George Mason University Week 3 Education on Cyber Attacks Discussion Board
Imagine that you work in a hospital as a Health IT specialist. This is that problem in front of you:
You got an
information that a laptop is stolen. The laptop was in a secure
building, in a locked room, with a security cable attached. The
researcher who was using the laptop had several thousand patients on the
registry and was authorized by the IRB to use this data for research.
The PC had a password to the file. Your team concluded that it was an
inside job.
There were
numerous devices in the room. The person broke into the room, cut the
cable, and stole a lot of equipment. They then passed it on to someone
else. Once the hospital knew it was stolen, they knew what was on the
PC because they had an IRB for the researcher. It still took two weeks
to figure out how to notify everyone affected.
One of the
recipients realized he had a stolen device, which he then gave to his
attorney, who returned it to the hospital. They verified that the
laptop had never been turned on using an outside security firm. No data
was accessed They notified the affected people that the data has not
been accessed and therefore their privacy was not compromised.
Estimated cost at $100,000.
Your job is to develop a new security protocol. What are your first steps and what are solutions that you will propose?