Answer:
Question: Find two examples of data/security breaches that resulted in theft/loss/exposure of confidential data, preferably data related to health care.
Answer:
1. TRICARE United States, in 2011:
2. University of Washington Medicine, in 2018
Question: Describe the incidents
Answer:
1. TRICARE:
As a health care program of the United States Department of Defense Military Health System, TRICARE being overseen by Science Applications International Corporation (SAIC), the defense break also came through an employee of SAIC, the tapes that stores vital information of personnel were physically stolen, and these tapes contain vital information such as the Social Security numbers, phone numbers, prescriptions, of millions of active and retired military personnel.
2. University of Washington Medicine:
Database which contains important data of over hundred thounsands patients were exposed as a internal files were able to be accessed to the public when searched on the internet as those files appeared saved in search results on search engine.
Question: explain what could have been done to prevent or mitigate them
Answer:
The following would prevented or mitigated the attack:
1. For security breach on TRICARE:
i. The security software should be updated.
ii. Data should be encrypted to further protect it.
iii. The data protection security policies should be reviewed to prevent future attacks.
2. For security breach on University of Washington Medicine:
i. There should be effective risk assessment that would data vulnerabilities.
ii. There should be a limit on internal human error, and sharing of data without adequate protection, encryption should be stoped.