The first security breach that is evident from the case study is about a security alert that is aimed to inform the public about phishing email. The email was being taken around on the mock HHS with a forged signature of the OCR’s director. The email is designed, and it looks like an official email of the department which is a communication to the government, employees and other business associates. The recipients are directed into a link which is likely to have them included in the privacy of HIPAA and the programs for breach rules. The link is not the actual of the office, but instead, it is used to persuade the recipients into marketing website security services of a non-governmental organization. The department of health and human services do not have any relationship with the company, but it has changed just a few elements in the email of the department to get a privilege of pushing the public into using the unauthorized material. The threat here is on confidentiality and the reputation of the actual firm whose image is used to reach out to the audience. The public is likely to think that the department of health and human services is conspiring with another firm to market their services.
The audit program of OCR is addressed to certain selected entities. OCR is getting data and verifying before sending contact information. The contact information identifies business associates and entities covered of numerous types to examine which ones should be included in the auditee pools. The communication from OCR will be sent via the original email and since the email has had issues; the communication is likely to be taken as spam. The intensity of the message will not be considered severe by the targeted recipients, and the message will not reach the people within the expected time. OCR should respond effectively to the security breach so that they can once again obtain trust from the public. The method that the OCR will apply in responding to the breach will determine the effect it will have on the reputation of the company and the customers for the future of the department. The OCR should contact IT professionals like the communications experts and the external IT security teams to locate the source of the threat so that the internal IT professional can work diligently to disconnect the breached systems. The IT professionals should trace network logs and obtain reports to assist in identifying the points of intrusion and disable installed viruses. The most effective step here is to mobilize the public communication experts to come with a draft in response to the data breach. Finally, OCR should notify the business associates and the customers. The statements that are going to be used in the notification should not be misleading and damaging which can be achieved by willing to make things right and avoid future problems.
The OCR security breach was either created in the form as a Ransomware or a cyber-security. The best plan for the healthcare department is to evaluate a practical approach which should be systematic to security. Without a strong security posture that safeguards the data for patients, the information about the patients and other associates is in jeopardy. An effective IT security plan is essential. The first component of the plan is to use Risk Assessments to examine systems, assets, and devices that need protection. Once the devices and the assets are identified a risk target level is assigned, and this should be an immediate process. The second plan is to develop a security culture by ensuring that every member of the organization subscribes to a shared vision of the data security so that honest services become an obligation. A review of the IT security procedures and policies is applied to ensure that the security policies are in line with the recent levels in security threats and craftiness of cybercriminals. The policies must encompass ways to protect data, and this must involve measures to control access to patient data so that the risk to electronic healthcare records is reduced.
The fourth strategy to be applied in the plan is educating employees on ethical practices on security which is achievable through the training and awareness program designed explicitly for employees so that they can quickly secure environments during a situation. When employees are aware of ways to identify and avoid security threats, they remain strong and cannot be manipulated during the incident. Ultimately, OCR should consider a plan for Disaster Recovery and a comprehensive security plan. The current situations on security breaches are so many, and the IT departments must be prepared of a likelihood of the security breach occurring so that they can come with a strategic plan to avoid the situation. A disaster recovery plan is essential and must also be considered in the plan to deter security breaches. The recovery plan is critical since in the event of a security breach it is used to reduce unscheduled downtime and to recover data rapidly.
Do you need high quality Custom Essay Writing Services?