Case Study: Breaching The Security of Internet Patient Portal In August 2000, there was a serious breach in the security of the KP online pharmacy refill application.
computer science
Description
Case Study: Breaching The Security of Internet Patient Portal In August 2000, there was a serious breach in the security of the KP online pharmacy refill application. Programmers wrote a flawed script that actually concatenated over 800 individual email messages containing individually identifiable patient information, instead of separating them as intended. As a result, 19 members received email messages with private information about multiple other members. Kaiser became aware of the problem when 2 members notified the organization that they had received the concatenated email messages. Kaiser leadership considered this incident a significant breach of confidentially and security. The organization immediately took steps to investigate and to offer apologies to those affected. On the same day the first member notified Kaiser about receiving the problem email, a crisis team was formed. The crisis team began a root cause analysis and a mitigation assessment process. Three days later Kaiser began notifying its members and issued a press release. As a member of the crisis team put in place to respond to this security breach, what are two administrative, physical, and/or technical security safeguards that you would recommend be put in place? Why and how would you go about doing so? What approach to information technology governance do you think would work best in addressing this situation? Why do you think that that approach would work better than other approaches? Explain your reasoning.
