HIPAA Security. CalOptima’s PHI Data Breach Incidence

CalOptima’s PHI Data Breach Incidence
Student’s Name
Institutional Affiliation

CalOptima’s PHI Data Breach Incidence
TO: CalOptima’s Board of Directors
FROM: [Your Name]
DATE: 2nd May 2020.
SUBJECT: CalOptima’s PHI Data Breach Incidence
For the last few decades, cases of cyber breaches have been on the rise. Cybercriminals are learning new hacking strategies every day to improve their skills, which is the reason why they identify system vulnerabilities or security loopholes in various computer networks. Institutions such as hospitals should keep updating their systems regularly. That is the only way they can prevent multiple data breach incidences since many of them arise due to the use of outdated software. As an information security expert at CalOptima, I would do several things to ensure that employees understand that they do not need to download patients’ data on portable devices or storage drives since it violates the hospital’s data handling policies and the Health Insurance Portability and Accountability Act (HIPAA).
CalOptima is investigating a public health information (PHI) breach that might have happened on 14th August 2016. One of its employees who was departing from the health institution downloaded patients’ data on an unencrypted Universal Serial Bus (USB) flash drive. Although the worker might not have shared the PHI within three days from when the individual acquired it, no one knows his or her intentions. As a security expert, I understand that no employee is allowed to carry patients’ data on portable electronic gadgets or storage devices. However, some workers engage in cyber breaches since they want to revenge or get money by selling such information in the black market. As such, it is crucial for you as the board of directors to know this case since CalOptima security team does not know whether the employee had already shared the information with unauthorized personnel or not. The potential data breach affected about 56,000 members, including their social security numbers (Snell, 2016). However, proper investigations are ongoing to understand the extent of the damage so that CalOptima system can be improved accordingly to avoid such incidences in the future.
Data breach response is vital since it determines the extent of the damage caused by a particular incidence so that an organization can come up with proper security measures to mitigate further consequences. One of the most significant actions is to inform the management team and the board of directors so that they can be ready to answer questions from the public. Senior managers and leaders should not be kept in the dark when it comes to PHI breaches. They are the ones who can allocate relevant resources to prevent further damage. The second appropriate data breach response is to inform the people who have been affected by the incidence. In particular, these individuals are vulnerable since their data might be used in identity theft by hackers. As CalOptima continues to investigate the issue at hand, it is vital for all people who have been affected to be informed about the incidence and advised what they should do (Snell, 2016). If these individuals are not informed, the...