NIT5140 Information Security: Cloud Network Security - Red Cross Case

Verified

Added on 2024/06/03

AI Summary

This case study examines the 2016 data breach of the Australian Red Cross Blood Service, where the personal data of approximately 550,000 blood donors was exposed due to a backup file managed by their IT service provider. The report analyzes the key issues, actions taken by the Red Cross and the Australian Information Commissioner, and findings related to violations of the Australian Privacy Principles (APP). It highlights the importance of data security measures, third-party contract management, and transparent communication in mitigating reputational damage. The study concludes that organizations must prioritize data protection through encryption, password management, employee training, and compliance with security guidelines to prevent future breaches. Desklib offers similar case studies and resources for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

NIT5140 Information Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Contents
Abstract............................................................................................................................................3
Literature Review............................................................................................................................4
Business Case..................................................................................................................................5
Case Analysis...................................................................................................................................6
Conclusion.......................................................................................................................................8
References........................................................................................................................................9

Abstract
The concept of cloud network is related to cloud computing. Cloud networking in a process
under which the computing resources are managed by a third party through wide area networking
or internet technologies. It helps in sharing the computing resources with customers and clients.
This report aims to discuss a case of breach of data otherwise secured through cloud networking.
The Australian Red Cross Blood Service is an Australian company which is primarily working
for blood donation and other related services. The company faced data leak in October 2016.
This report is an attempt to understand the case, its findings, decision and conclusion.

Literature Review
According to Armerding 2018, many security breach cases have been reported until now. Most
common of these are of Equifax in 2017, Uber in 2016, Anthem in 2015, and many more. The
breach of data happens very frequently and therefore it is not easy to keep a count (Armerding,
2018). This report relates to such a data breach of Australian Red Cross Blood Services. The
breach of data can be a result of carelessness on part of organizations. It can be negligence of
following basic policies and procedures. According to Dutton, 2018, the major causes of breach
of data in recent cases are found to be theft of work on paper, data faxed or mailed to recipient
not intended, website of the company is not secured enough to protect data, theft of device which
is unencrypted (Dutton, 2018).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Business Case
The Australian Red Cross Blood service in an organization which allows blood donations by
individuals through booked appointments. In September 2016, Red Cross shared information of
approximately 550,000 blood donors details to a backup file which was created and saved by the
IT service provider of Red Cross Blood Service – Precedent Communications Pty Ltd. Later, in
October 2016, an anonymous person discovered the file and reported it to Australian Information
Security Officer (Hunter, et. al. 2016). The response of Red Cross was quick as they immediately
shut their website and the technical experts were asked to conduct the analysis of their server.
They also issued the news of breach of data through press release, their website and social
networks. The company later confirmed that the person who has downloaded the data file has
neither kept any copy nor shared it with anyone and has deleted the file.

Case Analysis
Key issues:
Database file of approximately 550,000 blood donors containing details of donors like their
name, age, blood group, contact numbers, country of birth, date of birth, etc. was found by an
anonymous person who immediately informed Troy Hunt, an Australian information security
officer. Following which it was confirmed that the data has been leaked and the company
informed interested persons about this breach.
Action taken
By company-
The company immediately on receipt of information of data breach blocked its website and made
a press release conforming about the data breach through its website, a public statement and
through other social networking platforms. It was ensured that the individual who reported the
data breach has no copy of the data and has not shared the details with anyone.
By Australian Information Commissioner-
The Australian Information Commissioner carried the investigation stating that either of the
parties involved have violated the Australian Privacy Principle (APP). The parties involved were
Red Cross Blood Services or Precedents Communications Pty Ltd. The violated principle shall
be APP 6 or APP 11.
Key Findings
With reference to APP 6, the key findings were that Red Cross Blood Services have not made
any unauthorized disclosure of the data. It was found that there was a human error committed by
an employee of Precedent Communication. Therefore, Precedent was found to have violated the
provisions of APP 6.
With reference to APP 11, the key findings were that Red Cross Blood Services has not taken
reasonable steps to secure the data. it has also breached the terms of APP 11.2 which requires an

organization to take reasonable steps to destroy the information which it doesn’t need anymore.
Neither did Red Cross check the policies of security measures taken by Precedent
communications while entering into contract. It was found that Precedents also failed in taking
required steps for data protection.
Steps taken by Red Cross
There were certain steps taken by Red Cross after the breach such as developing strategies for
monitoring privacy and security compliances. It also reviewed the measures of data security.
Key outcomes
Though Red Cross could have faced a significant amount of reputation damage, but timely
actions taken by the company saved its reputation. The Commissioner of Information Systems
also commended its case handling strategies and timely responses. Eventually, Precedent was
also saved from the legal consequences. This data breach case could have impacted the company
in worst ways, but the timely measures saved the company.
Through this case, it can be concluded that the companies must always take appropriate
measures to secure their data and must ensure that any cloud networking contracts signed with
third parties are thoroughly checked. The breach of data can happen with any company, but the
approach of Red Cross like being transparent with the public was a remarkable one.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Conclusion
The organizations need to take urgent measures to secure their data which can be achieved by
banning the sharing of data on devices which are unencrypted and updating and managing
passwords from time to time. All employees must also be trained about how the data can be
privately secured (P, 2017). Any unauthorized access to the data must be checked and actions
must be taken in time. The companies must make significant efforts to ensure better information
handling practices, and better compliance of information security measures and guidelines.

References
 Armerding, T., "The 17 biggest data breaches of the 21st century" CSO Online 2018.
[online]. Available: https://www.csoonline.com/article/2130877/data-breach/the-biggest-
data-breaches-of-the-21st-century.html [Accessed on 1 June, 2018]
 Flanningon, C. A., Australia: Lessons learnt from the Red Cross Blood Service data
breach investigation. Monday Q. [Online]. 2017. Available:
http://www.mondaq.com/australia/x/631346/data+protection/Lessons+learnt+from+the+
Red+Cross+Blood+Service+data+breach+investigation [Accessed on 1 June 2018].
 Hunter, F., Mcllroy, T., & Spooner, R., "Red Cross data leak: personal data of 550,000
blood donors made public" SMH 2016. [Online]. Available
https://www.smh.com.au/politics/federal/red-cross-data-leak-personal-data-of-550000-
blood-donors-made-public-20161028-gscwms.html [Accessed on 1 June, 2018]
 P, R., "15 ways to prevent data security breaches" Big Data Made simple[Online].
Available http://bigdata-madesimple.com/15-ways-to-prevent-data-security-breaches/
[Accessed on 1 June 2018]
 Spencer, L., Red Cross Blood Service partner owns up to data breach blunder. Arn Net.
[Online] 2017. Available: https://www.arnnet.com.au/article/625715/red-cross-blood-
service-partner-owns-up-data-breach-blunder/ [Accessed on 1 June 2018].