IT Case Exercise

Order Description General case exercise: The Choice Care Health Group (CCHG), in" rel="nofollow">in operation for over 30 years, is made up of 12 general practitioners (GPs) who also function as family physicians. The front desk uses four termin" rel="nofollow">inals to schedule patients and to complete billin" rel="nofollow">ing tasks. In addition, the termin" rel="nofollow">inals are connected to two centralized personal computers that run an old version of the Lin" rel="nofollow">inux operatin" rel="nofollow">ing system. They are also connected to several older prin" rel="nofollow">inters used to prin" rel="nofollow">int billin" rel="nofollow">ing forms and other pertin" rel="nofollow">inent fin" rel="nofollow">inancial in" rel="nofollow">information. This system was in" rel="nofollow">installed almost 12 years ago by a local computer busin" rel="nofollow">iness that has sin" rel="nofollow">ince closed. CCHG has hired Mary Jordan, a certified Healthcare Information Security and Privacy Practitioner, to help them determin" rel="nofollow">ine what their needs are and gradually in" rel="nofollow">introduce new technology. Mary and Jake Thomas, the CCHG office manager, have been meetin" rel="nofollow">ing to discuss the technologies that CCHG might want to consider purchasin" rel="nofollow">ing and in" rel="nofollow">installin" rel="nofollow">ing. Mary also met with the GPs about how implementin" rel="nofollow">ing new technologies could benefit CCHG. Although they are in" rel="nofollow">interested in" rel="nofollow">in new technologies that can help CCHG, several voiced concerns about security. One GP’s home computer was recently the victim of a virus attack. Although the damage was min" rel="nofollow">inimal and the system was restored, it still has made him very cautious about the security of the computers at CCHG. The GP wants to know what security protections CCHG needs to protect the computers and in" rel="nofollow">information from attackers. How will Mary respond? Assume you are in" rel="nofollow">in Mary’s position as the consultant. For this case, complete the followin" rel="nofollow">ing: 1. What type of attacks should CCHG protect itself again" rel="nofollow">inst? Lists at least four different attacks, how they could impact CCHG if successful, and what CCHG should do to protect its in" rel="nofollow">information from these attacks. 2. Jake is particularly concerned about phishin" rel="nofollow">ing attacks because there is no technology that can be used to stop them. He has asked Mary to create a train" rel="nofollow">inin" rel="nofollow">ing session for CCHG’s employees. Research the Internet regardin" rel="nofollow">ing phishin" rel="nofollow">ing attacks and defenses. Develop a bullet list that describes phishin" rel="nofollow">ing, how to recognize a phishin" rel="nofollow">ing attack, and what employees should do in" rel="nofollow">in the event of an attack. 3. Jake also tells Mary that CCHG’s data backup system does not always function properly. What type of data backup would you suggest for CCHG? 4. How can Mary the Healthcare Information Security and Privacy Practitioner (HCISPP) in" rel="nofollow">in this scenario most effectively communicate the risk to CCHG senior management?