Identifying and mitigating risks can feel like a game of whack-a-mole. For this discussion, identify five threats (T) and vulnerabilities
Identifying and mitigating risks can feel like a game of whack-a-mole.
For this discussion, identify five threats (T) and vulnerabilities (V) from the following fact pattern and label them with a T or a V. Then select the T or V that you think creates the most risk based on the fact pattern and explain why it is so risky in your view.
You've been on the job as CEO of Compliant Hospital for less than two months, but already you need a vacation! You decide to leave the city behind and take a road trip to far west New Texzona, a part of the state known for its rugged beauty. The Hospital has an in-patient rehabilitation facility out west called Compliant Rehab Center (CRC), and you decide to visit. CRC provides therapy and treatment to help patients transition from the in-patient setting back to their homes. The facility specializes in working with patients who have suffered strokes, orthopedic and spinal injuries, and head trauma as well as patients who have undergone major surgery, like hip and knee replacements, amputations, and organ transplants.
You immediately notice that CRC is state-of-the-art. It has advanced physical security systems that combine biometric and swipe access restrictions. The facility has private rooms equipped with web cameras that enable patients to stay connected to their families. Patients receive therapy on cutting-edge equipment, like "anti-gravity" treadmills that make it easier for individuals who have suffered debilitating injuries to walk, exercise, and build strength. The whole facility has WiFi, making it possible for equipment (like the treadmills) to transmit data instantaneously to the handheld devices therapists use to monitor patients. Every staff member seems to have a tablet or wireless device to deliver care and conduct business. Best of all, CRC built a top-of-the-line server room on site, to which it backs up all electronic Protected Health Information (like patient records, demographic data, and billing information) twice daily.
You are impressed and decide to speak to the facility's technology personnel for advice. Unfortunately, you learn that CRC's Chief Information Security Officer, IT Director, and most of the IT staff quit weeks ago after learning about the laptop mishap . For the last month, the facility has not had anyone in charge of technology or information security. CRC has used Tech Nerds, a local company that troubleshoots minor computer and network issues, to handle problems as they arise. If CRC has a hardware, software, or network issue, it calls Tech Nerds and the company sends out a technician. The arrangement has worked well, except that Tech Nerds sends a new technician each time, which has been inefficient. To speed things up, CRC issued Tech Nerds a generic security pass for its technicians so that they no longer have to check in and can bypass the facility's biometric and swipe security access restrictions.
Dismayed by this news, you head to CRC's Human Resources office to find out how the facility intends to fill vacant leadership and IT positions. You walk in to HR and see a room full of new employees being onboarded. At least 10 people are learning about their benefits. CRC's plan is to provide them network and information security training once they have been on the job for 30 days. The facility has experienced rapid turnover in entry level positions and the 30-day waiting period allows it to deliver training to those employees that are most likely to stick around.
You need some air. Stepping outside, you see that the horizon has darkened even more than your mood. It's wildfire season in west New Texzona and the dark billows of a new conflagration are visible in the middle distance.
Vacation is over. You call your General Counsel and Chief Information Security Officer and tell them to be at CRC by morning. It's risk analysis time.