Write an essay analyzing explaining how hackers benefit from stealing medical records. Use an example from the news.
Peer 1:
respond to student summary below (sravan)It is very important to maintain and secure patient records in health care industry and Redaction plays a key role. It is healthcare provider responsibility to maintain privacy and accuracy of patient records with complete confidentiality. With HIPAA (Health Insurance Portability and Accountability Act) expansions, providers or others who manage the release of information should be more vigilant and their process should meet law requirements and serve the interest of the patient. HIPAA has given the privacy confidentiality and security of data by HITECH (Health Information Technology for Economic and Clinical Health) Act. “A significant rise in HIPAA enforcement is underway now that the regulation has matured, and enforcement of breaches is occurring at a more rapid pace — driving healthcare’s leaders to increase IT spend to implement systems that better protect their patient’s health information, according to the research firm Gartner.”1 The HIPAA privacy rule applies to all types of electronically done health care transactions, created a standard for the health care records and patient personal information. The rule also applies to any type of information which limit the information being sold or shared without patient authorizations. The privacy rule is designed for redaction methods: a qualified expert to the removal of specified individual identifying information or the absence of actual information that could be used to identify an individual. As per the standard’s patient information like Name, Address, phone number, SSN, Medical history, Payment Information, Biometrics etc. are considered confidential and should be secured. Many Organizations continue to use the manual process where there is a liability of manual error. Automated redaction process reduces the error and makes the process simple includes the streamline and audit of records. The Automated process allows the scan forms and documents to search for the specific fields and parts of data using the software algorithms by removing them or masking the data will be processed in the records. The redaction increases the security and managing the data gives the best solution from the audits and fines which has more oversight of the records. Hospitals and medical research rely on data not only for reporting also to analyze records to serve better, but the integrity of the data shouldn’t lose. The data integrity of data in medical records should be in a distributed database having the primary and secondary keys. This can be done under CCD’s (Continuity of Care Documents) with more security and privacy advantages. The use cases include in giving selected patient data with signature who access the data using the signed for the required information. Research needs approval for obtaining the records for their particular study under the supervision might be allowed with various levels of redaction. The validity of accessed data with private keypairs for access the data for the study be maintained with redactable signs. “Results show that manipulating redactable CCDs provides superior security and privacy with little computational overhead.”2The Health care records of every person must be tokenization and masking based on the patient data. For example, if the personal information like Name, Address, SSN and reason of visit must be tokenization to the patient unique number. The health records where sensitive data and free text fields like a health issue, pre exiting conditions, type of treatment must be masked with some other info as per the rules. Data must only be accessed with patient authorizations. “Encryption is vital to protect your patient’s data. Although HIPAA regulations don’t specify the necessary encryption, industry best practice would be to use AES-128, Triple DES, AES-256, or better.”3
Peer 2:
student summary (satish)It is just about a week after week event that an organization declares they have endured an information rupture. Other than this, the expense to the individual influenced by such a rupture can be covered up inside the sheer extent of these enormous numbers. At the point when money related information is taken, for example, MasterCard numbers and other record data, programmers can either utilize the information to clone cards and make fake purchases. Or on the other hand they can sell the information on Dark Web so others may do likewise or submit data fraud. “We live in what’s called an open society which of course means they open our emails, open our phone records and open our medical records.´- Jay Leno.In 2018, this production secured the information rupture influencing SingHealth where 1.5 million patients’ therapeutic records were spilled including the leader of Singapore. Not long ago we likewise secured who may be answerable for the rupture and ensuing hole of data. This all makes one wonder with respect to for what reason do programmers need this data. Therapeutic information can incorporate all information identifying with at various times wellbeing conditions, drug store remedies, emergency clinic records, protection subtleties, and online restorative record accreditations.Medicinal data can procure the programmer three fold the amount of because of its unchanging nature. Such records are viewed as not been inclined to change. Monetary information, for example, MasterCard subtleties can without much of a stretch be changed through the giving of another card and that cards have lapse dates. Restorative records don’t change rather just added to after some time. It isn’t just programmers and cybercriminals who are after such records. Country state on-screen characters can utilize the information so as to bargain and coerce people who might be regarded high-esteem targets.The report additionally incorporated a review dependent on meetings with various CISOs and medicinal services associations. As indicated by the exploration, 66 percent of associations said digital assaults have turned out to be progressively refined over the previous year, and beside information burglary, 45 percent of organizations said they’ve experienced assaults which are centred around data decimation over the most recent a year. “Could artificial intelligence end the electronic Medical record nightmare?” – Thomas Carper.Medical records additionally contain the most important data accessible, including Social Security numbers, personal residences and patient wellbeing accounts – making them more significant to programmers than different sorts of information, as per the examination by the Brookings Institution’s Centre for Technology Innovation. Since cybercriminals can sell information for a premium on the bootleg market, programmers have a major motivator to concentrate their assaults on the medicinal services industry. At the point when an assault occurs, the reinforcements can be utilized to re-establish the information. Social insurance associations have additionally been delayed to instruct workers about the risks of cyber attacks, and to oversee who in an association approaches basic frameworks that store delicate information. In any case, while social insurance substances can turn out to be progressively proactive about security, cyber attacks will just develop increasingly modern. For instance, programmers as of late conveyed a phishing assault against Amazon Prime clients that was veiled as transportation affirmation messages. “The current medical records system is this: room after room after room in a hospital filled with paper files.”- Timothy Murphy.