Breaches and Regulatory Requirements Essay

Introduction

Breaches of data is proving to be the current norm irrespective of how much we try to slice it. American companies have not actively taken the move when it is about security matters. Therefore, governmental organizations are at the risk of data breaches. In the state of Utah security was compromised giving the hackers a chance to steal huge healthcare data. Formally, it was reported that the hackers accessed only 24000 files but later it was noted that the number was higher. The information that was given described that the hackers made away with data from over 780000 people and more than 280000 people had their security numbers stolen. This breach rose due to an employee who had a weak password. It is sad to see companies applying computer systems to store information but not putting stringent measures to secure the data.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

It is not a wonder that Utah was hacked. The information is valuable and hackers have known this and thus the reason they are stealing it. There is no need to of stealing credit cards when it is possible to hack state databases and get huge amounts of data. The information that is contained in databases include the names, credit cards, social security numbers telephone and home addresses and so on this information allows a hacker to steal a person's identity. Having this information, it is possible to open many credit card accounts, social security number of a person can be used in filing false tax returns or can even be sold to another person (Lohrmann, 2012). Hackers have many things that they can do with this information. It is astonishing to see how lightly the issue of ensuring the safety of data is taken. This level of ignorance to common sense would be like taking the police officers to deal with people having weapons of high capacity but our police force is only confined to one type of guns and with no bullets. This would, of course, be a losing battle if we continue trying to fight hackers without the required resources.

Preventing a Breach

The fact is that nothing fits all when it comes to how the technology works and how to secure it. The tradition of the company, the customers served by the industry and the staff play a role too. All this information is critical on how a firm sets up their infrastructure (Schumacher et al., 2013). The laws that are passed on the federal levels and the local once have played a role when the companies follow them (Hoeowitz, 2012).

HIPAA rules have to be adhered to whenever a firm is dealing with healthcare information. The HIPAA rules are classified into five standard groups with one of the most vital being the technical safeguard. Technical safeguard involves five standards namely: access control, audit control, transmission security, person authentication, and integrity (Schumacher et al., 2013). The best ways of preventing a breach are; following the HIPAA rules and putting security at the forefront of the company.

Most firms do not hire security experts even with all these attacks or if they hire, only one person and the delegate the rest to the overworked IT personnel (Hoeowitz, 2012). There are various areas where security has to be addressed from; firstly, the management has to apply the idea. Secondly, understand the human factors and continue educating the staff on the changes taking place and why they are taking place. Changes in the IT to secure the network can transform how the people work if they don't know the reason for the changes would make them not accept the changes. Thirdly the right people are needed in making security decisions. Forth, software and hardware should be installed to promote the protection of the information of the firm. The hardware can be access control systems that need access to various paths of the building to limit aces of staff in areas they need to be in (Lohrmann, 2012). Access control is scanning badges of the workers on a computer.

The two-layered method is now another approach to curbing the problem of hackers gaining access to data. Software installed in a computer can also be able to scan for abnormalities, changes on a PC or take administrative rights from the user with the exception of the software they require to run on their PCs that needs the user to have rights of an administrator (Lohrmann, 2012). Software that can scan sent outside the company to substantiate the type of the information sent.

Lastly, HIPAA rules should be followed and also set our new rules and follow them. Our guidelines should entail the separation of duties from all staff. A staff having more access to the information system and had a weak password for the system made it easy for hackers to access. Job separation protects the systems from hackers and within. Controlling the access to information systems by employees prevent huge damages. This method does not guarantee full security bet can at least reduce the risk.

Regulatory Requirements

There is no problem with the current guideline requirements. Considering an earlier explanation, there are organizations in different industries and they all work diversely. Talking about regulations, they are just ling antivirus in a computer since the virus protection always protect the software. Having a general understanding is okay but at times that does not exhaustively fix the problem. It is, therefore, the role of each worker to follow the guidelines laid down and make more guidelines for themselves to form a system that withstands attacks from hackers and with.

References

Hoeowitz, B., (2012). Health care Data Breaches Highlight Need for Security Investment. Eweek. Print. Retrieved from http://www.eweek.com/c/a/Health-Care-IT/Health-Care-Data-Breaches-Highlight-Need-for-Security-Investment-263129/

Lohrmann, D., (2012). Dark Clouds over Technology: Pondering Action after Recent State Government Data Breaches. Government Technology. Retrieved from http://www.govtech.com/blogs/lohrmann-on-cybersecurity/Dark-Clouds-Over-Technology-042212.html

Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P. (2013). Security Patterns: Integrating security and systems engineering. John Wiley & Sons.