Information Security Article Evaluation: Henry Ford Health System Hospital
Information Security Article EvaluationDerek MatthewsCMGT/44109/08/2014Roger ElrodInformation Security Article EvaluationIntroduction
Security is the main concern for all enterprises and organizations. They have to monitor and manage all elements within the organization. Security breaches can cause harm to any organization by taking confidential information and giving that information to an outside source. The context of personal information is displayed by dates of birth, social security, names, and other ways to confirm him or her identity. A breach of security can bring pain to the pockets of any organization and injure one’s assets. This paper will explain the impacts a security breach can have on an organization, mainly within the Urology Medical office at the Henry Ford Health Systems hospital in Detroit, Michigan and will recommend strategies that will assist in avoiding future incidents.
Event Background
The day of September 24, 2010, an unidentified individual walked into Urology office at the Henry Ford Health Systems hospital, the door was unlocked. A laptop was stolen, but it did have password protection software, the protection it provided was not to complex a person that had advanced knowledge of computers will still be a threat. The information that was stored on the laptop did not provide …show more content…
patients social security numbers or health insurance information, but did provide “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). No one can provide an accurate number of how many records were actually contained, but we do know all records were related to prostate services that were provided during an eleven year span.
Response to incident
When the laptop was notice being missing Meredith Phillips, who is the chief privacy officer at the hospital. He notified all patients involved via a letter by mail and offered each of them a free one-year credit monitoring service (Henry Ford Health System, 2010). The hospital created a telephone helpline (Toll-free), that will assist in the concerns of the patients, it will also initiate an investigation to determine the appropriate security was implemented and followed. All employees were re-trained in security procedures and awareness is being developed to prevent future events that such as this one from happening again.
Recommendations
Henry Ford hospital should take the following steps that will provide better security and stop future security breaches. The action that should be taken to ensure that security breaches do not occur and will assure the safety for all hospital staff is to implement the following: Training classes, Physical security, Access cards, and Shut-down activation system.
Training classes
Employees need to keep up to date on all procedures, especially the changing of security issues.
Training classes should be policy and standard. We can provide flexible scheduling for the training classes, so it can be more convenient to the staff and there are no excuses of why he or she is not up to date. We will provide registration logs to sign on, but if your name is on that session, you cannot miss. We will be implementing a computer sign in, which will require a password and user ID. This is to ensure the identity of he or she, which prevents falsification of attendance recordings and guarantee that employees are attending the training
sessions.
Physical security
Like banks money and documents are secured in an electronically locked room. The only way to gain access is by having an access card, password, the combination, manager approval, a key, and etc. You are at work and have to use a specific piece of equipment, which requires you to sign out the equipment using your company identification card to confirm it is in your property. Now you are responsible for this equipment, if anything was to happen to the equipment, you will have to face the penalties. The sign out method eliminates the wrong individual being blamed. If the Henry Ford Hospital had a security measure implemented, they would have known exactly who is responsible for the loss of the laptop and appropriate disciplinary action could have been taken against that employee.
Access cards
The electronic doors will be used to utilize the access cards installation will prevent unauthorized access in areas such as offices, residences, or places where the client foot traffic will not allow or limit access to the employee. The access cards will be similar to credit cards, it will have the colors yellow, green, and black. Each employee will be assigned their own access card. The employees has to swipe the card across the scanner, the scanner will record the date, time, department, and employee name, on every swipe and stored in the database. This will allow to track all traffic of each employee. We could also use electronic keypads for each door that will require a 15 digit code in order to gain access and can only be given to upper management to limit access.
Shut- down activation
The Neonatal Intensive Care Units uses a shut-down and lock system, all property contains an electronic chip or tag that can cause a lock-down of the section or floor if property is taken beyond certain protection points. There is an electromagnetic area where property can pass through and automatically shut-down, by activating the signal from the chip or tag. If you want to remove the lock-down status the property taken must be recalibrated at the security station, which is located centrally on each floor of the hospital.
Conclusion
Security breaches are harmful, damaging, and costly. Breaches can occur in any aspect of our personal or professional lives and fields. A security breach should be priority one and handled immediately, because this will determine if future breaches at the same level will occur again and again. Henry Ford Hospital and staff responded rapidly to the incident, which will only help the hospital in keeping the information secure, which includes patients from possible identity theft and avoid lawsuit issues. Hope my recommendations help prevent this event from happening again.
References
Henry Ford Health System (2010). Urology Patients’ Health Information Compromised. Retrieved January 06, 2011, from http://www.henryford.com/blank.cfm?print=yes
&id=46335&action=detail&ref=1201.
Moscaritolo, A. (2010, November 22). Sensitive laptop stolen from Detroit hospital. SC Magazine, p. 1.
Security is the main concern for all enterprises and organizations. They have to monitor and manage all elements within the organization. Security breaches can cause harm to any organization by taking confidential information and giving that information to an outside source. The context of personal information is displayed by dates of birth, social security, names, and other ways to confirm him or her identity. A breach of security can bring pain to the pockets of any organization and injure one’s assets. This paper will explain the impacts a security breach can have on an organization, mainly within the Urology Medical office at the Henry Ford Health Systems hospital in Detroit, Michigan and will recommend strategies that will assist in avoiding future incidents.
Event Background
The day of September 24, 2010, an unidentified individual walked into Urology office at the Henry Ford Health Systems hospital, the door was unlocked. A laptop was stolen, but it did have password protection software, the protection it provided was not to complex a person that had advanced knowledge of computers will still be a threat. The information that was stored on the laptop did not provide …show more content…
patients social security numbers or health insurance information, but did provide “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). No one can provide an accurate number of how many records were actually contained, but we do know all records were related to prostate services that were provided during an eleven year span.
Response to incident
When the laptop was notice being missing Meredith Phillips, who is the chief privacy officer at the hospital. He notified all patients involved via a letter by mail and offered each of them a free one-year credit monitoring service (Henry Ford Health System, 2010). The hospital created a telephone helpline (Toll-free), that will assist in the concerns of the patients, it will also initiate an investigation to determine the appropriate security was implemented and followed. All employees were re-trained in security procedures and awareness is being developed to prevent future events that such as this one from happening again.
Recommendations
Henry Ford hospital should take the following steps that will provide better security and stop future security breaches. The action that should be taken to ensure that security breaches do not occur and will assure the safety for all hospital staff is to implement the following: Training classes, Physical security, Access cards, and Shut-down activation system.
Training classes
Employees need to keep up to date on all procedures, especially the changing of security issues.
Training classes should be policy and standard. We can provide flexible scheduling for the training classes, so it can be more convenient to the staff and there are no excuses of why he or she is not up to date. We will provide registration logs to sign on, but if your name is on that session, you cannot miss. We will be implementing a computer sign in, which will require a password and user ID. This is to ensure the identity of he or she, which prevents falsification of attendance recordings and guarantee that employees are attending the training
sessions.
Physical security
Like banks money and documents are secured in an electronically locked room. The only way to gain access is by having an access card, password, the combination, manager approval, a key, and etc. You are at work and have to use a specific piece of equipment, which requires you to sign out the equipment using your company identification card to confirm it is in your property. Now you are responsible for this equipment, if anything was to happen to the equipment, you will have to face the penalties. The sign out method eliminates the wrong individual being blamed. If the Henry Ford Hospital had a security measure implemented, they would have known exactly who is responsible for the loss of the laptop and appropriate disciplinary action could have been taken against that employee.
Access cards
The electronic doors will be used to utilize the access cards installation will prevent unauthorized access in areas such as offices, residences, or places where the client foot traffic will not allow or limit access to the employee. The access cards will be similar to credit cards, it will have the colors yellow, green, and black. Each employee will be assigned their own access card. The employees has to swipe the card across the scanner, the scanner will record the date, time, department, and employee name, on every swipe and stored in the database. This will allow to track all traffic of each employee. We could also use electronic keypads for each door that will require a 15 digit code in order to gain access and can only be given to upper management to limit access.
Shut- down activation
The Neonatal Intensive Care Units uses a shut-down and lock system, all property contains an electronic chip or tag that can cause a lock-down of the section or floor if property is taken beyond certain protection points. There is an electromagnetic area where property can pass through and automatically shut-down, by activating the signal from the chip or tag. If you want to remove the lock-down status the property taken must be recalibrated at the security station, which is located centrally on each floor of the hospital.
Conclusion
Security breaches are harmful, damaging, and costly. Breaches can occur in any aspect of our personal or professional lives and fields. A security breach should be priority one and handled immediately, because this will determine if future breaches at the same level will occur again and again. Henry Ford Hospital and staff responded rapidly to the incident, which will only help the hospital in keeping the information secure, which includes patients from possible identity theft and avoid lawsuit issues. Hope my recommendations help prevent this event from happening again.
References
Henry Ford Health System (2010). Urology Patients’ Health Information Compromised. Retrieved January 06, 2011, from http://www.henryford.com/blank.cfm?print=yes
&id=46335&action=detail&ref=1201.
Moscaritolo, A. (2010, November 22). Sensitive laptop stolen from Detroit hospital. SC Magazine, p. 1.