Vulnerability Assessment 2022
Added on 2022-10-17
6 Pages1205 Words12 Views
VULNERABILTY ASSESSMENT
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date)
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date)
Introduction
According to NIST a vulnerability is a weakness in an information system, internal
controls, or implementation plan. To minimize on vulnerability an assessment needs to be done.
Vulnerability assessment is a central component when designing a security program. A well-
functioning vulnerability assessment includes remediation and testing. The monogram presents a
vulnerability and execution plan for a hospital.
Vulnerability analysis and Execution plan
Ways to breach security of a hospital
Malware
According to Becker hospital, data breaches across healthcare facilities is approximately
6.5 million dollars annually. In 2016 at least one health facility was breached which affected
over 27 million patient records. There are three possible ways to breach security of a hospital
which includes malware and ransom ware. In here cyber criminals uses ransom ware to
shutdown hospital servers and the entire network. In addition hackers use malware to steal
patient records for sell. Example a hacker who goes by the name thedarkoverlord who stole
patients’ records using malwares. The hacker then broke down the data into databases with
prices ranging from 151 to 643 bit coins this amounts to around 96,000 US dollars to 411, 000
US dollars. As indicated by the hacker the first database contained 48 thousand patients from
Farmington hospital. The second database as indicated by the hacker contained 397,000 medical
records which were stolen via ransomware attack and accssiable via internal network. The details
stolen by the hacker contained full names, physical address, dates of birth, email address,
insurance policy number, and social security numbers (portalDeepDotWeb, 2016). Other
According to NIST a vulnerability is a weakness in an information system, internal
controls, or implementation plan. To minimize on vulnerability an assessment needs to be done.
Vulnerability assessment is a central component when designing a security program. A well-
functioning vulnerability assessment includes remediation and testing. The monogram presents a
vulnerability and execution plan for a hospital.
Vulnerability analysis and Execution plan
Ways to breach security of a hospital
Malware
According to Becker hospital, data breaches across healthcare facilities is approximately
6.5 million dollars annually. In 2016 at least one health facility was breached which affected
over 27 million patient records. There are three possible ways to breach security of a hospital
which includes malware and ransom ware. In here cyber criminals uses ransom ware to
shutdown hospital servers and the entire network. In addition hackers use malware to steal
patient records for sell. Example a hacker who goes by the name thedarkoverlord who stole
patients’ records using malwares. The hacker then broke down the data into databases with
prices ranging from 151 to 643 bit coins this amounts to around 96,000 US dollars to 411, 000
US dollars. As indicated by the hacker the first database contained 48 thousand patients from
Farmington hospital. The second database as indicated by the hacker contained 397,000 medical
records which were stolen via ransomware attack and accssiable via internal network. The details
stolen by the hacker contained full names, physical address, dates of birth, email address,
insurance policy number, and social security numbers (portalDeepDotWeb, 2016). Other
types of malware utilized by hackers are worms, back door, and spyware, capture store data, and
RAM scrapper.
Human error
Hackers are utilizing errors created by health professionals to steal health records. The
most common types of human errors are miss-delivery which is at 38.2 percent. In here health
professionals send medical information to the wrong person who might be a hacker this able to
access patient’s data. Another human error is disposal error which is at 17.2 percent. Here health
professions discard medical documents without shredding them and last form of error is loss
which is the art of misplacing a thumb drive which contains unprotected medical records.
Weak passwords
Most of health professionals uses insecure passwords such as their names, and pets to
login to medical records system. In secure passwords enables a hacker to gain unauthorized
access to a protected network. Here a hacker uses brute force type of attacker to gain the
passwords thus able to login to the system to get medical data. The hacker then uses RDP
protocol to get a direct access to medical record sensitive information
The type of data obtained
The information stolen from medical facility using the above three ways includes names,
city, state, ZIP, home addresses, date of birth, social security numbers, dates of birth, and home
phone numbers.
Hacker’s perspective
The major aim of stealing health records information by the hacker is to sell the data.
Currently data stolen from hospitals contain over one terabyte is sold at around 19,166 dollars.
For the US consumers stolen medical data goes for 82.90$ a piece which social security numbers
RAM scrapper.
Human error
Hackers are utilizing errors created by health professionals to steal health records. The
most common types of human errors are miss-delivery which is at 38.2 percent. In here health
professionals send medical information to the wrong person who might be a hacker this able to
access patient’s data. Another human error is disposal error which is at 17.2 percent. Here health
professions discard medical documents without shredding them and last form of error is loss
which is the art of misplacing a thumb drive which contains unprotected medical records.
Weak passwords
Most of health professionals uses insecure passwords such as their names, and pets to
login to medical records system. In secure passwords enables a hacker to gain unauthorized
access to a protected network. Here a hacker uses brute force type of attacker to gain the
passwords thus able to login to the system to get medical data. The hacker then uses RDP
protocol to get a direct access to medical record sensitive information
The type of data obtained
The information stolen from medical facility using the above three ways includes names,
city, state, ZIP, home addresses, date of birth, social security numbers, dates of birth, and home
phone numbers.
Hacker’s perspective
The major aim of stealing health records information by the hacker is to sell the data.
Currently data stolen from hospitals contain over one terabyte is sold at around 19,166 dollars.
For the US consumers stolen medical data goes for 82.90$ a piece which social security numbers
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Vulnerability Assessment for a Hospital Set-uplg...
|2
|580
|300
The Bronx-Lebanon Hospital Center Data Breakagelg...
|10
|2377
|257
Risks and Mitigation in Implementing Electronic Health Recordlg...
|7
|2738
|191
Unit Cybersecurity Managementlg...
|14
|3497
|81
JP Morgan Data Breachlg...
|5
|722
|96
Internet of Things (IoT) Security: Current Status, Challenges and Prospective Measureslg...
|12
|760
|401