Wednesday, May 6, 2020

Data Compromised in Bronx Lebanon †Free Samples to Students

Question: Discuss about the Data Compromised in Bronx Lebanon. Answer: Introduction According to (Techopedia, 2017) a computer security breach is any event that results in unapproved data, applications, services, networks and device access by circumventing their primary security tools. A security breach transpires when a person or a system unlawfully intrudes private and unauthorized IT systems. Technology is increasingly advancing, but so is cybercrime. The number ofdata breachestracked by June 2017 has increased by over 700 records, compared to 2016 in the same period of time (Urrico, 2017). The number is expected to rise to about 1,500 by the end of the year. This report discusses two recent computer data breaches in two parts; Part A comprises of the Bronx-Lebanon hospital data breach that occurred in May 2017. Part B contains of the latest ransom ware cyber-attack that also happened in May 2017. In May 2017, Bronx Lebanon Hospital Center based in New York City was infiltrated revealing the medical records of thousands of users. The breach exposed at least 7000 patients records (Cohen, 2017). The leaked data unveiled patients records between 2014 and 2017 including HIV statuses, medical health diagnoses, domestic violence and sexual assault reports alongside patient names, social security numbers, physical addresses, religion and addiction history (Cohen, 2017). The Bronx Lebanon Hospital data breach occurred after a Rsync backup server used to transfer and synchronize files through computer systems, hosted by iHealth Solutions, a third-party records management provider, was left in a vulnerable state(O'Hara, 2017). iHealth was managing the medical records for the Hospital. The Rsync server is said to have been misconfigured and was therefore at a great security risk. (Sehgal, 2017) . This left the server exposed making it an easy target for hacking. The attacker was able to hack into the backup server hosted by iHealth, and expose patients records (Sehgal, 2017). It is not known the actual length of time patient records were exposed. According to a statement by iHealth, only one person gained unapproved access to the records and theres no indication the records have been used inappropriately. It is not yet clear why the attacker hacked into the server containing patients records. However, hackers are increasingly targeting health care industries because of the following reasons. First, health industries store large volumes of personal information that could be used for financial fraud including names, social security numbers, and payment details (Davis, 2016). They also hold personal insurance facts, which can be peddled online in black markets and used to commit medical fraud including attaining unpaid medical care or acquiring costly medical materials (Davis, 2016). Possible solutions against the data breach attack Like stated above, technology is increasingly advancing. There are numerous emerging and disruptive technologies for businesses to adopt including accessing software, cloud space and infrastructure over the Internet. However, there are risks involved with regards to adopting technological advancements. The issue of security with upcoming technologies. The Bronx Lebanon Hospital data breach occurrence indicates trends in business organizations where such establishments implement new technology architectures, but fail to protect and secure such systems. Using a third party vendor becomes even more risky when it comes to offering security. Following are possible measures that can be implemented to secure such systems according to (Wabo, 2016) Secure all computer systems including those that may not be considered significant Train employees on how to use technologies securely without exposing them to hackers Updating security procedures occasionally. Hackers are always implementing new methods of trying to intrude systems. Updating security procedures periodically guards against attacks that result from lack of system security updates. Reduce data transfers which may be tampered with or trespassed Encrypt all company data and information Ensure that only authorized and approved persons access data and information systems Install security infrastructure for data systems Make use of passwords to reduce illegal access to computer systems Implement 2 Factor Authentication(FA) which implements a stronger layer of security that requires more than a password and a user name to include another feature that only the user knows (SecurEnvoy, 2016) Implement intrusion detection systems(IDS) to detect attempt to access computer systems Securing all network systems to ensure data intrusions and data attacks Use updated softwares in computer systems and install software patches which can make systems susceptible to attacks The May 2017 Ransom ware cyber-attack May 2017 saw a good number of countries worldwide suffer a ransom ware cyber-attackknown as WannaCry. The ransom wareis crypto worm that quickly spreads through computer systems via the Internet. The attack was directed at workstations executing operating systems from Microsoft Windows. WannaCry attacked systems by encrypting data and demanding ransom payments in form of theBit coin(BBCNews, 2017) . The attack first started on May 12, 2017, and had been reported to have infested over 220,000 computers in over 150 countries (Perlroth, Scott, Frenkel, 2017). The ransom ware, named WannaCry, encoded data on more than 70,000 computers in about 99 countries. A ransom was demanded to decrypt all the systems that were encrypted (Perlroth, Scott, Frenkel, 2017). The attack started on the Ukrainian government and business computer systems (BBCNews, 2017). The attack then spread from Ukraine, affecting computer systems around the world (Perlroth, Scott, Frenkel, 2017). European states, toge ther with Russia, were amongst the worst hit by the attack (BBCNews, 2017). The attack was contained, slowed down and stopped by the use of a kill switch by a security researcher, but the danger is not yet over (BBCNews, 2017). According to an article on the New York Times by (Perlroth, Scott, Frenkel, 2017), In Ukraine, where it all started, the attack affected Ukraines Infrastructure Ministry, the national railway company the postal service, and Ukrtelecom - one of the countrys principal communications companies. In Britain, the health care systems were affected whereby the hospitals were locked out of their systems and doctors could not call up patient files. In the UK, National Health Service (NHS) staff showed screen-shots of the WannaCry worm, which claimed a payment of about $300 in bit coin currency to decrypt computer files. The attack targeted computer systems in many other countries such as fedEx in the US. In Spain Telefonica company was a target while MegaFon in Russia was also affected (Perlroth, Scott, Frenkel, 2017). The attack spread for five days across Ukraine, and all over the world in other countries including Germany, France, Portugal, China, Indonesia, South Korea, Spain, Italy, Swe den and India among others(BBCNews, 2017). On entering computer systems, the attack would encrypt al the files and shut down the systems such that they could not be used until decryption was done by the hackers after the affected organizations paid a ransom. How was the attack carried out? It is still unclear who is behind the May 2017 global cyber- attack. However, the tool that made the attack possible is alleged to have been established by USs National Security Agency (NSA) to make use of a flaw originating from Microsoft's Windows operating system (Rizkallah, 2017). This exploit, identified as Eternal Blue - was taken by Shadow Brokers, a group of hackers who made available freelyin April as a way of protesting against President Donald Trump. The WannaCry ransom ware spreads by means ofEternalBlue, a flaw in some of the rules of WindowsServer Message Block(SMB). The attack was initiated through a phishing attack. Once it affected a computer system, it then spread across computer systems as a computer worm. The attack hit users and organizations that were still using old Microsoft Windows operating systems. Those who were still executing old versions ofMicrosoft Windows that the company is no longer supporting, including Windows XP operating system andWindows Server 2003, were originally at risk. However, Microsoft was able to release an alternative security patch for these operating systems (Warren, 2017). Practically, all the organizations hit by the cyber-attack were runningon Windows 7. Some measures that could have been used to prevent the attack include software patches. The security patch released by Microsoft was able to protect the computers against the attack if they were updated by installing it (BBCNews, 2017). The corruptions seemed to be arrayed via a computer worm that was spreading about on the Internet. Securing computer network systems would also have prevented the attack. It was reported that the attack started as a phishing email attack. Training users on system secu rity would have also helped avoid such an attack since users would be able to detect authorized from unauthorized parties. Conclusion Computer technology keeps emerging. Newer technological advancements are developing every other day. Technologies such as the Internet of things only makes many more interconnections, which increases system and computer networks vulnerabilities. Increasing technology also means increased computer attacks. Cyber security which is a body that comprises of tools, procedures and technologies aimed at protecting computers programs and systems from attack, damage or unauthorized access is growing increasingly(Rouse, 2016). According to Forbes, the global cyber securitymarket extended to about $75 billion in 2015and is projected to reach above $160 billionby 2020(Rizkallah, 2017). Organizations cannot afford to secure some systems they consider important and leave out others. Businesses have to implement secure systems to safeguard their data and information. Lack of which puts them under high risks of information loss and manipulation. Companies have to install security policies and proce dures to be able to prevent future data breaches. Also, companies should invest in training employees on how to deal with securing their systems as a lot of hackers use either phishing or social engineering attacks to acquire log in details from unsuspecting employees. This is the only way to prevent and be in a position to deal with such attacks when they occur. References BBCNews. (2017, May 13). Cyber-attack: Europol says it was unprecedented in scale. Retrieved from BBC News: https://www.bbc.com/news/world-europe-39907965 Cohen, J. K. (2017, May 11). 7,000+ people affected in New York hospital data breach: 4 things to know. Retrieved from Beckers Healthcare: https://www.beckershospitalreview.com/healthcare-information-technology/7-000-people-affected-in-new-york-hospital-data-breach-4-things-to-know.html Davis, T. (2016, March). Why hackers want your health care information, and how easy it is to get. Retrieved from Dallas News: https://www.dallasnews.com/business/health-care/2016/03/28/why-hackers-want-your-health-care-information-and-how-easy-it-is-to-get O'Hara, M. E. (2017, May 10). Thousands of Patient Records Leaked in New York Hospital Data Breach. Retrieved from NBC News: https://www.nbcnews.com/https://www.nbcnews.com/news/us-news/thousands-patient-records-leaked-hospital-data-breach-n756981 Perlroth, N., Scott, M., Frenkel, S. (2017, June 27). Cyberattack Hits Ukraine Then Spreads Internationally. Retrieved from New York Times: https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html?mcubz=0 Rizkallah, J. (2017, August 25). The Cybersecurity Regulatory Crackdown. Retrieved from Forbes: https://www.forbes.com/sites/forbestechcouncil/2017/08/25/the-cybersecurity-regulatory-crackdown/#4c8f13674573 Rouse, M. (2016). cybersecurity. Retrieved from TechTarget: https://whatis.techtarget.com/definition/cybersecurity SecurEnvoy. (2016). What is 2FA? Retrieved from Secur Envoy: https://www.securenvoy.com/two-factor-authentication/what-is-2fa.shtm Sehgal, S. (2017, May 19). Over 7,000 Patients Data Compromised in Bronx Lebanon Hospital Data Breach. Retrieved from https://securingtomorrow.mcafee.com/business/7000-patients-data-compromised-bronx-lebanon-hospital-data-breach/ Techopedia. (2017, August 26). Security Breach. Retrieved from Techopedia: https://www.techopedia.com/definition/29060/security-breach Urrico, R. (2017, August 26). Top Data Breaches of 2017. Retrieved from Credit Union Times: https://www.cutimes.com/2017/07/21/top-data-breaches-of-2017 Wabo, B. (2016, October 11). 14 Ways to Prevent Data Breaches in Your Organization. Retrieved from A-lign.com: https://www.a-lign.com/14-ways-prevent-data-breaches-your-organization/ Warren, T. (2017, May 13). Microsoft issues highly unusual Windows XP patch to prevent massive ransomware attack. Retrieved from The Verge: https://www.theverge.com/2017/5/13/15635006/microsoft-windows-xp-security-patch-wannacry-ransomware-attack

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.