Healthcare and Security Breaching

Security Breaching in healthcare

How serious was this e-mail security breach? Why did the Kaiser Permanente leadership react so quickly to mitigate the possible damage done by the breach?

Data breaches are regarded as severe violations of privacy and security. For HIPAA violations, the county prosecutor has the right to file legal actions on the representation of the individuals. When they were informed of the breach, the Kaiser Permanente leadership immediately investigated and apologized to those affected. Kaiser Permanente's leadership reacted quickly because the company could face criminal charges and civil lawsuits. The management formed a team to analyze the root cause and start a mitigation process. Later the Organization should notify its members. Consumers who a compromise of safeguarded PHI has impacted must be informed within sixty days of the breach's detection (Wager, Lee &Glaser, 2017). The notification is also reported to the Secretary of HHS on an annual basis. Later, a press conference is issued to inform on the nature of the breach, information exposed, and response to the breach by the hospital. It can be done on KPs home page of its website.

Assume that you were appointed as the administrative member of the crisis team created the day the breach was uncovered. After the initial apologies, what recommendations would you make for investigating the root cause(s) of the breach? Outline your suggested investigative steps.

After the Organization is notified of the breach, steps are taken to prevent further damage to the business. Apologies are given to the members who were affected by the breach. The first step is to identify the violation and to stop it from continuing. The business determines how the breach occurred, and the entry and exit points are closely monitored when the infringement has been identified. The crisis team should categorize KP's recent national reorganizational and launching of KP online as a weakness. The next step is to assemble an incident response team with defined roles and responsibilities to make decisions and manage situations accordingly. After assessing what leads to the breach, the Organization must secure the systems to prevent a similar incident by analyzing security and preventive controls. KP undertakes a detailed analysis of their approach to the intrusion when it occurs; it identifies lessons and improves industry standards in cybersecurity through practical security training and information and gadgets are encrypted (Strawbridge, 2018).

How likely do you think future security breaches would be if Kaiser Permanente did not take steps to resolve underlying group and organizational issues? Why?

Cybercrime directed at health information systems has increased significantly over the recent years. About 90% of health care organizations report health information security breaches, and of the many reports, half of them are from criminal activity. If KP did not undergo organizational restructuring, future HIPAA violations would be unpreventable. The cause of the intrusion was investigated, and it was discovered that there were flaws at the technological, independent variable, and corporate level (Wager, Lee& Glaser, 2017). In KP, the departments were different entities with different set guidelines, procedures, and missions. With each department incapable and untrained to function as a team, the other departments functioned as separate businesses rather than as conjoined subunits of the IT department. With such coordination in the Organization, the probability of it happening again is higher as it is vulnerable to cybercrime attacks.

What role should the administrative leadership of Kaiser Permanente take in ensuring that KP Online is secure? Apart from security and HIPAA training for all personnel, what steps can be taken at the organizational level to improve the security of KP Online?

To keep KP online safe, the institution's executive administration should devise a framework that safeguards medical information and its IT assets, such as networks, servers, code, and apps. Third-party threat monitoring aids businesses in making better use of their assets and putting in place security procedures. The system should follow the policies and procedures set by HIPAA Security rules (Srinivasan, 2016). KP should verify the implementation of security measures, and the administration should seek input from the client's band should consult legal counsel and technicians. Employees should avoid non-secure internet sites, do not exchange credentials, install illegal software, do not use KP's computers for personal gain, and protect hardware from theft to increase KP's security. To avoid data leaking, the Organization can do behavioral analysis on all personnel who have access to classified data. The corporation can begin using behavioral analytics and conduct compliance-based monitoring.