Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security in Bethesda Hospital

Verified

Added on 2023/03/31

AI Summary

This article discusses the importance of information security in Bethesda Hospital, including the threats, vulnerabilities, and mitigation strategies. It also explores the need for strict security policies and measures to protect patient data and prevent cyber attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY
INFORMATION SECURITY
Name of the Student:
Name of the University:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
Strategic security policy.............................................................................................................3
Threats, vulnerabilities and mitigation.......................................................................................7
Threats....................................................................................................................................7
Vulnerabilities........................................................................................................................8
Mitigation...............................................................................................................................9
References................................................................................................................................10

2INFORMATION SECURITY
Introduction
The Bethesda Hospital is a medical centre in Claremont, Australia. It is an advanced
multispecialty hospital that provides a wide variety of treatments to its patients. The hospital
uses different information systems for running their business. The hospital’s main
stakeholders are the board of trustees, the employees of the hospital, the patients and the
doctors who server there. From a business perspective all of these stakeholders are necessary
for proper functioning of the medical centre. The main nature of the business is in the
medical field. It deals with treating patients of diseases and slowly making them healthy. The
hospital deals with normal patient visits in doctor chambers for general check-up and in
speciality clinics for specialised check-up.
The hospital also has equipment and infrastructure to carry out surgeries and has
special intensive care units for serious patients. The hospital also operates an emergency
department. Maximum amount of business transactions in this business is done in insurance
claims due to the large sums of money involved. The rest of the payments are done in the
form or cash or cards. Cheque payment is generally not accepted in such businesses. Overall,
the Bethesda hospital is a well reputed medical centre that is jointly run by multiple
stakeholders and is in the medical business field.
Discussion
Strategic security policy
The security of a hospital can be divided into multiple parts. The security could be
internal security and external security. In external security, the main concerns are against
robbers, thieves, cyber criminals and terrorist trying to damage the hospital or the business.
The internal threats can be threat from malicious employees or patients with bad intentions.

3INFORMATION SECURITY
The internal security can also include problems from defective equipment or faulty
infrastructure. The first step toward creating a security policy is to identify the threats and put
frameworks or guidelines in place to protect the hospital against such threats. In the internal
threats, the threat of the thieves, robbers and terrorists can only be countered by enlisting
security services from top private security agencies and the local authorities.
The cyber threat is a whole new world which needs more complex guidelines in place to
prevent such attacks. The first step toward protecting oneself from cyber threats is to secure
all the internal systems in the hospital with proper security solutions (Ahmadi et al. 2017).
The computers used by the hospital staff and doctors should have proper login authentication
and data encryption algorithms enabled. All the staff should be required to have strong
passwords that must not be shared. On inputting of wrong login details three times in a row,
the user account must be auto locked to prevent further brute force attacks.
The second security measure is to secure the database server or the cloud platform where
all the hospital data is stored. Securing the physical servers with extra hardware firewalls and
special security software provides a chance to secure against any incoming attacks. The best
cloud services providing companies should be approached for renting cloud servers with the
state of the art security facilities. The critical computers of the hospital network can be
secured with biometric access and should have restricted access. For both internal and
external threats a separate security manager is needed to be appointed. Special trained staff
capable of handling emergency breach situations can also come handy and help in damage
mitigation in case of mishaps (Jalali and Kaiser. 2018).
The policies for information security varies from hospital to hospital. For the hospital
selected in this report few information security policies that can be implemented will be
discussed. Hospitals are needed to implement policies which are very strict in nature and hard

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4INFORMATION SECURITY
procedures that is needed in place to keep safe their networks, maintain a proper and secured
channel to transmit data and keep safe the confidential data of their patients. The compulsory
42 HIPAA safeguards must be implemented for maximum security (Karlsson, Hedström and
Goldkuhl. 2017). Creating and developing of the security policy for a hospital needs audit of
security measure and proper real time monitoring in order estimate the standard of the
hospital’s information security standards and what areas are needed to be improved. The
following steps can be implemented to improve the security of such systems.
1. Access control: The access control refers to the measures in place which allow or
restrict people to access data of people like patients, staff and visitors (Sinclair and
Smith. 2008). These access control is controlled by the healthcare facility and acts as
a gateway for outsiders to access hospital data. This areas that need access control
includes paediatric departments, intensive care units, emergency department,
maternity wards and the hospital pharmacy. Proper security measures to safeguard
access to this areas can improve the security of the hospital.
2. Video surveillance: This way is a big improvement over the previous security
measures which help the staff of the hospital do continuous monitoring of areas of the
hospital and can later be used to identify certain people or events if anything wrong
happens. In today's time more and more hospitals are being equipped with next
generation video surveillance cameras that come with improved processors that can
transmit the video in real time by compressing it. This helps the security staff to view
the hospital areas live from a safe location continuously 24 hours and 7 days a week.
Such measures can help improve the information security as all the devices in the
hospital can be monitored using this feature.
3. Patient, staff and asset tracking: This technology is quite advanced and is being
used in more and more hospitals in recent days. In this technology a tracking chip or

5INFORMATION SECURITY
devices is attached with the patients admitted which helps in the continuous
monitoring of patient location and vital statistics (Yang et al. 2016). This measure can
help in increasing the hospital security against patient elopement or abductions. This
device would let the security staff identify, locate and track the patients.
4. The patient data can be divided into two parts which are personally identifiable
information (PII) and protected health information (PHI). The PII is a set of data
values that are used to identify a patient and retrieve their medical information using a
computer. The PII is a set of data that includes full name of the patient, personal
identification number like a passport or any other valid document, email address,
postal address, telephone number, personal photograph or biometric and personal
assets information. This information is stored within the facility computer systems
and can be retrieved by the staff members (Kuhn and Giuse. 2001). These data may
seem harmless individually but when combined together can be used to compromise
someone’s identity. Protection of these information systems is extremely crucial.
The PHI is a set of data values to identify the health record of the patient along with
their any other extra information. This varies from the PII in the sense that this record
is even more detailed and consists of 18 unique data fields that can together give out
the full identity of the patient. So, it is of paramount importance that proper security
measures like encryption and authentication of these medical information systems be
implemented and maintained by a set of trained professionals in order to prevent a
breach in the hospitals security. Another means of reducing a breach of such data can
be by implementing policies or measures where only the absolutely necessary data is
kept by the hospital and all other unnecessary and extra data should be eliminated.
Access control measures can also be implemented in order to secure these data from

6INFORMATION SECURITY
unsafe hands. The data when being transferred online must always be encrypted first
before transmitting.
So by following all these policies the overall information security can be improved in
the Bethesda hospital.
Threats, vulnerabilities and mitigation
The main assets of a hospital network is the critical patient information that are stored
within their information systems. The critical information stored in these information systems
contains information that can reveal identities and medical history of its patients and
compromise their identities (Öğütçü, Testik and Chouseinoglou.2016). The hospital
equipment that are connected to the network and also can be operated remotely are more
vulnerable to the outside cyber threats. The next section discusses these aspects in detail.
Threats
The main threats faced by the Bethesda hospital from an information security point of
view is the cyber threats that can steal or disrupt their services. The main threat can be cyber
criminals or hackers who can hack into the information systems and steal critical information
of their patients and stakeholders. A data breach of a big magnitude can result in massive
losses and revenues for the hospital as people may lose faith in the hospital. A data breach
can lead to loss of crucial information of the patients, hospital financial details, bank details
and doctor information (Floyd, Grieco and Reid. 2016). These information can be sold to
third party criminal organisations or used for blackmail purposes. The stolen information can
also be used to create false identities which can then be used for criminal purposes. Such
misuse of the hospital information can lead to loss of clients and multiple lawsuits against the
firm. The sensitive nature of the medical history data of the patients are very crucial and must
be protected at all costs under the government guidelines.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7INFORMATION SECURITY
Among other threats ransomware, DDoS attacks, insider threats and business
document compromise and email scams are the most damaging to the hospital (Kruse et al.
2017). The ransomware threat can lead to permanent loss of crucial data or system control
and loss of money in the form of ransom payments (Tuttle, 2016). The DDoS attacks can lead
to disruption of the online services provided by the hospital along with total network failure
inside the hospital (Nilashi et al. 2016). The insider threats includes corrupt staff members,
patients or doctors trying to steal crucial information from the hospital system they have
access to. The business scams are the least to be worried about and are not that serious in
damage respect.
Vulnerabilities
The main vulnerabilities that may affect the Bethesda hospital in a future cyber-attacks are:
1. Employee negligence: It has been seen in most cases that the employee negligence
has often resulted in security breaches. Due to the negligent behaviour of the
employees many times the security of the network is affected. For example, it was
reported that most of the hospital employees connected to the hospital network via
their smartphones for accessing crucial official documents without even having any
sort of security measures installed on their smartphones. It has been also seen that
most of the hospital managements never try to secure their staff’s smartphones or
personal devices.
2. Security gaps with business associates: In most of the hospitals there is a
communication or skill gap between the hospitals and their third party business
security associates. The maximum of the hospitals accept that they are not confident
of the business security associates and their ability to detect and report data breaches.
3. Criminal threats: The major threat against hospitals is the constantly upgrading
techniques used by cyber criminals and hackers to hack into the hospital’s information

8INFORMATION SECURITY
system and steal their information. The risk of hackers and cyber criminals has almost
doubled in the last few years (Loukas, 2015).
4. Inadequate security of the EMRs: Most of the hospitals including the Bethesda
hospital uses electronic medical record or EMRs to store and protect the information
of their patients and staff (Kuo, 2018). These system needs to have proper and high
level security measures in order to prevent data breaches. But it has been reported that
insecure or low quality EMR systems are the leading causes of hospital data breaches.
Mitigation
The best way to mitigate these threats is by training the employees of the hospital
about the importance of security measures and enforcing strict rules that must be followed for
accessing the hospital devices and networks (Karimi and Peikari. 2018). The Bethesda
hospital can also try to get more experienced and high quality business security associates to
provide proper security and analysis against future data breaches (Almohri et al. 2017). The
hospital can also try to purchase better electronic medical records in order to minimize the
risk of a data breach occurring at the hospital. The access control mechanism can also be
implemented with access given to the most trusted employees and multiple signatories can be
used when retrieving crucial information. This techniques can help mitigate the damage of
the cyber-attack or help in preventing one.

9INFORMATION SECURITY
References
Ahmadi, H., Nilashi, M., Shahmoradi, L. and Ibrahim, O., 2017. Hospital Information System
adoption: Expert perspectives on an adoption framework for Malaysian public
hospitals. Computers in Human Behavior, 67, pp.161-189.
Almohri, H., Cheng, L., Yao, D. and Alemzadeh, H., 2017, July. On threat modeling and
mitigation of medical cyber-physical systems. In 2017 IEEE/ACM International Conference
on Connected Health: Applications, Systems and Engineering Technologies (CHASE) (pp.
114-119). IEEE.
Floyd, T., Grieco, M. and Reid, E.F., 2016, September. Mining hospital data breach records:
Cyber threats to US hospitals. In 2016 IEEE Conference on Intelligence and Security
Informatics (ISI) (pp. 43-48). IEEE.
Jalali, M.S. and Kaiser, J.P., 2018. Cybersecurity in hospitals: a systematic, organizational
perspective. Journal of medical Internet research, 20(5), p.e10059.
Karimi, Z. and Peikari, H.R., 2018. The Impact of Nurses’ Perceived Information Security
Training and Information Security Policy Awareness on their Perceived Severity and
Certainty of Information Security Breach Penalties (Case: the Educational Specialized
Hospitals of Isfahan City). Journal of Nursing Education, 7(2), pp.17-24.
Karlsson, F., Hedström, K. and Goldkuhl, G., 2017. Practice-based discourse analysis of
information security policies. Computers & Security, 67, pp.267-279.
Kruse, C.S., Frederick, B., Jacobson, T. and Monticone, D.K., 2017. Cybersecurity in
healthcare: A systematic review of modern threats and trends. Technology and Health
Care, 25(1), pp.1-10.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10INFORMATION SECURITY
Kuhn, K.A. and Giuse, D.A., 2001. From hospital information systems to health information
systems. Methods of information in medicine, 40(04), pp.275-287.
Kuo, R.Z., 2018. EMRS Adoption: Exploring the effects of information security management
awareness and perceived service quality. Health Policy and Technology, 7(4), pp.365-373.
Loukas, G., 2015. Cyber-physical attacks: A growing invisible threat. Butterworth-
Heinemann.
Nilashi, M., Ahmadi, H., Ahani, A., Ravangard, R. and bin Ibrahim, O., 2016. Determining
the importance of hospital information system adoption factors using fuzzy analytic network
process (ANP). Technological Forecasting and Social Change, 111, pp.244-264.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Sinclair, S. and Smith, S.W., 2008. Preventative directions for insider threat mitigation via
access control. In Insider Attack and Cyber Security (pp. 165-194). Springer, Boston, MA.
Trang, M.N., 2017. Compulsory corporate cyber-liability insurance: Outsourcing data privacy
regulation to prevent and mitigate data breaches. Minn. JL Sci. & Tech., 18, p.389.
Tuttle, H., 2016. Ransomware attacks pose growing threat. Risk Management, 63(4), p.4.
Yang, J.J., Li, J., Mulder, J., Wang, Y., Chen, S., Wu, H., Wang, Q. and Pan, H., 2015.
Emerging information technologies for enhanced healthcare. Computers in industry, 69, pp.3-
11.

1 out of 11

+13062052269

info@desklib.com

Information Security in Bethesda Hospital

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Reducing Server Security Risks and Threats

Information Security For Big Supermarket

Research in Advanced E-Security

Dealing with Information Security

Information Security Management for Beyond Health

Professional Skills In Information Communication Technology: Cyber Security