Question

I want you to evaluate at least three categories of data that could be found in a healthcare organization and to determine the relative value of that data to an outside attacker. Categories of information could include health history, scheduled procedures, lab test results, medication record, payer information (e.g. Insurance, Medicaid, Medicare info), personal information (including birthdate, address, ssn), or others.

Indicate the following for each of the three categories you choose:
1. Type(s) of harm that could occur from breach: reputation, financial, health related, other (include at least a 2-3 sentence explanation for each type of harm that may result)
2. Impact of the harm on the individual: low, med, high (Include a 2-3 sentence explanation. Minor inconvenience would be low. Death would be high.)
3. Impact of the harm on organizations: low, med, high (Include a 2-3 sentence explanation. This could include both the healthcare organization and any other organization that may be impacted financially (e.g. credit card companies) or otherwise by the breach.)
4. Impact of the harm on society: low, med, high (Include a 2-3 sentence explanation. If only a few individuals are harmed then the impact on society would be low even if the impact on the individual might be high.)
5. Difficulty of the attack: low, med, high (Include a 2-3 sentence explanation. How hard do you think it would be for an outside attacker to access this information?

Answer 1

1.It has a great impact on people with name and fame.Disclosure of their records results in loss of reputation.

The hackers use these and claims the individuals fund under health insurance. It cause major financial effect to the individual.

Disclosure of our records makes individual suffer from minor psychological effect.For example stress and depression.

2.Impact on individual depends on the type of illness they suffer.

Minor impacts can occur by disclosure of records that is usually a common disorder.

Major impacts results when disclosure of the most private informations .For example details of fertility treatment held confidentially.

Moderate impact means even after revealing the records will not affects the individual life.

3.Usually high impact for organization because the confidence and the trust is lost by means of this act in the views of people. Low impact if it is identified early.It shows Health care organization not maintaining proper record system and poor management. For insurance agencies , it create as a black mark to them.

4.Absolutely it has high impact because disclosure of personal records easily can affects both individual and the organization in the society. Hence people have poor tendency to obtain benefits from the organization.And also the organization also cannot run efficiently as before.

5.It will not be hard, they can get help of the inside helper from the organization which makes them to get information.More and more hackers are emerging hence it is more easy to them.