPAA violations (or breaches) unfortunately are an occurrence all over the nation. It is up to the medical staff to protect this information and trust what is instilled into the profession. Following policies and procedures are necessary in order to abide by regulations of privacy.

Cite this Page

Risk Analysis: Utah Department of Health. (2018, Jan 01). Retrieved from https://phdessay.com/risk-analysis-utah-department-of-health/

Don't let plagiarism ruin your grade

Run a free check or have your essay done for you

Check my essay Hire Writer
plagiarism ruin image

More related essays

Explore more free examples on similar topics
Project Risk Management - Fluidity in Risk Planning Case Study
Essay type:  Research
Words:  1081
Pages:  4

Risk Paper 2 Project Risk Management- Professor Hurst Fluidity in Risk Planning – A Case Study One of the most important steps within a project is risk management because it.

Natural disaster risk assessment and risk management
Essay type:  Research
Words:  1235
Pages:  5

Disasters have occurred in the world over for many years. They have occurred both in MDCs and LDCs. These disasters have either been caused by human forces or natural forces.

Interest Rate Risk and Currency Risk Management
Essay type:  Research
Words:  1143
Pages:  5

The validity of the yield to maturity as a measure of relative value in bonds and explain an alternative yield measure which is conceptually superior. Yield to maturity (YTM) is.

NAB's Financial Stability at Risk Due to Low Cash Levels and Liquidity Risk
Essay type:  Research
Words:  612
Pages:  3

In order to prevent this state from continuing, the office of chief financial officer believes that $1 00 million SAID WOUld cover the risk enervated by low level of cash.

IT and HR Department Case Study and Analysis
Essay type:  Research
Words:  750
Pages:  3

Based on my observation security at Cenartech is high risk. I base this off of the security practices that are in place. What companies fail to realize is you can.

SWOT Analysis of the Metropolitan Police Department
Essay type:  Research
Words:  656
Pages:  3

The strength of the Metropolitan Police Department is well-defined duties and responsibilities of the law enforcement organization resulting to the efficient performance of administrative and non-administrative functions of all human.

Analysis on Business Strategies of Smart Phone Department
Essay type:  Research
Words:  3209
Pages:  12

Analysis on Business Strategies of Smart Phone Department of Hawaii Technologies Introduction Hawaii Technologies built a new brand Ascend to enter high-end smart phone market. In this business analysis, we consider smart.

Human Resource Management and Industrial Relations Department
Essay type:  Research
Words:  865
Pages:  4

An efficient work force is important to the overall success of any organization and this also has implications for the overall success of a country’s economy. Not only do organizations require.

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Save time and let our verified experts help you.

Hire writer