Metro healthcare provides healthcare services across Australia with Melbourne and Sydney as the headquarters. Metro deploys a complex networked information system that seamlessly integrates the hospital Internet and Intranet. The eSolution division is responsible for the management of the information system (patient health records, administrative records, personnel records, etc.) and the infrastructure at the headquarters. Metro employs about 500 personnel that include permanent employees and contractors (doctors, nurses, technologists, administrators, IT staffs, etc.). The personnel system maintains employee details such as, name, date of birth, marital status, academic qualifications,professional qualifications, previous employment details, pay, etc. The patient system is maintained primarily to provide patient care. It contains sufficient information to identify a given patient, support the diagnosis, justify the treatment, document the course and results of treatments, and facilitate the continuity of each patient's care. It is also used for financial and other administrative processes, outcome measurement, research, education, patient self-management, disease prevention, and public health activities. Metro uses state-of-art security solutions such as antivirus products, firewalls with built-in intrusion detection and prevention features, host-based intrusion detection system (IDS) installed on critical servers, authentication devices such as bio metric smart cards and encryption algorithms for protecting sensitive records. Also, workstation left inactive for more than 2 minutes self-lock automatically and users must sign-in to activate it.
SET TASKS
1. List and explain two different possible and credible ways that the patient data could leak out.
2. Given the mission statement of Metro shown below, explain how information security management helps Metro to realize its mission."Metro's mission is to provide high quality health care services to mental illness patients in a least restrictive and non-stigmatizing environment."
3. Describe why having firewalls with built-in intrusion detection and prevention without a formal incident response plan has little value to Metro healthcare.