Patient Records Breached at Geisinger Health. Computer Forensics Can Aid in Evidence Collection
Recently, Geisinger Health Systems revealed beach of information related to around 2,928 patients. The data revealed includes Protected Health Information (PHI) of patients.
(prHWY.com) January 3, 2011 - -, NM -- Recently, Geisinger Health Systems revealed beach of information related to around 2,928 patients. The data revealed includes Protected Health Information (PHI) of patients. The information was reportedly sent by a gastroenterologist from his work computer to his personal computer. The transmission was unencrypted. In this case, the transmitted information included medical record numbers, procedures, treatment information and health indications. Usually, PHI information also includes past and present health status, future indications, patient account information and social security numbers among others. Such information may be misused by offenders to misrepresent individuals and gain unauthorized benefit.
Usually, experts who have undertaken computer forensic training
help organizations in tracking the offender. Computer forensic experts use procedures such as imaging and cryptographic hash verification to detect alteration of files and folders. In this case, professionals at Geisinger were able to detect unauthorized transmission of information. The physician cooperated with the authorities and deleted the information from his computer. Home email provider was also informed and requested to delete the email from their server. Fortunately, there was no malicious intention behind unauthorized disclosure of sensitive information by Geisinger employee. However, in most cases, cybercriminals use sophisticated techniques to intrude into computer systems and networks. Also, improper monitoring mechanisms may fail to detect unauthorized access and data breaches by insiders in an organization. It is important to punish cybercriminals to prevent recurrence of such crimes. Therefore, it is important to collect evidence, which is legally admissible in a court of law.
The affected systems must be quarantined to prevent tampering and modification of evidence. IT Department must have professionals with knowledge of computer forensic procedures to ensure protection of evidence. Organizations may encourage IT professionals to undertake [url= http://iclass.eccouncil.org/index.php?option=com_content&view=article&id=73&Itemid=106]computer forensics online training programs offered by universities and institutions offering security certifications to update themselves on the latest techniques, tools and best practices.
Individuals, government institutions, media and all forms of business organizations are affected by cybercrime. Recent events such as WikiLeaks disclosure, attack on university websites and state-sponsored attacks indicate the serious threats emanating in the cyberspace. Universities and educational institutions must encourage students to undertake computer forensics courses
to deal with sophisticated crime as well as to meet future requirements of IT professionals.
EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. "Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation" as stated by EC-Council's Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
Web Site: http://www.eccouncil.org
6330 Riverside Plaza Ln NW
Albuquerque, NM 87120