Case study : Members can use KP online to request appointments, prescription ref
ID: 3868495 • Letter: C
Question
Case study : Members can use KP online to request appointments, prescription refills obtain health care services information. there was a serious breach in the security of KP online pharmacy refill application. Programmers wrote a flawed script that actually concatenated over 600 individua email messges containing indivual identifiable patient information instead of separating them as intended. As aresult 19 members received email messages with private information about multiple other members. The caused of breach uncovered issues at the technical , indiidual group and organization levels. KP use web tools , applications and processes. The pharmacy module was evaluated and tested in environment and tthe individual level 2 programmers worked to fix the problem, failed to adequately test code they produced as a patch for the pharmacy application.
1. As a member of the crisis team put in place to respond to this security breach, what are two administrative, physical, and/or technical security safeguards that you would recommend be put in place? Why and how would you go about doing so?
2. What approach to information technology governance do you think would work best in addressing this situation? Why do you think that that approach would work better than other approaches? Explain your reasoning.
Explanation / Answer
1) The first and farmost obvious administrative thing to do will be to go out in fornt of the media and accept that someone utilized a security flaw in your system and data is messed up , so that no more people mail and get bad information and no online transactions take place. A sorry for the current situation will also help.
Technically cut off all mailing support , registration support and web tools support , then check the most recent backup of your database and check it for any such problems as a malacious tools / scripts and viruses.
If the database is clean then wipe off your current database and import the backup.Stop using third party web tools that are available in the market for free or very small price as they are generally more pron to be found in such a situation.
You should do these things because :-
2) The people who breached the system clearly knew what was going behind the scene in a really clear way and that never is a good thing as to making a simple script do this damage is the sign that highlights a really big problem , that is indepandency of web application software. Hiring a team of professional analyst and system testers would be the best thing to do in such a situaton as to identity where the flaw is , find a solution to that. Further more we will find mores such possible furture break points that could cause the system to break and patch them in home analysis. This will make the system stronger in all forms . Second a cyber attack team should be made inside the company itself for any such attacks in the future , so that monitoring of the system can be done and actions can be taking more quickly.