PRT 574 S2: Security Assessment & Privacy Violation in Data Breach

Verified

Added on 2023/06/12

AI Summary

This report examines the ransomware attack on Arkansas Oral facial Surgery center, impacting 128,000 patients and encrypting sensitive data. It details the incident, including the timeline, affected data types (names, addresses, SSNs, health insurance details, and medical images), and the center's response, which included informing patients and offering credit monitoring services. The report discusses the privacy implications, such as potential misuse of patient records, disruption of operations, reputational harm, and financial losses. It also explores measures countries can take to prevent such violations, emphasizing system updates, data protection prioritization, data backups, and enhanced security measures. The report concludes by highlighting the importance of data security and preventative measures in safeguarding patient information.

Running head: SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
Table of Contents
Introduction................................................................................................................................3
Reported incident.......................................................................................................................3
Privacy implication....................................................................................................................5
How do counties avoid the privacy violation?...........................................................................6
Conclusion..................................................................................................................................6
References..................................................................................................................................7

3SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
Introduction
The article which is taken into consideration is the ransomware attack which
potentially impacted more than 128000 Arkansas patient. The main technological impact
which is majorly seen in the article is related to the ransomware (Sharma, Zawar and Patil
2016). The ransomware can be considered as a malicious software or a malware which ones
takes over computer can directly deny the access to important information or the data. After
the attack is generated the attackers demand a ransom from the victim not always truthful in
order to restore the access of the data upon the payment. The user of the organization is
shown steps how to pay the fee to get the key which can be used for the process of decryption
(Henseler and Loenhout 2018). The cost can range from few hundred dollars to thousand
which are payable through the cybercriminal currency which is the bit coin.
The main aim of the report is to take into consideration an article which is related to
privacy violation. The description of the privacy implication are widely discussed in the
report.
Reported incident
The Arkansas Oral facial Surgery center which is located in the Fayetteville had
experienced a ransomware attack that impacted up to 128000 patients. The concept of the
ransomware was installed in the network between the time period of July 25th and 26th 2017
(Sharma, Zawar and Patil 2016). The most important aspect which occurred in the event was
that it was detected in an early stage, although not before the images of the x-ray and
different other documents were encrypted. The incident did not result in the encryption of the
database but on the other hand encrypted a relatively limited set of the data of the patient
related to their recent visit encrypted. The data of the patient which was effected by the attack

4SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
was majorly the patient who had visited for treatment in three week prior to the ransomware
attack.
The attack which is related to the ransomware can be considered still under
investigation although till date it can be stated to have no evidence which is related to the
data theft. According to Arkansas Oral facial Surgery center the main motive behind the
attack was to extort money and not steal the data (Yang et al. 2015). However in this context
it can be stated that it was not possible to rule out the aspect which is related to data access or
data theft with a certainty of high degree. The files and the images which were majorly
accessed included the information which is related to address, name, date of birth of patients,
security social number, details of the health insurance and other critical information. The
attack has also rendered files which were related to the medical image and details of the visit
of the patient was not available. Due to the factor that the sensitive data of the patient were
being accessed, patients were informed about the breach by the help of mailing them. All the
impacted individual have been offered with identity repair and credit of service monitoring
though All Clear ID for 12 months without any charge involved into the concept. The
customers were also very much afraid of the event which had taken place and they were
majorly concerned how their personal data would be used and whether the data would be
retrieved or not (Muhammad 2017).
Arkansas Oral facial surgery center has warned patient to be very much alert for the
attack of phishing in the wake of the breach and also has confirmed that it would not be
requesting any request which is related to the personal information via email or phone calls.
If the patient were requested of any type of personal information it would be directly a scam
activity. They should not disclose their personal information by any mean to keep themselves
safe form the different types of attack which can be generated from the concept (Kim and
Kim 2015).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
Privacy implication
The main privacy implication which can be related to the aspect of the attack which is
related to the ransomware directly impact the patient. This is due to the factor that most of the
data of the patient which may also include personal record of the patient. In most of the cases
it can be seen that the record of the patient are used in many unethical activity which can
impact the life of the patient in different manner (Gupta and Tripathi 2017). The main aspect
which can be related to the concept is the sector of security of the data. Some of the possible
impact which can be stated in context of the ransomware stated below:
 Disrupts the regular operation of the organization which has been effected.
 Temporary or permanent loss of the sensitive data or proprietary information.
 Potential harm to the reputation of the organization.
 Financial losses which are incurred for the aspect of the restoring the file and the
system.
The main motive behind the process of attack is to get some ransom. In this process it
can be stated that there are no guarantee that the information would be retrieved after the
paying of the amount. Sometimes the quality of the data can be also a sector of issue which
can be related to the data which is encrypted (Iqbal and Beigh 2018). On the other hand it can
be stated that decrypting of the files does not completely means that the malware infection is
removed from the file. There can other types of privacy implications which can take place in
different sector of the working with the technology. The main mitigation aspect which can be
stated in this context is to be extra cautious of the different aspects which are related to the
exposing of giving the personal information to anyone. The personal data in these concept
should be very much secured and always kept in personal possession (Savaglia and Wang
2017).

6SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
How do counties avoid the privacy violation?
The main aspect which should be taken by most of the countries in order to avoid the
privacy implication is that they should keep the system updated. On the other hand it should
be taken into special care that the data of the people who reside in the country should be of
upmost priority. The safe guard and back of the data should be also given so that if the data
are lost it would not hamper the normal functionality. Security measures should be tried to be
enhanced on a routine basis to safe guard the system form intruders.
Conclusion
The report majorly focus on the aspect of ransomware attack which was generated in
the Arkansas Oral facial Surgery center. The attack had altered the normal functionality of
the organization and majorly impacted the data of the organization and forced them to take a
precaution measure which would be directly preventing the attack. The main aim which is
related to the attack is to gain money in order to provide a key which is related to the
decryption process. The safety of the data can be considered one of the most vital factor
which would be directly incorporating the desired standard of the system.

7SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
References
Alghamdi, K., Alsalamah, S., Al-Hudhud, G., Nouh, T., Alyahya, I. and AlQahtani, S., 2018.
Region-Based Bed Capacity mHealth Application for Emergency Medical Services: Saudi
Arabia Case Study. eTELEMED 2018, p.114.
Gupta, G. and Tripathi, K., 2017. STUDY ON RANSOMWARE ATTACK AND ITS
PREVENTION. International Education and Research Journal, 3(5).
Henseler, H. and van Loenhout, S., 2018. Educating judges, prosecutors and lawyers in the
use of digital forensic experts. Digital Investigation, 24, pp.S76-S82.
Iqbal, J. and Beigh, B.M., 2018. Software Engineering A Profession: Indian Perspective.
Kim, D. and Kim, S., 2015. Design of quantification model for ransom ware prevent. World
Journal of Engineering and Technology, 3(03), p.203.
Kim, D., Shin, D., Shin, D. and Kim, Y.H., 2018. Attack Detection Application with Attack
Tree for Mobile System using Log Analysis. Mobile Networks and Applications, pp.1-9.
Muhammad, A., 2017. Design of Research Coordination Portal Case Study Federal
Polytechnic, Bauchi. Applied Sciences, 1(1).
Savaglia, J. and Wang, P., 2017. CYBERSECURITY VULNERABILITY ANALYSIS VIA
VIRTUALIZATION. Issues in Information Systems, 18(4).
Sharma, M.P., Zawar, M.S. and Patil, S.B., 2016. Ransomware Analysis: Internet of Things
(Iot) Security Issues, Challenges and Open Problems Inthe Context of Worldwide Scenario of
Security of Systems and Malware Attacks. Int. J. Innov. Res. n Sci. Eng, 2(3), pp.177-184.
Yang, T., Yang, Y., Qian, K., Lo, D.C.T., Qian, Y. and Tao, L., 2015, August. Automated
detection and analysis for android ransomware. In High Performance Computing and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8SECURITY ASSESSMENT IN SOFTWARE DEVELOPMENT
Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety
and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and
Systems (ICESS), 2015 IEEE 17th International Conference on (pp. 1338-1343). IEEE.
Yasin, A., Liu, L., Li, T., Wang, J. and Zowghi, D., 2017. Design and preliminary evaluation
of a cyber Security Requirements Education Game (SREG). Information and Software
Technology.