Ucsf medical center case study-information security, Computer Network Security

Example : UCSF Medical Center

In the year 2002, the University of California, San Francisco (UCSF) Medical Center received an email message from someone who claimed to be a doctor working in Pakistan and who threatened to release patient records onto the internet unless money owing to her was paid. Many confidential medical transcripts were attached to the email.

UCSF staff was confused; they had no dealings in Pakistan and surely did not employ the person who sent email. The Medical Center began an immediate investigation, concentrating on the transcription service that had been outsourced to Transcription Stat, based in close Sausalito. It transpired that Transcription Stat farmed out work to some 15 subcontractors scattered across America. One of the subcontractors was Florida based Sonya Newburn, who in turn employed subcontractors further, including Tom Spires of Texas. No one at Transcription Stat realized that Spires also employed his own subcontractors, including sender of email. The sender claimed that Spires owed her money, and had not paid her.

Newburn eventually agreed to pay the $500 that the email sender claimed was owed to her. In return sender informed UCSF that she had no intention of publicizing personal information and had damaged any records in her care. Certainly, there is no way to prove that the records have been destroyed actually.

Naturally, you won’t wish your own medical records to be publicized: they should be scarce. This threat cost the organization little in money terms, but how much in the reputation? Just what is the worth of reputation? Or we can say that how much is it worth paying in information security to protect the reputation?

Posted Date: 10/8/2012 4:34:56 AM | Location : United States







Related Discussions:- Ucsf medical center case study-information security, Assignment Help, Ask Question on Ucsf medical center case study-information security, Get Answer, Expert's Help, Ucsf medical center case study-information security Discussions

Write discussion on Ucsf medical center case study-information security
Your posts are moderated
Related Questions
Risk Management Discussion Points Organizations should define level of risk it can live with Risk appetite: it defines quantity and nature of risk which organizations are wil

Question: (a) What do you understand by the term "integrity"? (b) Which type of attack denies authorized users access to network resources? (c) You have discovered tha

ACCESS CONTROL DEVICES Successful access control system includes number of components, which depends on system’s requirements for authentication and authorization. Powerful auth

Question : (a) There are two approaches for providing confidentiality for packets in a network using symmetric encryption: End-to-End Encryption and Link Encryption. State wh

IDS Intrusion is a attack on information assets in which instigator attempts to gain entry into or disrupt normal system with harmful intent Incident response is an identificatio

Internet Protocol IP Gives computer-to-computer communication. Host and receiver addresses are computers. This is also known machine-to-machine communication.

Public Key Infrastructure (PKI) It is integrated system of software, encryption methodologies, protocols, legal agreements, and 3rd-party services enabling users to communicate

CSMA/CA Wireless needs collision avoid ness rather than collision checking. Transmitting computer puts very short codes to receiver. Receiver responds with short message getti

WIRELESS SECURITY TOOLS An organization which spends its time securing wired network and leaves wireless networks to operate in any manner is opening itself up for security brea

Selecting a Risk Control Strategy Risk controls involve selecting one of the 4 risk control strategies for every vulnerability. The flowchart is shown in the figure given below