Information Security Report: Bethesda Hospital's Policies and Threats
VerifiedAdded on 2020/10/05
|9
|2540
|96
Report
AI Summary
This report provides a comprehensive analysis of information security practices at Bethesda Hospital, an Australian healthcare provider. It begins with an introduction to information security and its importance in protecting sensitive data from unauthorized access, disclosure, and disruption. The main body of the report focuses on Bethesda Hospital, detailing its background, services, and the need for a robust security policy. It explores the hospital's security policies, including server security and browser protection, and discusses the stakeholders involved. The report identifies potential threats and vulnerabilities, such as unpatched services, inattentive administration, plugins and extensions, and compromised websites. It also addresses specific vulnerabilities related to data integrity, confidentiality, and availability. The report concludes by suggesting mitigation strategies, including staff training, biometric authentication, and strong password policies to address these threats and ensure the protection of patient data and the hospital's information systems.
INFORMATION
SECURITY
SECURITY
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
INTRODUCTION ..........................................................................................................................1
MAIN BODY...................................................................................................................................1
CONCLUSION................................................................................................................................5
REFERENCES................................................................................................................................7
INTRODUCTION ..........................................................................................................................1
MAIN BODY...................................................................................................................................1
CONCLUSION................................................................................................................................5
REFERENCES................................................................................................................................7
INTRODUCTION
Information security is the practice which protecting unauthorized access, disclosure,
disruption, use, inspection and recording of necessary information. It is a set of strategies which
maintain procedure, techniques and policies that required for protecting confidential information.
(Laudon and Laudon, 2016). The report is based on Bethesda hospital which provide health care
services to the people and its is situated in Australia. The main purpose of this assignment is to
evaluate research, develop, formulate strategic security policy of Bethesda hospital. Also discuss
various threats and vulnerabilities which can mitigated.
MAIN BODY
Bethesda hospital is the private organization in which provides health care to their
patients. This institution was found in the year 1883 and have grown from community hospital to
one of the largest healthcare service provider in the region. The hospital provide integrated
program in which they treating people from physical, emotional, social and spiritual basis. The
CEO of Bethesda hospital is Roger L Kirk who begin service related to health care provided to
the country people. The hospital started with small group of community area for providing
healthcare services to the people. From 65 years, Bethesda hospital Foundation has assist
Hospital in reaching with potential their mission which are acquisition, management and
disbursement of charity assets. In the year of January 2013, Bethesda hospital begin as a state of
art, make sound environment which complement the architecture of external areas and
infrastructure. It includes 68 private patient rooms, 12 intensive care rooms, 4 full service
regulating suites, 24 emergency department and provide diagnostic facilities includes CT, MRI,
mammography and general radiography. They are provide various offers such as extensive array
of inpatient physical, occupational, respiratory and recreational therapies services (Cella and et.
al., 2010).
Security policy is the process which help in secure all organisation data and information
in proper manner. It is a set of policies which defines the manner in which organisations
determine how the computer and IT security threats will be handled. The documentation of the
security policy attempts to define all major assets which are possessed by the organisation and
major threats that can involve in the near future. Bethesda Hospital need to form effective
security policy which assist them in enhancing safety regarding data and information of an
1
Information security is the practice which protecting unauthorized access, disclosure,
disruption, use, inspection and recording of necessary information. It is a set of strategies which
maintain procedure, techniques and policies that required for protecting confidential information.
(Laudon and Laudon, 2016). The report is based on Bethesda hospital which provide health care
services to the people and its is situated in Australia. The main purpose of this assignment is to
evaluate research, develop, formulate strategic security policy of Bethesda hospital. Also discuss
various threats and vulnerabilities which can mitigated.
MAIN BODY
Bethesda hospital is the private organization in which provides health care to their
patients. This institution was found in the year 1883 and have grown from community hospital to
one of the largest healthcare service provider in the region. The hospital provide integrated
program in which they treating people from physical, emotional, social and spiritual basis. The
CEO of Bethesda hospital is Roger L Kirk who begin service related to health care provided to
the country people. The hospital started with small group of community area for providing
healthcare services to the people. From 65 years, Bethesda hospital Foundation has assist
Hospital in reaching with potential their mission which are acquisition, management and
disbursement of charity assets. In the year of January 2013, Bethesda hospital begin as a state of
art, make sound environment which complement the architecture of external areas and
infrastructure. It includes 68 private patient rooms, 12 intensive care rooms, 4 full service
regulating suites, 24 emergency department and provide diagnostic facilities includes CT, MRI,
mammography and general radiography. They are provide various offers such as extensive array
of inpatient physical, occupational, respiratory and recreational therapies services (Cella and et.
al., 2010).
Security policy is the process which help in secure all organisation data and information
in proper manner. It is a set of policies which defines the manner in which organisations
determine how the computer and IT security threats will be handled. The documentation of the
security policy attempts to define all major assets which are possessed by the organisation and
major threats that can involve in the near future. Bethesda Hospital need to form effective
security policy which assist them in enhancing safety regarding data and information of an
1
organisation. This will support in providing appropriate direction and value to an individual
within the company. In an organisation, the doctors require to safeguard all information related
to their patients such as test details, blood group data, medical history of common patients, other
related data (Bajdor and Grabara, 2014). Before developing security policy, the company require
to identify risk which occurs while implementing such policies. The major risks which are being
encountered by this healthcare institution are ransomware, phishing and numerous insider
threats. The firm require to formulate safety information policy after careful evaluation of the
approaches which are undertaken other hospitals strategies. At the time of developing policies,
they need to ensure that such policy are fulfilling all legal and ethical responsibilities of the
organisation. Also Bethesda hospital necessary for recognise their staff members views and
opinion regarding security policy and it is insure by organisation that all employees are
understand their policies. This type of development is very useful but on the other hand, it is
dangerous because patient data and other sensitive information are more risk which being stolen,
accessed and exposed due to emergence of numerous information security risks. As per this
outcome, security should be top priority for any hospital industry. Secure file is one of the
essential method which assist in keeping patient records and company data from harm. The
Bowser protection assist in protecting company networking data and computer system from
breach of privacy and security. It can be used to access the information and resources on the
world wide web. This is the software application for trace and display the web pages. The main
purpose of web browser is to carry out data and information resources to users.
Bethesda hospital is a private organisation so it is necessary for them is to formulate
effective policies and strategies in better manner. The stakeholders of Bethesda hospital are
patients, staff members, directors, government through which business draw its resources. They
are providing health care facilities directly to the patients and person involved are nurse,
physicians and health care providers. As per the discussion among stakeholders and directors,
they are develop Server security which supported in protecting the information and data that can
be accessed from a Web server (Gallagher and Sixsmith, 2014). The management of the
company have identified this to be most essential as they possess critical patient information and
their background. Security system includes confidentiality, availability, integrity of accurate
information and authentication. Along with this, it will help in protecting leaking of personal
data which are related to hospital patients. It is necessary for organisation is to safeguard their
2
within the company. In an organisation, the doctors require to safeguard all information related
to their patients such as test details, blood group data, medical history of common patients, other
related data (Bajdor and Grabara, 2014). Before developing security policy, the company require
to identify risk which occurs while implementing such policies. The major risks which are being
encountered by this healthcare institution are ransomware, phishing and numerous insider
threats. The firm require to formulate safety information policy after careful evaluation of the
approaches which are undertaken other hospitals strategies. At the time of developing policies,
they need to ensure that such policy are fulfilling all legal and ethical responsibilities of the
organisation. Also Bethesda hospital necessary for recognise their staff members views and
opinion regarding security policy and it is insure by organisation that all employees are
understand their policies. This type of development is very useful but on the other hand, it is
dangerous because patient data and other sensitive information are more risk which being stolen,
accessed and exposed due to emergence of numerous information security risks. As per this
outcome, security should be top priority for any hospital industry. Secure file is one of the
essential method which assist in keeping patient records and company data from harm. The
Bowser protection assist in protecting company networking data and computer system from
breach of privacy and security. It can be used to access the information and resources on the
world wide web. This is the software application for trace and display the web pages. The main
purpose of web browser is to carry out data and information resources to users.
Bethesda hospital is a private organisation so it is necessary for them is to formulate
effective policies and strategies in better manner. The stakeholders of Bethesda hospital are
patients, staff members, directors, government through which business draw its resources. They
are providing health care facilities directly to the patients and person involved are nurse,
physicians and health care providers. As per the discussion among stakeholders and directors,
they are develop Server security which supported in protecting the information and data that can
be accessed from a Web server (Gallagher and Sixsmith, 2014). The management of the
company have identified this to be most essential as they possess critical patient information and
their background. Security system includes confidentiality, availability, integrity of accurate
information and authentication. Along with this, it will help in protecting leaking of personal
data which are related to hospital patients. It is necessary for organisation is to safeguard their
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
critical information from being stolen and misused. Browser protection is the another security
policy which can be used by Bethesda hospital for preventing information which are send and
receive through internet within an organisation. The users need to secure browser for protecting
and security patients personal and financial data. In addition to this, the company can used this
security policy because this will protect network data and computer system from breaches of
privacy. Both server security and browser protection policies developed by Bethesda hospital
before conducting meeting with their stakeholders and directors of hospital (Essl and et. al.,
2011).
According to the above mentioned security policy such as server security and browser
protection which assist hospital in retaining and manipulating important data and information in
better manner. This will assist in protecting their patients personal details that related to medical
report, different test information and others data. There are various potential threats and
vulnerabilities which are faced by organisation's network that includes weak passwords, open
network ports, old software version, stale and unnecessary accounts and so on. Firstly, they
require to identify major risks and threats which occurs within an organisation. This is required
for hospital staff member is to evaluate the reason behind different technical security practices
which are presented in the document. There are various threats which create error and issue at
the time of securing data and information related to organisation. The operating system and
server software will create exploitable vulnerabilities, errors that made by final users and top
management. Along with this, threats can be local in nature, such as dissatisfied employee, such
as attacker in other geographical region. Risk assessment need to be conducted for identifying
particular threats or issues regarding server security and determine effectiveness in existing
security control system (Scherer and Schapke, 2011). The essential component of planning is
effectively control security of server that need to understand the threats which are related to
surroundings in which they distribute the company networks.
There are various threats and vulnerabilities of above policies in the hospital network
which are described as under:
Unpatched services – Unpatched software have emerged to be one of the leading
problem of the the institutions. The patches are referred to the changes which are to be carried
out in a software so that it is updated, fixed or improved in order to deal with vulnerabilities in an
effective manner. Most of the institutions are so inclined into service delivery that they do not
3
policy which can be used by Bethesda hospital for preventing information which are send and
receive through internet within an organisation. The users need to secure browser for protecting
and security patients personal and financial data. In addition to this, the company can used this
security policy because this will protect network data and computer system from breaches of
privacy. Both server security and browser protection policies developed by Bethesda hospital
before conducting meeting with their stakeholders and directors of hospital (Essl and et. al.,
2011).
According to the above mentioned security policy such as server security and browser
protection which assist hospital in retaining and manipulating important data and information in
better manner. This will assist in protecting their patients personal details that related to medical
report, different test information and others data. There are various potential threats and
vulnerabilities which are faced by organisation's network that includes weak passwords, open
network ports, old software version, stale and unnecessary accounts and so on. Firstly, they
require to identify major risks and threats which occurs within an organisation. This is required
for hospital staff member is to evaluate the reason behind different technical security practices
which are presented in the document. There are various threats which create error and issue at
the time of securing data and information related to organisation. The operating system and
server software will create exploitable vulnerabilities, errors that made by final users and top
management. Along with this, threats can be local in nature, such as dissatisfied employee, such
as attacker in other geographical region. Risk assessment need to be conducted for identifying
particular threats or issues regarding server security and determine effectiveness in existing
security control system (Scherer and Schapke, 2011). The essential component of planning is
effectively control security of server that need to understand the threats which are related to
surroundings in which they distribute the company networks.
There are various threats and vulnerabilities of above policies in the hospital network
which are described as under:
Unpatched services – Unpatched software have emerged to be one of the leading
problem of the the institutions. The patches are referred to the changes which are to be carried
out in a software so that it is updated, fixed or improved in order to deal with vulnerabilities in an
effective manner. Most of the institutions are so inclined into service delivery that they do not
3
focus on improving the server which carries crucial patient information. It can be seen as major
threat which directly affect on using of serve while operating business.
Inattentive administration – Management fails to patch their system which is one of the
greatest threats to server security. The primary cause of computer security vulnerabilities is to
assign untrained people for maintaining society and community. In this hospital, they are not
able to maintain records of patient in a secure manner due to lack of expertise.
There are various threats of browser protection policy which are mentioned as follows:
Plugins and extensions – This system mainly often third party PlugIns or extension
which installed for different tasks such as JavaScript or flash for displaying with content. The
origin, plugins and extension come with safety and security which attackers can leverage to gain
access in the company system or data (Parveen and Kumar, 2012). Such vulnerabilities allow
attacker to cause havoc by which includes installing ransomware, exfiltrating data and stealing
intellectual property. This threats will impact on hospital patients details and information in
badly manner.
Compromised high profile websites – It is that method which spread the infections and
exploiting the specific websites which submit infected content to advertising organisation. In the
hospital, this will create issue for distributing advertisement cost effectively.
For secure a server, it is important for define that threat must be mitigated. For
performing risk assessment and mitigation assist company in better evaluating their security
position and they decide how server should be secured in proper manner. There are various
information security threats such as rootkits, worms, denial of service attacks which operated all
reviewed. In the present scenario, protection of information and data are important
considerations for a business organisation to ensure the safety and protection of their
information. Vulnerability can refer as the known asset weakness which can be managed and
exploited through one or more cyber attacker.
In Hospital, the integration of networking, software, medical devices and operating
framework are related to safety and isolation of medical devices that are major challenge. As per
the identified sources, in Bethesda Hospital, numerous issues and potential vulnerabilities were
encountered including ensuring data integrity, data confidentiality and information availability
etc. Determining vulnerabilities comprises numerous security vulnerabilities which consist of
determination of some questions such as: whether data is backed up, stored accurately in cloud,
4
threat which directly affect on using of serve while operating business.
Inattentive administration – Management fails to patch their system which is one of the
greatest threats to server security. The primary cause of computer security vulnerabilities is to
assign untrained people for maintaining society and community. In this hospital, they are not
able to maintain records of patient in a secure manner due to lack of expertise.
There are various threats of browser protection policy which are mentioned as follows:
Plugins and extensions – This system mainly often third party PlugIns or extension
which installed for different tasks such as JavaScript or flash for displaying with content. The
origin, plugins and extension come with safety and security which attackers can leverage to gain
access in the company system or data (Parveen and Kumar, 2012). Such vulnerabilities allow
attacker to cause havoc by which includes installing ransomware, exfiltrating data and stealing
intellectual property. This threats will impact on hospital patients details and information in
badly manner.
Compromised high profile websites – It is that method which spread the infections and
exploiting the specific websites which submit infected content to advertising organisation. In the
hospital, this will create issue for distributing advertisement cost effectively.
For secure a server, it is important for define that threat must be mitigated. For
performing risk assessment and mitigation assist company in better evaluating their security
position and they decide how server should be secured in proper manner. There are various
information security threats such as rootkits, worms, denial of service attacks which operated all
reviewed. In the present scenario, protection of information and data are important
considerations for a business organisation to ensure the safety and protection of their
information. Vulnerability can refer as the known asset weakness which can be managed and
exploited through one or more cyber attacker.
In Hospital, the integration of networking, software, medical devices and operating
framework are related to safety and isolation of medical devices that are major challenge. As per
the identified sources, in Bethesda Hospital, numerous issues and potential vulnerabilities were
encountered including ensuring data integrity, data confidentiality and information availability
etc. Determining vulnerabilities comprises numerous security vulnerabilities which consist of
determination of some questions such as: whether data is backed up, stored accurately in cloud,
4
protected from different cloud vulnerabilities etc. It has also analysed that Bethesda Hospital face
cyber vulnerabilities in their hospital infrastructure that can affect the individuals. Other
vulnerability encountered by this is online medical devices can be threats for future time period
because it can be attack by hackers or other criminal. This method maintain regular patching and
software update when flaws impact on such equipments. Another key vulnerability which should
be outlined by Bethesda Hospital is Old hardware's inadequate disposal which Bethesda
Hospital used in order to store credentials or EHRs that aren't disposed correctly. This is also a
threat for criminals as this can endanger information and data as this is recoverable to own end.
In order to mitigate threats and vulnerabilities related to browser protection, the user is
required to incorporate various step so that they can protect their browser in all situations. They
are as follows:
To overcome with unpatched services, the organisation require to provide training
sessions for their staff member where they learn how to serve effective facilities to the
patients.
For mitigating the Plugins and extensions, hospital need to develop appropriate solution
which deal in eliminating such threats ransomware, exfiltrating data and stealing
intellectual property in proper manner.
For reducing the risk related to server security, it is required to make sure that biometric
authentication should be considered so that hackers can not enter the system
unnecessarily.
Also, strong authentication should also be used for setting the passwords so that no one
can assess any document without permission.
CONCLUSION
As per the above mentioned report, it can be analysed that information security is the
practice which protects unauthorized access, disclosure, disruption, use, inspection and recording
of necessary information. Security policy is the process which help in securing system,
organisation and its entity. There are two security policies which are developed by hospital that
are server security and browser protection. Along with this, it will help in protecting leaking of
personal data which are related to hospital patients. Along with this, threats can be local in
nature, such as disgruntled employee such as attacker in other geographical region. Some of
5
cyber vulnerabilities in their hospital infrastructure that can affect the individuals. Other
vulnerability encountered by this is online medical devices can be threats for future time period
because it can be attack by hackers or other criminal. This method maintain regular patching and
software update when flaws impact on such equipments. Another key vulnerability which should
be outlined by Bethesda Hospital is Old hardware's inadequate disposal which Bethesda
Hospital used in order to store credentials or EHRs that aren't disposed correctly. This is also a
threat for criminals as this can endanger information and data as this is recoverable to own end.
In order to mitigate threats and vulnerabilities related to browser protection, the user is
required to incorporate various step so that they can protect their browser in all situations. They
are as follows:
To overcome with unpatched services, the organisation require to provide training
sessions for their staff member where they learn how to serve effective facilities to the
patients.
For mitigating the Plugins and extensions, hospital need to develop appropriate solution
which deal in eliminating such threats ransomware, exfiltrating data and stealing
intellectual property in proper manner.
For reducing the risk related to server security, it is required to make sure that biometric
authentication should be considered so that hackers can not enter the system
unnecessarily.
Also, strong authentication should also be used for setting the passwords so that no one
can assess any document without permission.
CONCLUSION
As per the above mentioned report, it can be analysed that information security is the
practice which protects unauthorized access, disclosure, disruption, use, inspection and recording
of necessary information. Security policy is the process which help in securing system,
organisation and its entity. There are two security policies which are developed by hospital that
are server security and browser protection. Along with this, it will help in protecting leaking of
personal data which are related to hospital patients. Along with this, threats can be local in
nature, such as disgruntled employee such as attacker in other geographical region. Some of
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
threats are unpatched services, inattentive administration, plugins and extensions and
compromised high profile websites which required to be reduced by organisation.
6
compromised high profile websites which required to be reduced by organisation.
6
REFERENCES
Books and journals
Bajdor, P. and Grabara, I., 2014. The Role of Information System Flows in Fulfilling Customers’
Individual Orders. Journal of Studies in Social Sciences. 7(2).
Cella, D. and et. al., 2010. The Patient-Reported Outcomes Measurement Information System
(PROMIS) developed and tested its first wave of adult self-reported health outcome
item banks: 2005–2008. Journal of clinical epidemiology. 63(11). pp.1179-1194.
Essl, F. and et. al., 2011. Review of risk assessment systems of IAS in Europe and introducing
the German–Austrian Black List Information System (GABLIS). Journal for Nature
Conservation. 19(6). pp.339-350.
Gallagher, S. and Sixsmith, A., 2014. Engaging IT undergraduates in non-IT content: Adopting
an eLearning information system in the classroom. Interactive Technology and Smart
Education. 11(2). pp.99-111.
Laudon, K. C. and Laudon, J. P., 2016. Management information system. Pearson Education
India.
Parveen, R. and Kumar, U., 2012. Integrated approach of universal soil loss equation (USLE)
and geographical information system (GIS) for soil loss risk assessment in Upper South
Koel Basin, Jharkhand. Journal of Geographic Information System. 4(06). p.588.
Scherer, R.J. and Schapke, S.E., 2011. A distributed multi-model-based management
information system for simulation and decision-making on construction
projects. Advanced Engineering Informatics. 25(4). pp.582-599.
Wagner, T. and Wagner, O., Harman/Becker Automotive Systems GmbH, 2013. Travel time
information system. U.S. Patent 8,355,865.
Online
Web browser extension security: Mitigating browser plug-in threats. 2018. [Online]. Available
through: <https://searchsecurity.techtarget.com/tip/Web-browser-extension-security-
Mitigating-browser-plug-in-threats>.
7
Books and journals
Bajdor, P. and Grabara, I., 2014. The Role of Information System Flows in Fulfilling Customers’
Individual Orders. Journal of Studies in Social Sciences. 7(2).
Cella, D. and et. al., 2010. The Patient-Reported Outcomes Measurement Information System
(PROMIS) developed and tested its first wave of adult self-reported health outcome
item banks: 2005–2008. Journal of clinical epidemiology. 63(11). pp.1179-1194.
Essl, F. and et. al., 2011. Review of risk assessment systems of IAS in Europe and introducing
the German–Austrian Black List Information System (GABLIS). Journal for Nature
Conservation. 19(6). pp.339-350.
Gallagher, S. and Sixsmith, A., 2014. Engaging IT undergraduates in non-IT content: Adopting
an eLearning information system in the classroom. Interactive Technology and Smart
Education. 11(2). pp.99-111.
Laudon, K. C. and Laudon, J. P., 2016. Management information system. Pearson Education
India.
Parveen, R. and Kumar, U., 2012. Integrated approach of universal soil loss equation (USLE)
and geographical information system (GIS) for soil loss risk assessment in Upper South
Koel Basin, Jharkhand. Journal of Geographic Information System. 4(06). p.588.
Scherer, R.J. and Schapke, S.E., 2011. A distributed multi-model-based management
information system for simulation and decision-making on construction
projects. Advanced Engineering Informatics. 25(4). pp.582-599.
Wagner, T. and Wagner, O., Harman/Becker Automotive Systems GmbH, 2013. Travel time
information system. U.S. Patent 8,355,865.
Online
Web browser extension security: Mitigating browser plug-in threats. 2018. [Online]. Available
through: <https://searchsecurity.techtarget.com/tip/Web-browser-extension-security-
Mitigating-browser-plug-in-threats>.
7
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.