Executive Security of Information and Privacy - Essay Example

The recent attacks targeted at healthcare organizations are deemed to be highly sophisticated. The attacks are aimed at the information technology systems. These hackers try to gain entry to the electronic PHI to have access to dates of birth, phone and address numbers, social security numbers. Once they get hold of all these information linked to the patients, they steal the patient's distinctiveness for financial gain. As a director of IT, I will never allow our operating system to be hacked and our patients' data used for manipulation purpose that results to self-gain. I won't allow seeing our health care facility's system being locked away by malware locks system that encrypts the files hence locking us from gaining entry to our patients' data stored on our systems. As evidenced in the latest hacking, most of the healthcare facilities are being targeted as a soft spot for providing data which is easy and rich for the hackers. For our healthcare organization, our current levels of security in the information system and data are so secure. No outside cyber-attacks penetration is possible from any quarter. Our current level of security in the information system and data is up to date with the current technology. Our network-enabled devices are secure. We have a complex data system that is comprised of a single entry. We have a high information security processes and procedures that can easily resist any cyber or hacking attacks.

Security of information and privacy are two words that define mostly of IT department operations. The protection of stored information, processed and transmitted is referred to as security of information. This stored information has to comply with purposes and functions of the information system of our health organization. On the hand, privacy refers to information that is related to protection of the information provided to protect the subject's identity. As an organization, we are entitled to information security that will be protecting our information systems and data from any unauthorized use, access, modification, disruption or disclosure. The assault that has been witnessed in our healthcare systems yet again presents a glaring example for the Information technology department to go a notch high in securing the system and data that pertains to the patients. There needs to be a perpetual watchfulness over the corporate information technology systems, specifically on sectors that maintain our data subjects such as HITECH and HIPAA. As an organization, the IT department will increase a lot focus on ensuring that our patients' data security is prioritized and paramount, thus it should be secured. We will take action in addressing the HIPAA protocols as a way of improving our systems. We will see each and every time perform audit tests that are linked to test for vulnerability breach. We will enhance our response plans that will now be comprised of organization's reaction to any ransom-ware attacks or penetrations. Additional to that, we will strengthen our security program management and implementation. Our security controls that entail administrative, logical or technical, physical controls to be enhanced.

The privacy and security of our patients' data are paramount to us. We will work round the clock to make sure their personal and sensitive data is stored correctly. We have taken some steps and that help in controlling any unauthorized access to this data considerably. Strict access rules to accessing workstations where these data and PHI can be retrieved. Controls have been put in place to regulate the disposal, removal, reuse, backup, transportation, and storage of any relevant data in our systems and workstations connected to patient data.

Therefore, our privacy program is always dependent on the security program. Thus, this creates an obligation to establish an interdependent, cooperative relationship that will be conventional between all teams that specialize in security program developing and implementation.

References

Johnson, M. E., & Goetz, E. (2007). Embedding information security into the organization. IEEE Security & Privacy, 5(3).

Tipton, H. F., & Krause, M. (2003). Information security management handbook. CRC Press.

Veiga, A. D., & Eloff, J. H. (2007). An information security governance framework. Information Systems Management, 24(4), 361-372.