Identify and define your assigned breach.
Phishing is the most common method for hackers to get access to
patient information. Phishing is used to gain access to usernames,
medical data, and personal system passwords for malicious
reasons. For instance, a hacker would send a link via email or
messaging to entice recipients to click on it. The malicious email will
address salary raises, free gifts, or anything that may be of interest.
When the recipient clicks the link, it opens a door for the hackers to
run malicious codes or install malware that allows them access to all
medical information in an organization (Priestman et al., 2019).
Describe the type of organization in which the breach
occurred.
Phishing occurred with a healthcare organization Lafourche Medical
Group (LMG) in Louisiana. Reportedly, a hacker utilized a phishing
attack to gain access to their system through an email, which gave
access to protected health patient information in March 30, 2021
(Olsen, 2023). Phishing is the most common hacker attack in within
healthcare organizations, and the measure of threat and the
awareness of healthcare workers remain undetermined. The
targeted communications utilized by the hackers typically rely on
tend to appear as trusted sites such as healthcare data, financial
institutions or healthcare staff (Priestman et al., 2019). For instance,
I once received and email saying, “Attached are the new salary
increases. Please click on the link and notify your manager
immediately if there is a problem with your salary increase.” I
thought to myself, “I did not know we had salary increases”. Yes, I
did click on the link, even though I noticed that the email looked
suspicious. After I clicked on the link and the information made no
sense, I realized that email was a phishing email.
Later, I received an email from the organization informing me that I
needed it to retake the cybersecurity class. I was grateful that no
harm was done.
Identify who was involved.
The issue involved the hacker, Lafourche Medical Group’s employees,
the organization, the organization’s EHR system, the 34,862 patients
with protected health information (PHI), and the U.S Department of
Health and Human Services (HHS). Lafourche Medical Group was
under the obligation to report to the HHS when a data breach
occurred related to unsecured protected health information (OCR,
2023). The regulation stipulates that all organizations are obligated
to report any breach that affects over five hundred individuals in one
day. The report should include an estimate of the individuals affected
and any other information pertaining to incident. If an incident affects
fewer than five hundred individuals in one day, the organization
Phishing is the most common method for hackers to get access to
patient information. Phishing is used to gain access to usernames,
medical data, and personal system passwords for malicious
reasons. For instance, a hacker would send a link via email or
messaging to entice recipients to click on it. The malicious email will
address salary raises, free gifts, or anything that may be of interest.
When the recipient clicks the link, it opens a door for the hackers to
run malicious codes or install malware that allows them access to all
medical information in an organization (Priestman et al., 2019).
Describe the type of organization in which the breach
occurred.
Phishing occurred with a healthcare organization Lafourche Medical
Group (LMG) in Louisiana. Reportedly, a hacker utilized a phishing
attack to gain access to their system through an email, which gave
access to protected health patient information in March 30, 2021
(Olsen, 2023). Phishing is the most common hacker attack in within
healthcare organizations, and the measure of threat and the
awareness of healthcare workers remain undetermined. The
targeted communications utilized by the hackers typically rely on
tend to appear as trusted sites such as healthcare data, financial
institutions or healthcare staff (Priestman et al., 2019). For instance,
I once received and email saying, “Attached are the new salary
increases. Please click on the link and notify your manager
immediately if there is a problem with your salary increase.” I
thought to myself, “I did not know we had salary increases”. Yes, I
did click on the link, even though I noticed that the email looked
suspicious. After I clicked on the link and the information made no
sense, I realized that email was a phishing email.
Later, I received an email from the organization informing me that I
needed it to retake the cybersecurity class. I was grateful that no
harm was done.
Identify who was involved.
The issue involved the hacker, Lafourche Medical Group’s employees,
the organization, the organization’s EHR system, the 34,862 patients
with protected health information (PHI), and the U.S Department of
Health and Human Services (HHS). Lafourche Medical Group was
under the obligation to report to the HHS when a data breach
occurred related to unsecured protected health information (OCR,
2023). The regulation stipulates that all organizations are obligated
to report any breach that affects over five hundred individuals in one
day. The report should include an estimate of the individuals affected
and any other information pertaining to incident. If an incident affects
fewer than five hundred individuals in one day, the organization
