Information Security Report for ISY3006: Threats and Vulnerabilities

Verified

Added on 2022/10/07

AI Summary

This report, prepared for the ISY3006 Information Security unit, analyzes the development of a strategic security policy, identification of threats, and vulnerabilities within the Blacktown Hospital. The report emphasizes the importance of policies and procedures for patient care, staff safety, and IT security, including access control, video surveillance, and patient/staff tracking. It identifies various threats such as medical record theft, ransomware, internal employee risks, APTs, IoT botnets, and cryptomining. The report highlights the significance of HIPAA regulations and the difference between PHI and PHR. The analysis provides a comprehensive overview of the current information security landscape, emphasizing the need for proactive measures to protect sensitive data and ensure the hospital's operational integrity. The report also discusses the importance of allocating resources effectively and managing the IT environment to mitigate threats and adapt to changing regulations.

Running head: SECURITY AND INFORMATION
SECURITY AND INFORMATION
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SECURITY AND INFORMATION
Table of Contents
Development of Strategic Security Policy.................................................................................2
Identification of threats and vulnerabilities................................................................................5
References..................................................................................................................................8

2SECURITY AND INFORMATION
Development of Strategic Security Policy
Provisioning of services belonging to the healthcare sector has brought in together a
number of complexities as well as related risks towards the management of the professionals
that need to be considered with urgent attention towards the dealing and mitigating of the
same (Moosavi et al., 2015). However, all of such existing issues such as the likes of
accrediting or might as well of licensing the related standards along with the inclusion of
regulations as well as the third-party requirements shall be mitigated along with the
introduction of all the formal polices as well as the procedures meant for the security
infrastructure of the Blacktown Hospital. All of these policies as well as the procedures can
provide with a helping hand towards the promotion of safe as well as good quality care
towards the patients coming into the hospital, safety meant for the workplace (Moosavi et al.,
2016). In addition to this, compliance to all the regulations as well as most of the uniformity
belonging to the practices that are being carried out within the network of the hospital has
been mentioned as well.
It is an important aspect for the managers to properly draft as well as update all of the
policies along with that of the procedures keeping apart the prioritized areas such as the likes
of patient care. Delay within such activities can put forward outcomes, which can directly
lead to bigger consequences that are harmful (Chaudhry et al., 2017). In respect to the
members of the staff, following of such outdated policies can lead to the causing of harm to
the patients or can even lead to malpractice by the Blacktown Hospital.
In reference to the IT security within the Blacktown Hospital, the hospital needs to
successfully implement such strict policies as well as procedures to provide protection to the
networks, maintaining secure transmission of all the existing data, maintaining of
transmission that security over the servers, as well as protecting of all the confidential data
belonging to every single patient (Al-Janabi et al., 2017). Development of such related
policies as well as the procedures along with that of conducting the real time monitoring over
the audit of the secure practices, putting forward the assurance towards the security of the IT
environment belonging to the Blacktown Hospital.
It is however, important for the Blacktown Hospital to allocate all the resources in an
effective manner as well as managing of the IT environment in order to mitigate all of the
posing threats as well as bringing a change within the related regulations. This can be
properly managed by having a strict access control, related orientation of the employee as

3SECURITY AND INFORMATION
well as the regular trainings as well as the identification of the staffs, the visitors as well as
the patients visiting the Blacktown Hospital in accordance to the industrial regulations.
Three of the important aspects belonging to the maintenance of the security within the
Blacktown Hospital as well as the security to the IT services being addressed to the policies
as well as the procedures specifically (Angst et al., 2017). These are,
 Control of Access- this specifically refers to the particular access that is provisioned
to the people such as the likes of the patient, the visitors as well as the staff who are
granted or denied throughout the facilities belonging to the healthcare along with the
access belonging to the field of IT (Abouelmehdi, Beni-Hessane and Khaloufi, 2018).
Specifically, this area has the inclusion of maternity wards, the pediatric department,
the emergency ward, the intensive care unit as well as the pharmacy.
 Surveillance over video- the cameras meant for the purpose of video surveillance in
regards to the past mostly had the inclusion of the recorders for the time lapse or the
cassettes for the video that had been difficult as well as time - consuming belonging
to the staff to have a proper identification of specific events. As the technology
improved, the cameras belonging to the current scenario have specially embedded
processors as well as videos that can be compressed along with that of transmitted
over the networks related to the internet protocol in the real time. This particular
concept of possessing the special ability, to monitor as well as to record all of the
activity taking place within the premise of the Blacktown Hospital, at any given point
of time or from any location has provided with a fundamental helping hand to all of
the facilities belonging to the healthcare (Manogaran et al., 2017). This is in order to
optimize the security measures with the help of video surveillance.
 Tracking of the staff, the patient and the assets- keeping apart the facilities provided
to the patients that are being admitted to the Blacktown Hospital, it has been critically
considered to be important to provision them with the appropriate measure of safety
as well as the protection. With a helping hand from this technology, all of the
professionals working within the field of security as well as the related staff now
have the possession of identification, tracking as well as locating all the patients and
to provision them with the necessary measures of security against the cases of
abduction or departure.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4SECURITY AND INFORMATION
Protected information belonging to the health of the individual patients that is commonly
referred to as the personal health information, refers to information such as the likes of
medical history, demographics of the patient, results of the test as well as information related
to the insurance of the patient or might as well be any other related information. All of this
information specifically provisions the professional of the healthcare with the ease in
identification as well as an appropriate treatment of the respective patient.
In accordance to the Health Insurance Portability and Accountability Act (HIPAA), all of
the institutions working within the field of healthcare along with the companies working
within the field of insurance do not have the provision to share or might as well sell PHI data
except that meant for the usage within the research belonging to the treatment (Zhang et al.,
2015).
However, it is very much important for the Blacktown Hospital to point specifically
that the PHI is very much different from that of the personal health record (PHR).
Identification of threats and vulnerabilities
The landscape of threat has been moving as well as shifting from organizations to
organizations. In reference to the healthcare organizations operating within the current
scenario, the specific list of cyber threats as well as the other existing vulnerabilities have
been on a continuous growth. In most of the cases referring to the threats posed towards the
Blacktown Hospital, has reached far beyond just stealing of the credit cards belonging to the
hospitals or the data belonging to the transactions of the payment (Walker-Roberts,
Hammoudeh and Dehghantanha, 2018). The other existing targets that pose a threat to the
normal working of the Blacktown Hospital are,
 Medical records that shall be acquired by the fraud, provisioning the attackers with
the option of printing new cards belonging to the field of healthcare or to make
duplicates of the prescriptions.
 Safety of the particular medical records from that of the threat belonging to theft,
during which the fraudsters carry the capability of stealing all the records from the
data belonging to the recent patients that have been deceased.
 Identification of the potential threat related to the evasion of tax or the loans,
specifically within which the attackers have the specific ability to leverage all of the
personally identifiable information (PII) (Luna et al., 2016). These include the likes of

5SECURITY AND INFORMATION
numbers related entirely to the social security or may even be the dates belonging to
that of the births for variously existing taxes or schemes related to the money.
For the Blacktown Hospital, the threats prevailing to the likes of ransomware that specifically
refers to a software containing malicious content, that potentially encrypts all of the
information containing within the computer systems of the Blacktown Hospital. The primary
threat that is specifically posed by this ransomware, has the ability to lock down the entire
working of the computer system and in turn, shall ask the authority of the Blacktown Hospital
a specific sum of money to present the hospital with an authorization key to have the regained
access to the computer systems and get hold of the information in the same form it was
locked down (Kruse et al., 2017).
The threats existing internally within the Blacktown Hospital pose a threat to the
normal working of the health organization specifically from the employees working within
the organization itself. All of these employees mentioned within this context, have the
generalized access to all of the sensitive information as well as the capability to expose such
information to that of any outsider having a different motive, or might as well expose them to
the malicious intent of the hackers working online as well (Mansfield-Devine, 2017). For
instance, any of the employee undertaking such misconduct within the Blacktown Hospital,
can even cause particular harm to the relevant information belonging to the patients such as
the likes of important information that might be necessary for the specific treatment of the
respective patient.
Advanced Persistent Threats (APTs) are commonly referred, to as the stealthy as well
as the continuous attacks that is considerably posed against the targeted organizations meant
for the political or might as well be related to the business world (Branch, 2018). Some of the
common methods of attack posing a threat to the Blacktown Hospital includes the likes of
social engineering, exploitation of the vulnerability, as well as the zero days.
IoT Botnets specifically refer to that collection of compromised Internet of Things
(IoT) devices, such as the likes of Camera, monitors implanting the cardiac, all the related
wearables, as well as the other existing devices having a specific IP address, also with that
ability to have a proper connection towards the network (Coventry and Branley, 2018). All of
these mentioned devices having posed a specific easier routes towards the entry into the
specific network belonging to the Blacktown Hospital as well as to fly under the particular

6SECURITY AND INFORMATION
radar due to the employees sharing a common connection to that of the network having no
presence of security experts.
Cryptomining specifically refers to the usage of the resources belonging to the
computer having to perform complex calculations related to mathematics to have the
ultimatum towards the generating of the cryptocurrencies. Whenever an attacker makes use
of the infrastructure belonging to the Blacktown hospital to properly mine the crytocurrency
without the knowledge of the authority of the hospital, that process in particular is referred to
as cryptojacking (Segal, 2017). Cryptomining can arrive in a variety of forms, such as having
the face of a random phishing attack having delivered malware to the concerned computer
system, as well as through the existing websites making use of the mining completely based
upon the browser. The Blacktown Hospital as well as the other organizations operating within
the related field of healthcare, have become an increasingly rising targets for the miners as
targets for generating huge amounts of crypto currency (Talukder et al., 2018). These
organizations to be specific are painted upon as a target, for the particular reason that the all
of these organizations and in specific the Blacktown Hospital is in the possession of huge
chunks of data belonging to the customers.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7SECURITY AND INFORMATION
References
Abouelmehdi, K., Beni-Hessane, A. and Khaloufi, H., 2018. Big healthcare data: preserving
security and privacy. Journal of Big Data, 5(1), p.1.
Al-Janabi, S., Al-Shourbaji, I., Shojafar, M. and Shamshirband, S., 2017. Survey of main
challenges (security and privacy) in wireless body area networks for healthcare
applications. Egyptian Informatics Journal, 18(2), pp.113-122.
Angst, C.M., Block, E.S., D'arcy, J. and Kelley, K., 2017. When do IT security investments
matter? Accounting for the influence of institutional factors in the context of healthcare data
breaches. Mis Quarterly, 41(3).
Branch, L.E., 2018. Cyber Threats and Healthcare Organizations: A Public Health
Preparedness Perspective.
Chaudhry, J., Qidwai, U., Miraz, M.H., Ibrahim, A. and Valli, C., 2017. Data security among
ISO/IEEE 11073 compliant personal healthcare devices through statistical fingerprinting.
Institute of Electrical and Electronics Engineers.
Coventry, L. and Branley, D., 2018. Cybersecurity in healthcare: A narrative review of
trends, threats and ways forward. Maturitas, 113, pp.48-52.
Kruse, C.S., Frederick, B., Jacobson, T. and Monticone, D.K., 2017. Cybersecurity in
healthcare: A systematic review of modern threats and trends. Technology and Health
Care, 25(1), pp.1-10.
Luna, R., Rhine, E., Myhra, M., Sullivan, R. and Kruse, C.S., 2016. Cyber threats to health
information systems: A systematic review. Technology and Health Care, 24(1), pp.1-9.
Manogaran, G., Thota, C., Lopez, D. and Sundarasekar, R., 2017. Big data security
intelligence for healthcare industry 4.0. In Cybersecurity for Industry 4.0 (pp. 103-126).
Springer, Cham.
Mansfield-Devine, S., 2017. Leaks and ransoms–the key threats to healthcare
organisations. Network Security, 2017(6), pp.14-19.
Moosavi, S.R., Gia, T.N., Nigussie, E., Rahmani, A.M., Virtanen, S., Tenhunen, H. and
Isoaho, J., 2015, October. Session resumption-based end-to-end security for healthcare
internet-of-things. In 2015 IEEE International Conference on Computer and Information

8SECURITY AND INFORMATION
Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and
Secure Computing; Pervasive Intelligence and Computing (pp. 581-588). IEEE.
Moosavi, S.R., Gia, T.N., Nigussie, E., Rahmani, A.M., Virtanen, S., Tenhunen, H. and
Isoaho, J., 2016. End-to-end security scheme for mobility enabled healthcare Internet of
Things. Future Generation Computer Systems, 64, pp.108-124.
Segal, S., 2017. Controlling Critical Risks in Healthcare. IJCTT Journal, 48(1), pp.24-2.
Talukder, S., Witherspoon, S., Srivastava, K. and Thompson, R., 2018. Mobile Technology in
Healthcare Environment: Security Vulnerabilities and Countermeasures. arXiv preprint
arXiv:1807.11086.
Walker-Roberts, S., Hammoudeh, M. and Dehghantanha, A., 2018. A systematic review of
the availability and efficacy of countermeasures to internal threats in healthcare critical
infrastructure. IEEE Access, 6, pp.25167-25177.
Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X. and Luo, H.H., 2015. Security and privacy
for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless
Communications, 22(4), pp.104-112.