Need help with discussion reply
Learning Goal: I’m working on a health & medical discussion question and need an explanation and answer to help me learn.
I need help with replying to a discussion post. Here is the original post:
Data breaches in healthcare can have consequences for both the organization, and the patients impacted. Consider the following scenario: There are indications a data breach has occurred in your facility. The breach involves thousands of patient’s records being compromised. Based on information you received, it seems to have originated from inside your hospital.
- Discuss the steps you would take, as an executive leader in the organization, to discretely investigate the incident, gather facts, and subsequently discuss protocols you would follow to ameliorate this situation within your hospital.
- Discuss how you would address this breach with the general public (i.e. how you would control the narrative).
- Here is the discussion post I need help replying to: “The first step I would take as an executive leader in an organization is have the security team the possible “point of entry” (Morrissey, N.D.) that was used to breach out system. Breached can happen through medical devices so our team would have to determine if the medical devices were up to code with new FDA standards or old standards making them more susceptible to breaches.Our security team would also investigate to see if information like username and passwords were used to initial the breach. This knowledge lets us know that the breach happened through employee leaking information from phishing emails, “the act of creating an official-looking but fake email message to get such information as user IDs and passwords” (Morrissey, N.D.). Overall, we want to trace where it came from.During the investigation, I would have all staff take trainings on phishing emails to because more away of them. This training would also discuss the importance of being vigilant when responding to emails or pop-ups. We would also perform rotating medical device reboots to clear cookies have security check or upgrade the security for the hospitals. A tracking system may have to be used to document that we are regularly trying to keep patients’ PHI safe and making sure our risk classification list is up to date.In addressing the public, I would be honest. I would explain that there was a possible breach at our hospital making us a part of the “670 practices breached over the last year”. I would explain we are investigating the breach and inform patients that breaches can happen with any device connected the main server. I would discuss the plan incorporate a private server for PHI to mitigate the higher probability of a breach. For those who are anxious about identity thief, I would suggest contacting your insurances and financial institutions about this matter. Also, to change passwords on accounts that you have. I would insure that keeping their PHI safe is our main priority outside of physical care.”