+1 862 207 3288 respond to each of the following post. (2 response needed on for each post.)Post are in reference to security breach.
Community Health Systems reported information on 4.5 million patients was stolen in a cyber-attack that may have started in China in August 2014. CHS operates, owns, and leases 206 hospitals across 29 different states; confirmed that anyone who has been a patient at any of CHS facilities for the past five years may have been impacted by the data breach. Essential and confidential information such as names, birth dates, social security numbers, telephone, and address may have been obtained by hackers. However, in a filing with the Securities and Exchange Commission, the company reported no medical or clinical information or credit card were taken.
CHS describes the attacks as incidents in which hackers utilized highly sophisticated technology and malware to attack its system and because of that attackers were able to bypass its security measure to access the personal and confidential data of millions of patients however other sources closer to the investigation describe the incidents differently. According to the sources, CHS’s system was hacked through a test server that was never planned to be connected to the Internet at all. Due to the lack of the Internet connectivity and the internet was not examined thoroughly, the security features that should and would be deployed in a live production server were not installed on the test server. Unfortunately, sensitive VPN credentials were stored in the memory of the test server, the hackers could access the test server via Heartbleed bug and acquired those VPN credentials when it became connected to the internet. Then, hackers utilized these credentials to access CHS’s system and steal several of patients’ personal information. Basically, CHS organization should have expected this incident to occur.
Multiple cases of data breaches reported daily nowadays, the danger lies in the potential for complacency in those responsible with supervising the implementation, maintenance, and design of cyber-security measure to protect those collected data from patients by healthcare organizations. In other words, those in charge for cooperate leadership and governance in cyber security will become passively resigned to the perceived inevitability of a data breach instead of systematically reviewing and changing the company’s cultural approach to cyber security and risk management.
The healthcare industry has created and developed as it must procedures, redundancies, and policies to protect patients from mistake made in medical treatment context. There have been a few methods and policies implemented to investigate a security breach that occurs in the healthcare organization. If this security breach occurs due to lack of security and policies and standards information by the organization, the organization might have to pay a fine or shutdown. In the CHS incident, the organization was at fault because it could have been easily prevented if the test server was secured and inspected thoroughly. The organization should have performed a risk assessment to ensure the data stored in the memory of the test server would be protected as soon as the internet connected.
Security breaches affect a number of industries, Sabre Corp, a hospitality giant located in Southlake,Texas disclosed in the early weeks of May that there was a significant security breach of payments and customer data tied to bookings that were processed via their reservations systems Synxis Central Reservation Systems that caters to more than 32k hotels and lodging institutions.
The Synxis’s reservations system is mainly a inventory management application enabling the various establishments the ability to support inventory and distribution for the sake of exceeding their business goals. Sabre is teaming up with Mandiant a forensics organization in investigating this security occurrence. Sabre’s software connects suppliers and buyers and processes more than $110 billion on estimated travel expenditures; even a small portion of travelers transactions could significantly affect customer credit cards in that brief period(KrebsOnSecurity,2017).
The revelation of a progressing breach arose initially through the Intercontinental Hotel Group(IHG), a parent entity that oversees about 5,000 hotels including Holiday Inn. One security website KrebsonSecurity reporter in December 2016 that customer credit cards were being sold to fraudulent parties, IHG however did not report this publicly until February 2017, and more than 1,200 establishments have been affected to date.
The Data Breach Investigations Report(DBIR) states that point of sales systems commonly found at front desk or hotel restaurants are constantly being comprised by malware attacks. Hackers plant malicious software within these applications, and can capture every card swiped via remote access. This information can then be sold to data thieves who are mavens in encoding personal data on any card with a magnetic stripe, and use the cards for purchasing expensive tech gadgets.
Card theft in many well known hotel chains have been disclosed publicly within the last year. The few have been “KimptonHotels,TrumpHotels,Hilton, Mandarin Oriental,Starwood Hotels, Hyatt, and White Lodging”(KrebsOnSecurity,2017).
Since this is an ongoing issue in many industries it may be best to consider looking at other secured point of sales softwares that can be tested for an extended period of time, which then can be piloted for a brief period of time in order to identify advantages or disadvantages of the system. Encryption of the software is another approach that could limit access from potential hackers. If one of the two recommendations were attempted at the beginning prior to installing the point of sales systems I feel that there would have been a decreased number of affected hotels.
