Healthcare continues to be a lucrative target for hackers with weaponized ransomware misconfigured cloud storage buckets and phishing emails
Information Security in a World of Technology
Write an essay addressing each of the following points/questions. Be sure to completely answer all the questions for each number item. There should be three sections, one for each item number below, as well the introduction (heading is the title of the essay) and conclusion paragraphs. Separate each section in your paper with a clear heading that allows your professor to know which item you are addressing in that section of your paper. Support your ideas with at least three (3) citations in your essay. Make sure to reference the citations using the APA writing style for the essay. The cover page and reference page do not count towards the minimum word amount. Review the rubric criteria for this assignment.
- The textbook discusses several education methods. Discuss each method with an example of how the method could be used in the organization. Then discuss how you will evaluate the method and learning.
- Healthcare continues to be a lucrative target for hackers with weaponized ransomware, misconfigured cloud storage buckets, and phishing emails. Discuss how an organization can protect patients’ information through:
- Security mechanisms
- Administrative and Personnel Issues
- Level of access
- Handling and Disposal of Confidential Information
- You are providing education to staff on phishing and spam emails. Using the different educational methods discussed in Chapter 12:
- Provide examples of how each method can be used
- How will the method and learning be evaluated?
- ( The textbook, the hand book of informatics for nurses and healthcare 6th edition)
Length: 500 words per essay prompt/section (1500 total for this assignment)
Structure: Include a title page and reference page in APA style. These do not count towards the minimal word amount for this assignment. All APA Papers should include an introduction and conclusion.
References: Use the appropriate APA style in-text citations and references for all resources utilized to answer the questions. Include at least three (3) scholarly sources to support your claims.
Rubric: This assignment uses a rubric for scoring. Please review it as part of your assignment preparation and again prior to submission to ensure you have addressed its criteria at the highest level.
Format: Save your assignment as a Microsoft Word document (.doc or .docx) or a PDF document (.pdf)
File name: Name your saved file according to your first initial, last name, and the module number (for example, “RHall Module1.docx”)
Education is the continuous addition of knowledge to individuals so as to increase their worth by increasing their ability to perform different roles. Different organizations apply strategic education for their employees to ensure that they are productive in the delivery of different tasks as required by the organization. In healthcare organizations, there is need to constantly educate healthcare givers about some of the ways that they can improve their ability to protect patient information (Seuwou, Banissi, & Ubakanma, 2017. Information Technology (IT) specialists are among some of the professionals who can increase the preparedness of organizations in facing different issues that relate to information security in the light of increasing technology.
Different Education Methods as Discussed in the Textbook
The choice of the educational method used on a population depends on the demographic context, educational philosophy, subject area, and the mission statement of the organization. In some of the scenarios, student-centered approaches care more effective than teacher-centered approaches, and in other cases, the results are best achieved using teacher-centered approaches (He et al., 2019). Also, some contexts of learning require individuals to implement low levels of technology but others demand high tech application in the learning process
This is a traditional education strategy in which the educators lead the students through lectures and demonstrations. In this technique, the teachers have to assume formal authority so as to implement different styles of managing the classroom (He et al., 2019). The power of the educators is mainly as a result of the knowledge they have. This technique also emphasizes that the goal of the teachers is to direct and guide learners throughout the process of learning. The learners, on the other hand, are perceived as empty vessels, and hence as recipients of knowledge.
In an organization, this method of learning can be used when introducing a new technology or a new style of operation where only the healthcare manager has information about it. For example, in a nursing unit where biometric registration is being implemented for the first time, an expert in biometric systems could be invited for a seminar to teach different members how they should incorporate the biometric systems into the existing patient registration system (Stewart & Jürjens, 2017). Evaluation of direct learning is often done by using short quizzes or exams towards the end of individual presentations.
This technique requires the students to create and make things so as to allow them to develop multiple intelligence. In this type of learning, students are required to be fully engaged by performing physical activities in the classroom or in the learning environment. Role-playing is one of the primary elements in this learning methods. Students also have proper engagement such as drawing, and building (Stewart & Jürjens, 2017). While this educational strategy is not applied in many classrooms, most organizations seek to employ this method as a primary way of improving employee performance.
An example of the application of kinesthetic learning in an organization is when employees are provided with manuals to help them achieve a certain output, and the educator monitors them while they try to gain the hands on experience. The educator may have to be present to ensure that the students do not waste the organization’s resources and they do not deviate from the expected standards of operation (Bada, Sasse, & Nurse, 2019). This method is advantageous in that it allows the students to gain a hands on experience in the course of learning. It can also be used to supplement other types of learning. To assess for the effectiveness of this technique, the educators could use different strategies, but the most effective would be asking students to create a simulation or model of the concept being learned and test it for effectiveness.
How a Healthcare Organization can Protect Patients’ Information
One of the primary security mechanisms that can be applied in healthcare organizations to protect patient information is ensuring they take note of all the devises and channels that the patient data passes through, and providing the necessary protection. Like in many other situations, it is hard to steal data about patient information when it is stored in the databases (He et al., 2019). However, during transit from one database to the next, hackers can use the channels that are present in the movement to perform phishing activities and take information on patients. Maintaining efficiency in the movement of information is a key strategy that can be used to enhance productivity in the workplace and security of the data. Also, there is need to create several huddles in data flow that enhance the movement of data in a swift and acceptable way across the different players in the healthcare organization.
Administrative and Personal Issues
Administrative issues that are likely to lead to data loss in healthcare organizations include the lack of accountability over the different responsibilities that could be present in the data management process. For instance, nurse leaders could sometimes be asked to collect and secure information on certain sensitive patients, and after reassigning the work to junior nurses, the patient information could reach the wrong recipients. The healthcare managers are required to train employees or implement different programs of employee training that ensure increased readiness and ability of recognizing potential data attacks and solving them before it is too late.
Level of Access
There is need for healthcare managers to control the accessibility of data to ensure that there are restrictions of access for parties that should not access the data. One of the ways of limiting data accessibility is coding the information with different names or labels that ensure that only the relevant parties should understand the data. For example, when collecting blood from HIV/AIDS patients to access their CD4 cell count, data should be encoded using different labels, such that only the direct care physician would relate the results with a specific patients (He et al., 2019). Controlling data accessibility can also be done by adding security passwords to computers and other devises that are used in the facility so as to limit the access by other individuals.
Handling and Disposal of Confidential Information
Paper records were used in the past to handle patient records, but due to their unreliable nature, most organizations transformed their methods of collection of patient information into technology-enabled means. Using devices of technology allows proper handling of patient data and improves accountability as people can understand the different users who fed data into the system or retrieved data from devices, with the details of the time such things happened (Bada, Sasse, & Nurse, 2019). The use of CCTV cameras has also enhanced monitoring of the individuals who use the systems. Lastly, training patients on the need to maintain confidentiality and reduce security huddles.
Educating Staff about Phishing and Spam Emails
Phishing emails are often sent to employees to trick them to disclose some of their crucial login information or install malware that could breach their computers (He et al., 2019). While some employees are aware that phishing emails exist and they are at high risk of data loss, most others often click and reply to emails sent to them without necessarily assessing their credibility (Alhassan & Adjei-Quaye, 2017). Such risky behaviors could lead to data loss and exposure for the employee as well as to the company. The following are some of the methods of educating staff about phishing and spam emails.
Awareness Creation through Regular Official Communication
Company managers should never assume that employees are aware about the different threats that exist in the information media of employees. There should be company emails encouraging employees to take up the necessary precautions of ensuring they are not victims of phishing. For example, a memo asking the employees to assess the legality of the information they get could be an eye opener for those who think that they can never be victims of phishing (Bada, Sasse, & Nurse, 2019). Evaluating in this method is best done by asking random questions in employee meetings, which could show whether or not employees are still aware of the loopholes that could make them vulnerable to data loss through phishing.
Short Courses about Data Security
This technique entails creating an interactive course and embedding it in the organization website. Organizations may require all their employees to complete the course and get a certificate of awareness about data loss that could happen through the use of emails. Evaluation in this technique is done using tests that have scores. Employees who score less than 70% in the tests may be asked to repeat the tests as they are not fully aware of some of the things they should do to protect themselves from data insecurity, and could also serve as threats to the organization (Alhassan & Adjei-Quaye, 2017). The courses could be done on a regular basis with each of the training periods having additional teachers for the employees to learn. The fact that this training method is flexible enough to allow employees to take tests even when far from the organization makes it have a higher success rate. Organizational managers, on the other hand, should be careful as such allowances could allow the increased cheating in the tests.
Data security in organizations can be enhanced through the use of different learning techniques. Using short courses and applying official communication to create awareness about phishing and spam emails, for instance is applicable in many organizations. Healthcare companies can enhance their data security by limiting the ease of access of patient information through encoding data and installing different security mechanisms for learning. Implementation of different security measures could limit their vulnerability to hackers and other individuals who would want to access health data and use it the wrong way. The use of kinesthetic learning and direct education could also allow improved learning about security of information system in the highly developing technological times.
Alhassan, M. M., & Adjei-Quaye, A. (2017). Information Security in an Organization. International Journal of Computer (IJC), 24(1), 100-116.
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
He, W., Kshirsagar, A., Nwala, A., & Li, Y. (2019). Teaching information security with workflow technology–a case study approach. Journal of Information Systems Education, 25(3), 4.
Seuwou, P., Banissi, E., & Ubakanma, G. (2017, January). User acceptance of information technology: A critical review of technology acceptance models and the decision to invest in Information Security. In International Conference on Global Security, Safety, and Sustainability (pp. 230-251). Springer, Cham.
Stewart, H., & Jürjens, J. (2017). Information security management and the human aspect in organizations. Information & Computer Security.