(Executive Summary)
MedStar Health Inc, a leader in the healthcare industry regionally and nation-wide, is a constant target of the malicious attempts of cyber criminals. Over the past 6 years MedStar Health Inc. has faced several instances of data breach most notably, the 2016 breach that compromised 370 computer systems and halted its operations. As the organization continues to digitize and broaden the use of electronic medical records across its facilities, the threat of cyber-attack remains even more pervasive. The purpose of this report is to provide an overview of MedStar Health Inc cybersecurity vulnerabilities, examine the overall causes and impact of the breaches and explore solutions to meet the organization’s cybersecurity challenges.
With a focal point on MedStar Health breaches, a literature-based study was conducted, and various news articles, academic journals and company publications were analyzed. It was found that the 2016 and 2020 data breaches were attacks on the organization’s internet servers. The 2020 hack compromised the records of 668 patients, whereas the 2016 hack was a result of a ransomware infection that compromised 7500 individuals’ records and halted the organizations’ operations. The cost of the virus infection was greater than the $19,000 ransom requested due to additional recovery and remediation costs. It was also revealed that the 2019 breach was due to human error.
To best combat the efforts of cyber criminals, it is recommended that MedStar Health Inc. place greater emphasis on cyber awareness training for employees/professionals, implementing multiple factor authentications and a strong password and identity management system to reinforce its IT infrastructure against future hacks. Failure to effectuate these measures pose significant risk to MedStar Health Inc., its affiliates and patients that extend beyond ransom payments, fines, imprisonment, lawsuits and costs incurred for subsequent identity theft protection services. The damage caused by data security breaches may prove fatal for patients, the company’s most valued asset, compromising public perception and the company’s mission to provide the highest quality of medical care and build long-term relationships with the patients they serve.)
Actual Technical Report
MedStar Medical Vs. Cybercrime
In the health sector, experts "see persistent cyber-attacks as the single greatest threat to the protection of healthcare data" (Moffith & Steffen, 2017). To the world at large, this is not the most absurd news or revelation. Healthcare data embodies some of the most marketable information, and for the black market this is Eldorado – the fictional tale of the city of gold. Healthcare organizations are tasked with fighting the uphill battle of providing quality medical care to their number one stakeholder – patients – while also ensuring that their valuable information is kept safe and secure. Despite their efforts, healthcare organizations sometimes fail in ...
1 5Preparing to Conduct Business Research, Part 1Latwo.docxhoney725342
1
5Preparing to Conduct Business Research, Part 1
Latwon Hordge, Travona James, Desean Stephens, Kashmir SpellsRES/351 Business Research
April 12, 2016
Professor Jonte Lee
Preparing to Conduct Business Research, Part 1
As a cross-functional team interested in conducting a research project for an executive team, we have been faced with identifying the scope, magnitude, feasibility of the issues that have recently occurred at MedStar. MedStar is a health organization that primarily focuses on one thing, and that entails caring for all people and their health. MedStar takes pride in their patient-first visions of compassion, customer service, clinical experience, and care. After researching the team discovered that the health-care provider was recently hacked and attacked by an infectious computer virus.
MedStar’s Issue
On March 28, 2016, MedStar’s computer network was attacked by a virus which caused its medical network to shut down their online database. The shut-down included emails and vast records database. This caused a trickle effect of security concerns nationwide. Because of the infection, it has caused major impacts to the billion dollar health-care provider. One of the major issues was the hospital staff having to revert to using paper records instead of electronic files. Other issues included the lack of communication between staff and being unable to schedule patient’s appointments.
Significance of the Issue
The virus infection of MedStar’s computer network was labeled by the FBI as “ransom ware” attack in which hackers remotely locked up a company’s computer system and hold the data hostage and then demand money. The significance of this attack does not only include invasion of privacy regarding employee’s personal information and patient’s medical information but also the potential for a health crisis. A dilemma in which such criminals and/or terrorist having access to treatment plans, medication information, doctor notes, and privileges could stage an epidemic that could be extremely harmful. This cyber-attack caused for everything to slow down tremendously. According to Stephen Frum, a labor representative for the National Nurses United, appointments and surgeries were delayed; lab results and the ordering of medications will take longer (Cox, 2016). Scheduling and record access are at the bare minimum. More importantly, the more severe of treatments cannot be administered.
Ransomware attacks seem to be growing in popularity, to which roughly $24M was paid in ransom in 2015. In 2016, hospitals in California, Kentucky, and even Canada were targeted the same as the Washington Metropolitan Area’s MedStar was.
Due to people having the ability to conduct and be successful in such attacks, processes needed to be put into place at a government level; that would address the civil liberties that apply to modern society. The Constitution was written in a time where technology was not an integral part of s ...
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
Technology has sparked incredible advances in healthcare — but it hasn’t done so without risk. Cybersecurity has long been a hot-button issue for the healthcare sector. For many provider organizations, a major security breach constitutes a worst-case scenario, posing a significant threat to operations, patient trust, and confidential information alike.
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
Patient information recorded in electronic medical records is the most significant set of information of the healthcare system. It assists healthcare providers to introduce high quality care for patients. The aim of this study identifies the security threats associated with electronic medical records and gives
recommendations to keep them more secured. The study applied the qualitative research method through a case study. The study conducted seven interviews with medical staff and information technology technicians. The study results classified the issues that face electronic medical records into four main categories which were availability, accessibility, privacy, and safety of health information.
The Protected Harbor Data Breach Trend Report is a comprehensive analysis of current trends and insights in the cybersecurity landscape. Delve into this in-depth report to better understand emerging threats, vulnerabilities, and strategies for safeguarding your organization's data. Stay one step ahead in the ever-evolving world of data security with valuable insights from our experts.
1
9
The Complexity and Evolving Technologies of the Healthcare Industry
Good Student
University of Maryland Global Campus
Course
Instructor
Date
The Complexity and Evolving Technologies of the Healthcare Industry
The healthcare industry as we know it is constantly evolving and growing exponentially every year for many reasons, such as regulation changes from federal and state agencies, changes to coverage from health insurance companies, illness trends, developments in medicine, and demographics of medical staff. Two of the most important reasons are due to the evolving medical needs of patients and the advancements in technology that provide viable options to these patients in need. These technology advancements in the healthcare arena has generated interest from cybercriminals. Cybercriminals have no preference in whom they target if they can gain profit or cause a negative impact to the end user(s). When these vulnerabilities are discovered and attacks occur in the healthcare industry, it could literally mean the difference between life and death for patients. This critical outcome has created a high demand for cybersecurity and technical personnel in this industry to implement them. Three of the top trends in the healthcare industry as it relates to cybersecurity are the increased dangers of 3D printing in medicine, revolution of big data and advanced analytics in the healthcare system, and Internet of Things (IoT) and cloud computing as a security threat to healthcare. This paper will focus on the complexity of the healthcare industry and how transitioning to the Internet of Things and cloud computing has created a large security threat to all medical practices around the world.
Top Trends of the Healthcare Industry
Technologists and companies around the world have embraced the importance and endless possibilities of 3D printing (NAICS 323111). 3D printing is a manufacturing process that creates a three dimensional object by incrementally adding material until the object is complete (this contrasts with subtractive manufacturing techniques such as carving or milling, in which an object is created by selectively removing parts from a piece of raw material) (Lacoma, 2018). Many manufacturing companies first began using 3D printing to resolve some of their most difficult problems and improve the efficiency of their processes. The healthcare industry began to take notice and medical experts began developing ideas on how this technology could be implemented in their medical practices. 3D printing in healthcare makes it possible for medical professionals to provide patients with a new form of treatment in several ways. 3D printing is used for the development of new surgical cutting and drill guides, prosthetics as well as the creation of patient-specific replicas of bones, organs, and blood vessels (Izukor, 2019).
Although the benefits of using this technology in medicine are endless, the process has created a height.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
1 5Preparing to Conduct Business Research, Part 1Latwo.docxhoney725342
1
5Preparing to Conduct Business Research, Part 1
Latwon Hordge, Travona James, Desean Stephens, Kashmir SpellsRES/351 Business Research
April 12, 2016
Professor Jonte Lee
Preparing to Conduct Business Research, Part 1
As a cross-functional team interested in conducting a research project for an executive team, we have been faced with identifying the scope, magnitude, feasibility of the issues that have recently occurred at MedStar. MedStar is a health organization that primarily focuses on one thing, and that entails caring for all people and their health. MedStar takes pride in their patient-first visions of compassion, customer service, clinical experience, and care. After researching the team discovered that the health-care provider was recently hacked and attacked by an infectious computer virus.
MedStar’s Issue
On March 28, 2016, MedStar’s computer network was attacked by a virus which caused its medical network to shut down their online database. The shut-down included emails and vast records database. This caused a trickle effect of security concerns nationwide. Because of the infection, it has caused major impacts to the billion dollar health-care provider. One of the major issues was the hospital staff having to revert to using paper records instead of electronic files. Other issues included the lack of communication between staff and being unable to schedule patient’s appointments.
Significance of the Issue
The virus infection of MedStar’s computer network was labeled by the FBI as “ransom ware” attack in which hackers remotely locked up a company’s computer system and hold the data hostage and then demand money. The significance of this attack does not only include invasion of privacy regarding employee’s personal information and patient’s medical information but also the potential for a health crisis. A dilemma in which such criminals and/or terrorist having access to treatment plans, medication information, doctor notes, and privileges could stage an epidemic that could be extremely harmful. This cyber-attack caused for everything to slow down tremendously. According to Stephen Frum, a labor representative for the National Nurses United, appointments and surgeries were delayed; lab results and the ordering of medications will take longer (Cox, 2016). Scheduling and record access are at the bare minimum. More importantly, the more severe of treatments cannot be administered.
Ransomware attacks seem to be growing in popularity, to which roughly $24M was paid in ransom in 2015. In 2016, hospitals in California, Kentucky, and even Canada were targeted the same as the Washington Metropolitan Area’s MedStar was.
Due to people having the ability to conduct and be successful in such attacks, processes needed to be put into place at a government level; that would address the civil liberties that apply to modern society. The Constitution was written in a time where technology was not an integral part of s ...
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
Technology has sparked incredible advances in healthcare — but it hasn’t done so without risk. Cybersecurity has long been a hot-button issue for the healthcare sector. For many provider organizations, a major security breach constitutes a worst-case scenario, posing a significant threat to operations, patient trust, and confidential information alike.
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
Patient information recorded in electronic medical records is the most significant set of information of the healthcare system. It assists healthcare providers to introduce high quality care for patients. The aim of this study identifies the security threats associated with electronic medical records and gives
recommendations to keep them more secured. The study applied the qualitative research method through a case study. The study conducted seven interviews with medical staff and information technology technicians. The study results classified the issues that face electronic medical records into four main categories which were availability, accessibility, privacy, and safety of health information.
The Protected Harbor Data Breach Trend Report is a comprehensive analysis of current trends and insights in the cybersecurity landscape. Delve into this in-depth report to better understand emerging threats, vulnerabilities, and strategies for safeguarding your organization's data. Stay one step ahead in the ever-evolving world of data security with valuable insights from our experts.
1
9
The Complexity and Evolving Technologies of the Healthcare Industry
Good Student
University of Maryland Global Campus
Course
Instructor
Date
The Complexity and Evolving Technologies of the Healthcare Industry
The healthcare industry as we know it is constantly evolving and growing exponentially every year for many reasons, such as regulation changes from federal and state agencies, changes to coverage from health insurance companies, illness trends, developments in medicine, and demographics of medical staff. Two of the most important reasons are due to the evolving medical needs of patients and the advancements in technology that provide viable options to these patients in need. These technology advancements in the healthcare arena has generated interest from cybercriminals. Cybercriminals have no preference in whom they target if they can gain profit or cause a negative impact to the end user(s). When these vulnerabilities are discovered and attacks occur in the healthcare industry, it could literally mean the difference between life and death for patients. This critical outcome has created a high demand for cybersecurity and technical personnel in this industry to implement them. Three of the top trends in the healthcare industry as it relates to cybersecurity are the increased dangers of 3D printing in medicine, revolution of big data and advanced analytics in the healthcare system, and Internet of Things (IoT) and cloud computing as a security threat to healthcare. This paper will focus on the complexity of the healthcare industry and how transitioning to the Internet of Things and cloud computing has created a large security threat to all medical practices around the world.
Top Trends of the Healthcare Industry
Technologists and companies around the world have embraced the importance and endless possibilities of 3D printing (NAICS 323111). 3D printing is a manufacturing process that creates a three dimensional object by incrementally adding material until the object is complete (this contrasts with subtractive manufacturing techniques such as carving or milling, in which an object is created by selectively removing parts from a piece of raw material) (Lacoma, 2018). Many manufacturing companies first began using 3D printing to resolve some of their most difficult problems and improve the efficiency of their processes. The healthcare industry began to take notice and medical experts began developing ideas on how this technology could be implemented in their medical practices. 3D printing in healthcare makes it possible for medical professionals to provide patients with a new form of treatment in several ways. 3D printing is used for the development of new surgical cutting and drill guides, prosthetics as well as the creation of patient-specific replicas of bones, organs, and blood vessels (Izukor, 2019).
Although the benefits of using this technology in medicine are endless, the process has created a height.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Why cyber-criminals target Healthcare - Panda Security Panda Security
The healthcare industry is very technologically advanced but it also has huge security flaws, making it an easy target for cyber-criminals. If we add this to the immense amount of highly sensitive information that is managed by hospitals, pharmacies and health insurance providers, plus the high price that it could be sold for on the black market where a medical history is much more valuable than a credit card, we are able to understand how this was the most attacked industry last year.
More details:
http://www.pandasecurity.com/mediacenter/panda-security/panda-security-dissects-cyber-pandemic/
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxkarlhennesey
Page 9 of 15
Capstone Project
Yaima Ortiz
IDS-4934
March 1st, 2020
Abstract
Topic:
Privacy- What medical information should be confidential? Who, if anybody, should have access to medical records?
Thesis Statement
In healthcare centers and overall privacy is the right of every US citizen that should be protected in all its forms by the healthcare organization.
Rationale
1. The purpose of this paper is to identify why security measures are necessary to protect one’s privacy in the medical industry.
2. There are numerous laws, policies and healthcare organizational rules and regulations and statistics that would be helpful for conducting this research.
3. Privacy of a person whether this is me or you, is important then everything. I want to talk on this topic because I think most of us do not know what is happening to us.
4. I have selected textual analysis of books and available internet sources. The reason of this limited research methodology is that I cannot perform field study because of shortage of time.
Rough Draft Ideas
Identity theft in healthcare industry become a common practice and leads to information leakage that may destroy someone’s life. We can eliminate this human right violation by enforcing effective and practical laws. Healthcare organizations should understand their responsibilities and tighten security to protect information of patients.
Table of Contents
Introduction 3
Overview of Privacy Protections with Respect to Medical Records 4
Data Breaches in the Healthcare Industry 5
Healthcare is the biggest Target for Cyber Attack 7
Penalties and Punishments for Hacking Personal Information 9
Penalties 9
Devastating Consequences of Healthcare Data Breaches 10
Conclusion 10
Recommendations 11
Bibliography 12
Introduction
While operating in healthcare organizations need to gather patient’s information that is mostly personal information. It is the moral and legal responsibility of health care organizations to protect the information of their patients and do not share it with people outside of the organization without the patient’s consent. Protecting patient’s information is a crucial element of respect and essential for patients' autonomy and trust in the organization — the US healthcare industry currently facing patient mistrust that is caused because of a lack of trust. When patients experience a lack of confidence they do not share their information with a healthcare professional that causes ineffective treatment. In a 2018 study, Levy, Scherer, Zikmund-Fisher, Larkin, Barnes, & Fagerlin concluded that approximately 81.1% of people withheld medically relevant information from their health-care providers. Patients fail to disclose medically relevant information in front of their clinicians undermine their health and cause patient harm (Levy, 2018).
There are numerous components of patient privacy in healthcare that are personal space, religious and cultural affiliations, physical privacy ...
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxhoney690131
Page 9 of 15
Capstone Project
Yaima Ortiz
IDS-4934
March 1st, 2020
Abstract
Topic:
Privacy- What medical information should be confidential? Who, if anybody, should have access to medical records?
Thesis Statement
In healthcare centers and overall privacy is the right of every US citizen that should be protected in all its forms by the healthcare organization.
Rationale
1. The purpose of this paper is to identify why security measures are necessary to protect one’s privacy in the medical industry.
2. There are numerous laws, policies and healthcare organizational rules and regulations and statistics that would be helpful for conducting this research.
3. Privacy of a person whether this is me or you, is important then everything. I want to talk on this topic because I think most of us do not know what is happening to us.
4. I have selected textual analysis of books and available internet sources. The reason of this limited research methodology is that I cannot perform field study because of shortage of time.
Rough Draft Ideas
Identity theft in healthcare industry become a common practice and leads to information leakage that may destroy someone’s life. We can eliminate this human right violation by enforcing effective and practical laws. Healthcare organizations should understand their responsibilities and tighten security to protect information of patients.
Table of Contents
Introduction 3
Overview of Privacy Protections with Respect to Medical Records 4
Data Breaches in the Healthcare Industry 5
Healthcare is the biggest Target for Cyber Attack 7
Penalties and Punishments for Hacking Personal Information 9
Penalties 9
Devastating Consequences of Healthcare Data Breaches 10
Conclusion 10
Recommendations 11
Bibliography 12
Introduction
While operating in healthcare organizations need to gather patient’s information that is mostly personal information. It is the moral and legal responsibility of health care organizations to protect the information of their patients and do not share it with people outside of the organization without the patient’s consent. Protecting patient’s information is a crucial element of respect and essential for patients' autonomy and trust in the organization — the US healthcare industry currently facing patient mistrust that is caused because of a lack of trust. When patients experience a lack of confidence they do not share their information with a healthcare professional that causes ineffective treatment. In a 2018 study, Levy, Scherer, Zikmund-Fisher, Larkin, Barnes, & Fagerlin concluded that approximately 81.1% of people withheld medically relevant information from their health-care providers. Patients fail to disclose medically relevant information in front of their clinicians undermine their health and cause patient harm (Levy, 2018).
There are numerous components of patient privacy in healthcare that are personal space, religious and cultural affiliations, physical privacy.
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
WE BUILD CORE HANDS-ON ON INFORMATION SECURITY SKILLS FOR ALL LEVELS AND DEPARTMENTS- It has already been two years since hackers shifted their main focus from BFSI sector to healthcare industry aggressively targeting hospitals all over the world, while U.S. is experiencing the most severe threat. How we can help you with HIPPA security and privacy concerns. DO YOU NEED TO INVEST IN INFORMATION SECURITY TRAINING, CONSULTING AND ADVISORY?
“Many organizations security defences have been smacked Their earned reputation within a flash have been jacked Heartless jokes on them by others also have been cracked How come they’re sure that their firms haven’t been hacked?"
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
EXPLORING CHALLENGES AND OPPORTUNITIES IN CYBERSECURITY RISK AND THREAT COMMU...IJNSA Journal
As device interconnectivity and ubiquitous computing continues to proliferate healthcare, the Medical Internet of Things (MIoT), also well known as the, Internet of Medical Things (IoMT) or the Internet of Healthcare Things (IoHT), is certain to play a major role in the health, and well-being of billions of people across the globe. When it comes to issues of cybersecurity risks and threats connected to the IoT in all of its various flavors the emphasis has been on technical challenges and technical solution. However, especially in the area of healthcare, there is another substantial and potentially grave challenge. It is the challenge of thoroughly and accurately communicating the nature and extent of cybersecurity risks and threats to patients who are reliant upon these interconnected healthcare technologies to improve and even preserve their lives. This case study was conducted to assess the scope and depth of cybersecurity risk and threat communications delivered to an extremely vulnerable patient population, semi-structured interviews were held with cardiac medical device specialists across the United States. This research contributes to scientific data in the field of healthcare cybersecurity and assists scholars and practitioners in advancing education and research in the field of MIoT patient communications
Reasons for the Popularity of Medical Record TheftOPSWAT
After a slew of data breaches in 2014, the FBI warned the healthcare industry that cyber-criminals would be directing more attention their way in 2015. The healthcare industry has become an increasingly valuable target for cyber thieves, and in some cases, a much easier target to attack, due to their often less than adequate investment in cyber security. What is it about the healthcare industry that has captured the cyber criminals' interest in the last few years?
This white paper covers various topics including industry data breach statistics, the value of credit card data versus medical record data, healthcare spending on cyber security and the impact of BYOD on industry vulnerability to data breaches. This white paper also highlights various solutions for protecting medical record data including multi-scanning, email security and the protection of endpoint devices.
Systems Thinking on a National Level, Part 2Drew David.docxperryk1
Systems Thinking on a National Level, Part 2
Drew Davidson, Eric Sinclair Banyon, Shady Navarro, Shalamar Santana, Ziomara Pagan, & Stephanie Jean Coute
MHA/505
February 11, 2019
Rachael Kehoe
Running head: SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2
1
SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2
10
Systems Thinking on a National Level, Part 2
Cybersecurity breaches in the Healthcare industry pose a significant threat to those organizations. According to Gordon et al., cybersecurity breaches not only affect the patient’s information but it can also affect the organization's creditability (2017). When an organization creditability comes into question due to a cybersecurity breach, that organization may lose customers due to the fear of their information not being appropriately protected. In Healthcare it is crucial that we understand the impact of cybersecurity breaches. Most of the major hospital in the United States are using electronic medical records (EMR). A lot of hackers are using phishing methods to trick hospital and breaching their security protocol by tricking staff members into disclosing sensitive and personal information (Winder, 2014). Therefore, the following will discuss way cyber security breaches happen in the healthcare industry and way to prevent them from happening in the future.
Cyber Security Breach Diagram
Malicious and Non-Malicious
Cyber security breaches in healthcare can happen in several different ways. These different types of breaches can either be malicious or non-malicious. A malicious cyber security breech in healthcare, is when an individual or individuals purposely hacked into and attack or gain unauthorized access to members PII. Unauthorized access (such as hacking) to protected healthcare systems is the result of malicious behavior, things like holding the system ransom or stealing private information are acts of malicious behavior (Katz, 2018). Penetrating a system manually and disabling the systems defenses or by downloading software programs are other types of malicious behavior. Hacking is a malicious behavior, but just because the system is hack doesn’t necessarily mean any personal information is compromised. A number malicious cyber security breach may not be done intentionally but can cause just as many issues as a malicious cyber security breech. When data is unintentionally left exposed to an authorized access it is a non-malicious behavior. Cyber security breaches in healthcare can be the result of employee error or negligence. In healthcare malicious behavior is a portion of the inflow of cyber security breaches and non-malicious behavior is the portion of the outflow of a cyber security breech.
Eavesdropping
As a group, we have identified a multitude of cybersecurity breaches that are growing concerns amongst the healthcare providers and companies that offer their services to the community. Another one of these concerns’ hails in the form of eavesdropping. Eavesdropping is a d.
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...The Lifesciences Magazine
Ryan Witt, who is in charge of cyber threats in healthcare at Proofpoint, says that this is why U.S. hospital defenses have always been weak. Since attackers learned this, hospitals in the United States have been a top target. Cybercriminals continue to focus on U.S. health care, and hospital information security is always trying to catch up.
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
All healthcare providers should have enough knowledge and sufficient information to understand the potential risk, which can lead to a breach in the Jordanian health information system (Hakeem program). This study aims to emphasise the importance of sharing sensitive health information among healthcare providers, create laws and regulations to keep the electronic medical records secure, and increase the
awareness about health information security among healthcare providers. The study conducted seven interviews with medical staff and an information technology technician. The study results showed that sharing sensitive information in a secure environment, creating laws and regulations, and increasing the
awareness about health information security render the electronic medical records of patients more secure and safe
Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs and application security and transmission protocols are not consistently maintained. Health insurance needs and general financial opportunity has created an emerging market in medical identity theft. Medical offices have the perfect storm of information collection, personal, credit, banking, health, and insurance. Thieves have realized that medical facilities have as much economic value as banks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is a well-hidden information crime. In spite of its covert nature, the catastrophic ramification to the victims is overt. This information crime involves stealing patients’ records to impersonate the patients in an effort of obtaining health care services or claiming Medicare on the patients’ behalf. Unlike financial identity theft, there is a lack of recourse for the victims to recover from damages. Medical identity theft undermines the quality of health care information systems and enervates the information security of electronic patient record.
Why merging medical records, hospital reports, and clinical trial data is a v...Arete-Zoe, LLC
Medical privacy and breaches of personal health information (PHI) has been a hot topic for several years. For the clinical trial industry, the main concerns are decline in recruitment resulting from lack of confidence in data handling and instances of breaches that affect data integrity that adversely affect NDA and MA applications in major markets, which precipitates administrative action taken by national regulators in response to local incidents.
European legislators rely extensively on administrative measures implemented by national competent authorities. Although specific and detailed EU-level legislation exists, specific information about data breaches, cases and incidents, volume and type of affected data, root causes and analysis of consequences is largely missing. According to Howard and Gulyas (2014), this lack of organized event records is currently an empirical obstacle but provides opportunity to generate new knowledge about data and privacy protection that could bolster future trial recruitment.
In the U.S., summary details of breaches that involved more than 500 individuals are available at the OCR portal called Wall of Shame for everyone to analyze. Disclosure obligations in HIPAA made the problem of data breaches in healthcare obvious and protection of the privacy of patients has been an important part of physicians’ code of conduct. This offers lessons learned to mitigate systemic vulnerabilities that undermine trial participation.
Privacy and Security by Design Spotlight Presentation at HIMMS Privacy and Security Forum, December 5th 2016. Presented by Jeff R. Livingstone, PhD, Vice President and Global Lead, Life Sciences & Healthcare, Unisys Corporation.
Healthcare Informatics Industry: 10 Effective Trends | The Entrepreneur ReviewTheEntrepreneurRevie
Here are 10 Trends reshaping the Healthcare Informatics Industry: 1. The development of the CIO and IT staff. 2. The dawn of a new era in cybersecurity. 3. The digitalization of the customer experience and the digital front door. 4. Advances in clinical information technology. 5. The rise of artificial intelligence and machine learning in healthcare.
(U) WHAT INSIGHTS ARE DERIVED FROM OPERATION ANACONDA IN REGARDS TMoseStaton39
(U) WHAT INSIGHTS ARE DERIVED FROM OPERATION ANACONDA IN REGARDS TO THE NCO COMMON CORE COMPENTENCY (NCOCCC) OF OPERATIONS?
The NCOCCC of Operations is a combination of operational skill sets that, when mastered by senior leaders can save lives and ensure effective unified action. Some of its key tenets include: Large-scale combat operations; understanding operational and mission variables; resolving complex, ill-structured problems with the use of Mission Command; and understanding how to integrate the different branches of the military into successful joint operations (Department of the Army [DA], 2020, pp. 2-3). This final principle of conducting joint operations becomes increasingly important as contemporary conflicts continue to venture further into the realm of multi-domain warfare (Marr, 2018, pp. 10-11). In order to execute such a complex task, Joint Force Commanders (JFC) must “integrate, synchronize, and direct joint operations” through the use of seven Joint Functions (Joint Chiefs of Staff [JCS], 2017, p. III-1). One of these functions, Command and Control, is how the JFC directs the forces toward accomplishment of the mission, and its essential task is to “Communicate and ensure the flow of information across the staff and joint force” (JCS, 2017, p. III-2). This task is critical to the creation of a shared understanding, which allows the separate branches to work seamlessly together toward a common goal. The absence of this unifying component hinders missions and increases casualties. In Operation ANACONDA, JFC Major General (MG) Hagenbeck failed to create such a shared understanding with his subordinate Air Force assets, which contributed to increasing the amount of casualties his forces incurred. Although the warning order was published on 6 January, MG Hagenbeck did not notify the Combined Force Air Component Commander of Operation ANACONDA until 23 February, just days before the operation began (Fleri et al., 2003). This failure to ensure the flow of information across the joint force, caused downstream effects in planning and preparation that led to diminished air support during the initial stages of the operation. As noted by Lambeth (2005) in his comprehensive analysis, “because so little air support had been requested…coalition troops entered the fight virtually unprotected by any preparatory and suppressive fire” (pp. 204-205). Operation Anaconda provides a clear case of how proficiency in the realm of Operations can result in fewer U.S. casualties.
M451: Decisive Action
Case Study Defense Support of Civil Authorities
1. Scenario
Good morning, welcome to VNN -- local officials are celebrating this morning as a new industrial
park is being christened in our community, there’s a ribbon-cutting scheduled for 10am this
morning. Officials say the new Hampton Industrial Park will bring millions of dollars of new tax
revenues and thousands of new jobs to state and local communities. But a group of activi ...
(Remarks)Please keep in mind that the assiMoseStaton39
(Remarks)
Please keep in mind that the assignment states, "Each of your sections’ content must be at least one full page in length, in Times New Roman 12-pt. font, double-spaced, with 1” margins." When you turn something in that is about half of the required length, you take a bit of a double hit. The first hit is for not meeting minimum expectations for the assignment. The second hit is for not going into as much detail as needed to get a high grade. I can see that you are ahead on the sections. That is not a problem as those have not been graded yet. However, understand that as is, they will also have significant point deductions.
1
4
A Pollution Prevention Plan (P3) Pre-Assessment Study
[Student name here…remove brackets]
Columbia Southern University
ENV 4301: Pollution Prevention
[Instructor name here…remove brackets]
[Date here…remove brackets]
Abstract
Block one full paragraph (no indenting the first line or any subsequent lines). Provide one full sentence here for each unit as you complete a level 1 heading section, describing what material or calculations were presented in that section. By the time the Unit VII material is complete, you will have six or seven sentences in this abstract (one for each unit, for Units II–VII).
Pollution Prevention Plan (P3) Pre-Assessment Study
General Operational Characteristics
Start typing here for Unit II in non-italicized font (despite the different font types and sizes allowed with APA 7th edition, please stay in Times New Roman 12-pt. font for this document, since this template is already in that font and size), citing with
CSU APA Citation Guide p. 6 styled citations to defend what you state as fact.
Potential Ecological Health Impacts
Fill this in for Unit II. Remove each blank section before submittal in each unit.
Potential Human Health Impacts
Fill this in for Unit III.
Potential Societal Health Impacts
Fill this in for Unit IV.
Risk Assessment and Regulatory Requirements
Fill this in for Unit V.
Pollution Prevention Technologies
Fill this in for Unit VI.
Engineering Opportunities for Pollution Prevention
Fill this in for Unit VII.
References
Brusseau, M. L., Pepper, I. L., & Gerba, C. P. (2019).
Environmental and pollution science (3rd ed.). Academic Press. https://online.vitalsource.com/#/books/9780128147207
List additional references here alphabetically (you may need to list some before the textbook reference). Be sure to double-space and use a hanging indent for each subsequent line in each reference entry, formatting according to CSU APA Citation Guide pp. 8–11.
1
4
A Pollution Prevention Plan (P4) Pre-Assessment Study
Abstract
This undertaking essentially entails a Pre-Assessment study on behalf of the board of directors at ABC Agriculture Production Inc; it explores the general operational characteristics, potential ecological health effects, potential human health impacts, potential societal health impacts, risk ...
More Related Content
Similar to (Executive Summary)MedStar Health Inc, a leader in the healthc
Why cyber-criminals target Healthcare - Panda Security Panda Security
The healthcare industry is very technologically advanced but it also has huge security flaws, making it an easy target for cyber-criminals. If we add this to the immense amount of highly sensitive information that is managed by hospitals, pharmacies and health insurance providers, plus the high price that it could be sold for on the black market where a medical history is much more valuable than a credit card, we are able to understand how this was the most attacked industry last year.
More details:
http://www.pandasecurity.com/mediacenter/panda-security/panda-security-dissects-cyber-pandemic/
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxkarlhennesey
Page 9 of 15
Capstone Project
Yaima Ortiz
IDS-4934
March 1st, 2020
Abstract
Topic:
Privacy- What medical information should be confidential? Who, if anybody, should have access to medical records?
Thesis Statement
In healthcare centers and overall privacy is the right of every US citizen that should be protected in all its forms by the healthcare organization.
Rationale
1. The purpose of this paper is to identify why security measures are necessary to protect one’s privacy in the medical industry.
2. There are numerous laws, policies and healthcare organizational rules and regulations and statistics that would be helpful for conducting this research.
3. Privacy of a person whether this is me or you, is important then everything. I want to talk on this topic because I think most of us do not know what is happening to us.
4. I have selected textual analysis of books and available internet sources. The reason of this limited research methodology is that I cannot perform field study because of shortage of time.
Rough Draft Ideas
Identity theft in healthcare industry become a common practice and leads to information leakage that may destroy someone’s life. We can eliminate this human right violation by enforcing effective and practical laws. Healthcare organizations should understand their responsibilities and tighten security to protect information of patients.
Table of Contents
Introduction 3
Overview of Privacy Protections with Respect to Medical Records 4
Data Breaches in the Healthcare Industry 5
Healthcare is the biggest Target for Cyber Attack 7
Penalties and Punishments for Hacking Personal Information 9
Penalties 9
Devastating Consequences of Healthcare Data Breaches 10
Conclusion 10
Recommendations 11
Bibliography 12
Introduction
While operating in healthcare organizations need to gather patient’s information that is mostly personal information. It is the moral and legal responsibility of health care organizations to protect the information of their patients and do not share it with people outside of the organization without the patient’s consent. Protecting patient’s information is a crucial element of respect and essential for patients' autonomy and trust in the organization — the US healthcare industry currently facing patient mistrust that is caused because of a lack of trust. When patients experience a lack of confidence they do not share their information with a healthcare professional that causes ineffective treatment. In a 2018 study, Levy, Scherer, Zikmund-Fisher, Larkin, Barnes, & Fagerlin concluded that approximately 81.1% of people withheld medically relevant information from their health-care providers. Patients fail to disclose medically relevant information in front of their clinicians undermine their health and cause patient harm (Levy, 2018).
There are numerous components of patient privacy in healthcare that are personal space, religious and cultural affiliations, physical privacy ...
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxhoney690131
Page 9 of 15
Capstone Project
Yaima Ortiz
IDS-4934
March 1st, 2020
Abstract
Topic:
Privacy- What medical information should be confidential? Who, if anybody, should have access to medical records?
Thesis Statement
In healthcare centers and overall privacy is the right of every US citizen that should be protected in all its forms by the healthcare organization.
Rationale
1. The purpose of this paper is to identify why security measures are necessary to protect one’s privacy in the medical industry.
2. There are numerous laws, policies and healthcare organizational rules and regulations and statistics that would be helpful for conducting this research.
3. Privacy of a person whether this is me or you, is important then everything. I want to talk on this topic because I think most of us do not know what is happening to us.
4. I have selected textual analysis of books and available internet sources. The reason of this limited research methodology is that I cannot perform field study because of shortage of time.
Rough Draft Ideas
Identity theft in healthcare industry become a common practice and leads to information leakage that may destroy someone’s life. We can eliminate this human right violation by enforcing effective and practical laws. Healthcare organizations should understand their responsibilities and tighten security to protect information of patients.
Table of Contents
Introduction 3
Overview of Privacy Protections with Respect to Medical Records 4
Data Breaches in the Healthcare Industry 5
Healthcare is the biggest Target for Cyber Attack 7
Penalties and Punishments for Hacking Personal Information 9
Penalties 9
Devastating Consequences of Healthcare Data Breaches 10
Conclusion 10
Recommendations 11
Bibliography 12
Introduction
While operating in healthcare organizations need to gather patient’s information that is mostly personal information. It is the moral and legal responsibility of health care organizations to protect the information of their patients and do not share it with people outside of the organization without the patient’s consent. Protecting patient’s information is a crucial element of respect and essential for patients' autonomy and trust in the organization — the US healthcare industry currently facing patient mistrust that is caused because of a lack of trust. When patients experience a lack of confidence they do not share their information with a healthcare professional that causes ineffective treatment. In a 2018 study, Levy, Scherer, Zikmund-Fisher, Larkin, Barnes, & Fagerlin concluded that approximately 81.1% of people withheld medically relevant information from their health-care providers. Patients fail to disclose medically relevant information in front of their clinicians undermine their health and cause patient harm (Levy, 2018).
There are numerous components of patient privacy in healthcare that are personal space, religious and cultural affiliations, physical privacy.
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
WE BUILD CORE HANDS-ON ON INFORMATION SECURITY SKILLS FOR ALL LEVELS AND DEPARTMENTS- It has already been two years since hackers shifted their main focus from BFSI sector to healthcare industry aggressively targeting hospitals all over the world, while U.S. is experiencing the most severe threat. How we can help you with HIPPA security and privacy concerns. DO YOU NEED TO INVEST IN INFORMATION SECURITY TRAINING, CONSULTING AND ADVISORY?
“Many organizations security defences have been smacked Their earned reputation within a flash have been jacked Heartless jokes on them by others also have been cracked How come they’re sure that their firms haven’t been hacked?"
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
EXPLORING CHALLENGES AND OPPORTUNITIES IN CYBERSECURITY RISK AND THREAT COMMU...IJNSA Journal
As device interconnectivity and ubiquitous computing continues to proliferate healthcare, the Medical Internet of Things (MIoT), also well known as the, Internet of Medical Things (IoMT) or the Internet of Healthcare Things (IoHT), is certain to play a major role in the health, and well-being of billions of people across the globe. When it comes to issues of cybersecurity risks and threats connected to the IoT in all of its various flavors the emphasis has been on technical challenges and technical solution. However, especially in the area of healthcare, there is another substantial and potentially grave challenge. It is the challenge of thoroughly and accurately communicating the nature and extent of cybersecurity risks and threats to patients who are reliant upon these interconnected healthcare technologies to improve and even preserve their lives. This case study was conducted to assess the scope and depth of cybersecurity risk and threat communications delivered to an extremely vulnerable patient population, semi-structured interviews were held with cardiac medical device specialists across the United States. This research contributes to scientific data in the field of healthcare cybersecurity and assists scholars and practitioners in advancing education and research in the field of MIoT patient communications
Reasons for the Popularity of Medical Record TheftOPSWAT
After a slew of data breaches in 2014, the FBI warned the healthcare industry that cyber-criminals would be directing more attention their way in 2015. The healthcare industry has become an increasingly valuable target for cyber thieves, and in some cases, a much easier target to attack, due to their often less than adequate investment in cyber security. What is it about the healthcare industry that has captured the cyber criminals' interest in the last few years?
This white paper covers various topics including industry data breach statistics, the value of credit card data versus medical record data, healthcare spending on cyber security and the impact of BYOD on industry vulnerability to data breaches. This white paper also highlights various solutions for protecting medical record data including multi-scanning, email security and the protection of endpoint devices.
Systems Thinking on a National Level, Part 2Drew David.docxperryk1
Systems Thinking on a National Level, Part 2
Drew Davidson, Eric Sinclair Banyon, Shady Navarro, Shalamar Santana, Ziomara Pagan, & Stephanie Jean Coute
MHA/505
February 11, 2019
Rachael Kehoe
Running head: SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2
1
SYSTEMS THINKING ON A NATIONAL LEVEL, PART 2
10
Systems Thinking on a National Level, Part 2
Cybersecurity breaches in the Healthcare industry pose a significant threat to those organizations. According to Gordon et al., cybersecurity breaches not only affect the patient’s information but it can also affect the organization's creditability (2017). When an organization creditability comes into question due to a cybersecurity breach, that organization may lose customers due to the fear of their information not being appropriately protected. In Healthcare it is crucial that we understand the impact of cybersecurity breaches. Most of the major hospital in the United States are using electronic medical records (EMR). A lot of hackers are using phishing methods to trick hospital and breaching their security protocol by tricking staff members into disclosing sensitive and personal information (Winder, 2014). Therefore, the following will discuss way cyber security breaches happen in the healthcare industry and way to prevent them from happening in the future.
Cyber Security Breach Diagram
Malicious and Non-Malicious
Cyber security breaches in healthcare can happen in several different ways. These different types of breaches can either be malicious or non-malicious. A malicious cyber security breech in healthcare, is when an individual or individuals purposely hacked into and attack or gain unauthorized access to members PII. Unauthorized access (such as hacking) to protected healthcare systems is the result of malicious behavior, things like holding the system ransom or stealing private information are acts of malicious behavior (Katz, 2018). Penetrating a system manually and disabling the systems defenses or by downloading software programs are other types of malicious behavior. Hacking is a malicious behavior, but just because the system is hack doesn’t necessarily mean any personal information is compromised. A number malicious cyber security breach may not be done intentionally but can cause just as many issues as a malicious cyber security breech. When data is unintentionally left exposed to an authorized access it is a non-malicious behavior. Cyber security breaches in healthcare can be the result of employee error or negligence. In healthcare malicious behavior is a portion of the inflow of cyber security breaches and non-malicious behavior is the portion of the outflow of a cyber security breech.
Eavesdropping
As a group, we have identified a multitude of cybersecurity breaches that are growing concerns amongst the healthcare providers and companies that offer their services to the community. Another one of these concerns’ hails in the form of eavesdropping. Eavesdropping is a d.
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...The Lifesciences Magazine
Ryan Witt, who is in charge of cyber threats in healthcare at Proofpoint, says that this is why U.S. hospital defenses have always been weak. Since attackers learned this, hospitals in the United States have been a top target. Cybercriminals continue to focus on U.S. health care, and hospital information security is always trying to catch up.
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
All healthcare providers should have enough knowledge and sufficient information to understand the potential risk, which can lead to a breach in the Jordanian health information system (Hakeem program). This study aims to emphasise the importance of sharing sensitive health information among healthcare providers, create laws and regulations to keep the electronic medical records secure, and increase the
awareness about health information security among healthcare providers. The study conducted seven interviews with medical staff and an information technology technician. The study results showed that sharing sensitive information in a secure environment, creating laws and regulations, and increasing the
awareness about health information security render the electronic medical records of patients more secure and safe
Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs and application security and transmission protocols are not consistently maintained. Health insurance needs and general financial opportunity has created an emerging market in medical identity theft. Medical offices have the perfect storm of information collection, personal, credit, banking, health, and insurance. Thieves have realized that medical facilities have as much economic value as banks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is a well-hidden information crime. In spite of its covert nature, the catastrophic ramification to the victims is overt. This information crime involves stealing patients’ records to impersonate the patients in an effort of obtaining health care services or claiming Medicare on the patients’ behalf. Unlike financial identity theft, there is a lack of recourse for the victims to recover from damages. Medical identity theft undermines the quality of health care information systems and enervates the information security of electronic patient record.
Why merging medical records, hospital reports, and clinical trial data is a v...Arete-Zoe, LLC
Medical privacy and breaches of personal health information (PHI) has been a hot topic for several years. For the clinical trial industry, the main concerns are decline in recruitment resulting from lack of confidence in data handling and instances of breaches that affect data integrity that adversely affect NDA and MA applications in major markets, which precipitates administrative action taken by national regulators in response to local incidents.
European legislators rely extensively on administrative measures implemented by national competent authorities. Although specific and detailed EU-level legislation exists, specific information about data breaches, cases and incidents, volume and type of affected data, root causes and analysis of consequences is largely missing. According to Howard and Gulyas (2014), this lack of organized event records is currently an empirical obstacle but provides opportunity to generate new knowledge about data and privacy protection that could bolster future trial recruitment.
In the U.S., summary details of breaches that involved more than 500 individuals are available at the OCR portal called Wall of Shame for everyone to analyze. Disclosure obligations in HIPAA made the problem of data breaches in healthcare obvious and protection of the privacy of patients has been an important part of physicians’ code of conduct. This offers lessons learned to mitigate systemic vulnerabilities that undermine trial participation.
Privacy and Security by Design Spotlight Presentation at HIMMS Privacy and Security Forum, December 5th 2016. Presented by Jeff R. Livingstone, PhD, Vice President and Global Lead, Life Sciences & Healthcare, Unisys Corporation.
Healthcare Informatics Industry: 10 Effective Trends | The Entrepreneur ReviewTheEntrepreneurRevie
Here are 10 Trends reshaping the Healthcare Informatics Industry: 1. The development of the CIO and IT staff. 2. The dawn of a new era in cybersecurity. 3. The digitalization of the customer experience and the digital front door. 4. Advances in clinical information technology. 5. The rise of artificial intelligence and machine learning in healthcare.
Similar to (Executive Summary)MedStar Health Inc, a leader in the healthc (20)
(U) WHAT INSIGHTS ARE DERIVED FROM OPERATION ANACONDA IN REGARDS TMoseStaton39
(U) WHAT INSIGHTS ARE DERIVED FROM OPERATION ANACONDA IN REGARDS TO THE NCO COMMON CORE COMPENTENCY (NCOCCC) OF OPERATIONS?
The NCOCCC of Operations is a combination of operational skill sets that, when mastered by senior leaders can save lives and ensure effective unified action. Some of its key tenets include: Large-scale combat operations; understanding operational and mission variables; resolving complex, ill-structured problems with the use of Mission Command; and understanding how to integrate the different branches of the military into successful joint operations (Department of the Army [DA], 2020, pp. 2-3). This final principle of conducting joint operations becomes increasingly important as contemporary conflicts continue to venture further into the realm of multi-domain warfare (Marr, 2018, pp. 10-11). In order to execute such a complex task, Joint Force Commanders (JFC) must “integrate, synchronize, and direct joint operations” through the use of seven Joint Functions (Joint Chiefs of Staff [JCS], 2017, p. III-1). One of these functions, Command and Control, is how the JFC directs the forces toward accomplishment of the mission, and its essential task is to “Communicate and ensure the flow of information across the staff and joint force” (JCS, 2017, p. III-2). This task is critical to the creation of a shared understanding, which allows the separate branches to work seamlessly together toward a common goal. The absence of this unifying component hinders missions and increases casualties. In Operation ANACONDA, JFC Major General (MG) Hagenbeck failed to create such a shared understanding with his subordinate Air Force assets, which contributed to increasing the amount of casualties his forces incurred. Although the warning order was published on 6 January, MG Hagenbeck did not notify the Combined Force Air Component Commander of Operation ANACONDA until 23 February, just days before the operation began (Fleri et al., 2003). This failure to ensure the flow of information across the joint force, caused downstream effects in planning and preparation that led to diminished air support during the initial stages of the operation. As noted by Lambeth (2005) in his comprehensive analysis, “because so little air support had been requested…coalition troops entered the fight virtually unprotected by any preparatory and suppressive fire” (pp. 204-205). Operation Anaconda provides a clear case of how proficiency in the realm of Operations can result in fewer U.S. casualties.
M451: Decisive Action
Case Study Defense Support of Civil Authorities
1. Scenario
Good morning, welcome to VNN -- local officials are celebrating this morning as a new industrial
park is being christened in our community, there’s a ribbon-cutting scheduled for 10am this
morning. Officials say the new Hampton Industrial Park will bring millions of dollars of new tax
revenues and thousands of new jobs to state and local communities. But a group of activi ...
(Remarks)Please keep in mind that the assiMoseStaton39
(Remarks)
Please keep in mind that the assignment states, "Each of your sections’ content must be at least one full page in length, in Times New Roman 12-pt. font, double-spaced, with 1” margins." When you turn something in that is about half of the required length, you take a bit of a double hit. The first hit is for not meeting minimum expectations for the assignment. The second hit is for not going into as much detail as needed to get a high grade. I can see that you are ahead on the sections. That is not a problem as those have not been graded yet. However, understand that as is, they will also have significant point deductions.
1
4
A Pollution Prevention Plan (P3) Pre-Assessment Study
[Student name here…remove brackets]
Columbia Southern University
ENV 4301: Pollution Prevention
[Instructor name here…remove brackets]
[Date here…remove brackets]
Abstract
Block one full paragraph (no indenting the first line or any subsequent lines). Provide one full sentence here for each unit as you complete a level 1 heading section, describing what material or calculations were presented in that section. By the time the Unit VII material is complete, you will have six or seven sentences in this abstract (one for each unit, for Units II–VII).
Pollution Prevention Plan (P3) Pre-Assessment Study
General Operational Characteristics
Start typing here for Unit II in non-italicized font (despite the different font types and sizes allowed with APA 7th edition, please stay in Times New Roman 12-pt. font for this document, since this template is already in that font and size), citing with
CSU APA Citation Guide p. 6 styled citations to defend what you state as fact.
Potential Ecological Health Impacts
Fill this in for Unit II. Remove each blank section before submittal in each unit.
Potential Human Health Impacts
Fill this in for Unit III.
Potential Societal Health Impacts
Fill this in for Unit IV.
Risk Assessment and Regulatory Requirements
Fill this in for Unit V.
Pollution Prevention Technologies
Fill this in for Unit VI.
Engineering Opportunities for Pollution Prevention
Fill this in for Unit VII.
References
Brusseau, M. L., Pepper, I. L., & Gerba, C. P. (2019).
Environmental and pollution science (3rd ed.). Academic Press. https://online.vitalsource.com/#/books/9780128147207
List additional references here alphabetically (you may need to list some before the textbook reference). Be sure to double-space and use a hanging indent for each subsequent line in each reference entry, formatting according to CSU APA Citation Guide pp. 8–11.
1
4
A Pollution Prevention Plan (P4) Pre-Assessment Study
Abstract
This undertaking essentially entails a Pre-Assessment study on behalf of the board of directors at ABC Agriculture Production Inc; it explores the general operational characteristics, potential ecological health effects, potential human health impacts, potential societal health impacts, risk ...
(This is provided as an example of the paper layout and spacMoseStaton39
(This is provided as an example of the paper layout and spacing. No running header required
for this report. Don’t add graphic title pages or additional embellishments. Follow complete
instructions provided for each staged assignment. Note: The BA&SR report is a business
report, and you will be expected to follow the specific formatting guidelines that are shown
in the assignment instructions. This report should be typed and double-spaced on standard-
sized paper (8.5" x 11"), with 1" margins on all sides. You should use a font consistently
throughout the paper. APA recommends using either a sans serif font such as 11-point Calibri,
11-point Arial, or 10-point Lucida Sans Unicode, or a serif font such as 12-point Times New
Roman, 11-point Georgia, or 10-point Computer Modern.
(Title page – centered horizontally and vertically; no running head required)
Title of Report
Company Name
Your Name
Course and Section #
Date of Submission
1
Introduction
(Begin your report with a clear, concise, well organized introduction to explain why you are
writing and what is to come in the complete BA&SR report (not just Stage 1). This should
briefly set the context for MTC – business purpose, environment, and current challenges related
to hiring. Then specifically provide what is to come in the full report. Keep your audience in
mind – this is an internal report for the CIO of MTC. Provide an introduction in one paragraph
that engages the reader’s interest in continuing to read your report.)
I. Strategic Use of Technology
A. Business Strategy
(In this section, you should clearly present – at a broad level – what MTC’s
business strategy is (refer to case study information), then what issues the current
manual hiring process may present that interfere with achieving that strategy, and
how improving the hiring process will benefit MTC and support its business
strategy. (Use two to three strong sentences that explain how the system would
support the strategy and justify your position with specifics from the Case Study.)
B. Competitive Advantage
(First, provide an overview of the competitive environment that MTC is currently
operating in based on information from the case study. Then explain how and
why MTC can use the new hiring system to increase its competitive advantage
and help achieve its overall business strategy. Your explanation should
demonstrate your understanding of what competitive advantage is as well as how
improving the hiring process will help achieve MTC’s competitive advantage.
Include how MTC can use the type of data or information that will be in the
2
hiring system to improve its competitive advantage. (Paragraph of 4-5
sentences))
C. Strategic Objectives
(First, insert an introductory opening sentence for this table. Then, for each of the
rows listed below, complete the table with the requested information. (Pr ...
(Student Name)Date of EncounterPreceptorClinical SiteClMoseStaton39
(Student Name)
Date of Encounter:
Preceptor/Clinical Site:
Clinical Instructor: Grivel J. Hera Gomez APRN, FNP-C
Soap Note # ____ Main Diagnosis ______________
PATIENT INFORMATION
Name:
Age:
Gender at Birth:
Gender Identity:
Source:
Allergies:
Current Medications:
·
PMH:
Immunizations:
Preventive Care:
Surgical History:
Family History:
Social History:
Sexual Orientation:
Nutrition History:
Subjective Data:
Chief Complaint:
Symptom analysis/HPI:
The patient is …
Review of Systems (ROS)
CONSTITUTIONAL:
NEUROLOGIC:
HEENT:
RESPIRATORY:
CARDIOVASCULAR:
GASTROINTESTINAL:
GENITOURINARY:
MUSCULOSKELETAL:
SKIN:
Objective Data:
VITAL SIGNS:
GENERAL APPREARANCE:
NEUROLOGIC:
HEENT:
CARDIOVASCULAR:
RESPIRATORY:
GASTROINTESTINAL:
MUSKULOSKELETAL:
INTEGUMENTARY:
ASSESSMENT:
Main Diagnosis
(Include the name of your Main Diagnosis along with its ICD10 I10. (Look at PDF example provided) Include the in-text reference/s as per APA style 6th or 7th Edition.
Differential diagnosis (minimum 3)
-
-
-
PLAN:
Labs and Diagnostic Test to be ordered (if applicable)
· -
· -
Pharmacological treatment:
-
Non-Pharmacologic treatment:
Education (provide the most relevant ones tailored to your patient)
Follow-ups/Referrals
References (in APA Style)
Examples
Codina Leik, M. T. (2014). Family Nurse Practitioner Certification Intensive Review (2nd ed.).
ISBN 978-0-8261-3424-0
Domino, F., Baldor, R., Golding, J., Stephens, M. (2010). The 5-Minute Clinical Consult 2010
(25th ed.). Print (The 5-Minute Consult Series).
(Student Name)
Date of Encounter:
Preceptor/Clinical Site:
Clinical Instructor: Dr. David Trabanco DNP, APRN, AGNP-C, FNP-C
Soap Note # Main Diagnosis ( Exp: Soap Note #3 DX: Hypertension)
PATIENT INFORMATION
Name: Mr. DT
Age: 68-year-old
Gender at Birth: Male
Gender Identity: Male
Source: Patient
Allergies: PCN, Iodine
Current Medications:
· Atorvastatin tab 20 mg, 1-tab PO at bedtime
· ASA 81mg po daily
· Multi-Vitamin Centrum Silver
PMH: Hypercholesterolemia
Immunizations: Influenza last 2018-year, tetanus, and hepatitis A and B 4 years ago.
Preventive Care: Coloscopy 5 years ago (Negative)
Surgical History: Appendectomy 47 years ago.
Family History: Father- died 81 does not report information
Mother-alive, 88 years old, Diabetes Mellitus, HTN
Daughter-alive, 34 years old, healthy
Social History: No smoking history or illicit drug use, occasional alcoholic beverage consumption on social celebrations. Retired, widow, he lives alone.
Sexual Orientation: Straight
Nutrition History: Diets off and on, Does not each seafood
Subjective Data:
Chief Complaint: “headaches” that started two weeks ago
Symptom analysis/HPI:
The patient is 65 years old male who complaining of episodes of headaches and on 3 different occasions blood pressure was measured, which was high (159/100, 158/98 and 160/100 respectively). Patient noticed the problem started two weeks ago and somet ...
(TITLE)Sung Woo ParkInternational American UniversityFINMoseStaton39
(TITLE)
Sung Woo Park
International American University
FIN 500: Financial management
Vahick Yedgarian, Ph.D., J.D., M.B.A., M.S.
April 15th, 2021
TITLE
According to the market analysis of Walmart, the retail firm is considered an unstoppable retail force. It is ranked as the first or number retail firm and the largest business organization in revenue and employee size. The company's total number of employees is estimated to be 2.2 million employees across its different stores. Apart from the retail business line, it also undertakes wholesale business activities (Tan, 2017). It provides all types of assortment merchandise as well as services for affordable costs. In this research paper, the main objective is to undertake a cash flow analysis statement of Walmart and its Relevance to its investors (Tan, 2017).
A cash flow statement is an important financial statement. A cash flow statement is understood as the financial statement that summarizes the financial or cash amounts. It is a summary of the amount in cash and cash equivalents (Murphy, 2021). In other words, it reflects the amount of cash entering and leaving an organization. The cash flow statement provides measures of a company’s financial strength and reflects its position in terms of revenue (Murphy, 2021). Besides, it helps investors to make the right financial decision.
The cash flow statement is an important financial document to investors. Investors always have a trait of looking at how a company is performing by evaluating the progress, the trends among other issues, and deciding whether to invest in the company. Investment decision-making in an in-depth analysis is usually achieved by looking at the cash flow performance based on an analysis of different elements of the statement.
The cash flow statement for Walmart is an important document to its investors. The cash flow statement of Walmart is an important measure of the profitability of the company. Besides, it provides investors with a clear picture and future projection outlook of how the company will be. Based on the analysis of the company’s cash flow statement company has been recording high levels of revenue over the past few years. As a result, it has been ranked as the largest company in terms of revenue collected. Such a specific entity of the company is a clear reflection that Walmart is indeed a profitable firm in profitability (Tan, 2017). Hence, it is a clear reflection to the investors that the company is making money instead of losses. For instance, over the past few years, the company has recorded a revenue increment and stability. The economic analysis measures the company revenue growth in terms of net sales changes to be 7.2% (WMT | Walmart Inc. Annual Cash Flow Statement | Market Watch. Market Watch, 2021). Such a growth rate is indeed admirable and attractive to investors searching for companies to invest in. The company's revenue level is a general overview and clear or direct instant and r ...
(Student Name) UniversityDate of EncounterPreceptorCliniMoseStaton39
(Student Name)
University
Date of Encounter:
Preceptor/Clinical Site:
Clinical Instructor:
Soap Note # Main Diagnosis ( Exp: Soap Note #3 DX: Hypertension)
PATIENT INFORMATION
Name: Mr. DT
Age: 68-year-old
Gender at Birth: Male
Gender Identity: Male
Source: Patient
Allergies: PCN, Iodine
Current Medications:
· Atorvastatin tab 20 mg, 1-tab PO at bedtime
· ASA 81mg po daily
· Multi-Vitamin Centrum Silver
PMH: Hypercholesterolemia
Immunizations: Influenza last 2018-year, tetanus, and hepatitis A and B 4 years ago.
Preventive Care: Coloscopy 5 years ago (Negative)
Surgical History: Appendectomy 47 years ago.
Family History: Father- died 81 does not report information
Mother-alive, 88 years old, Diabetes Mellitus, HTN
Daughter-alive, 34 years old, healthy
Social History: No smoking history or illicit drug use, occasional alcoholic beverage consumption on social celebrations. Retired, widow, he lives alone.
Sexual Orientation: Straight
Nutrition History: Diets off and on, Does not each seafood
Subjective Data:
Chief Complaint: “headaches” that started two weeks ago
Symptom analysis/HPI:
The patient is 65 years old male who complaining of episodes of headaches and on 3 different occasions blood pressure was measured, which was high (159/100, 158/98 and 160/100 respectively). Patient noticed the problem started two weeks ago and sometimes it is accompanied by dizziness. He states that he has been under stress in his workplace for the last month. Patient denies chest pain, palpitation, shortness of breath, nausea or vomiting.
Review of Systems (ROS)
CONSTITUTIONAL: Denies fever or chills. Denies weakness or weight loss. NEUROLOGIC: Headache and dizziness as describe above. Denies changes in LOC. Denies history of tremors or seizures.
HEENT: HEAD: Denies any head injury, or change in LOC. Eyes: Denies any changes in vision, diplopia or blurred vision. Ear: Denies pain in the ears. Denies loss of hearing or drainage. Nose: Denies nasal drainage, congestion. THROAT: Denies throat or neck pain, hoarseness, difficulty swallowing.
RESPIRATORY: Patient denies shortness of breath, cough or hemoptysis.
CARDIOVASCULAR: No chest pain, tachycardia. No orthopnea or paroxysmal nocturnal
dyspnea.
GASTROINTESTINAL: Denies abdominal pain or discomfort. Denies flatulence, nausea, vomiting or
diarrhea.
GENITOURINARY: Denies hematuria, dysuria or change in urinary frequency. Denies difficulty starting/stopping stream of urine or incontinence.
MUSCULOSKELETAL: Denies falls or pain. Denies hearing a clicking or snapping sound.
SKIN: No change of coloration such as cyanosis or jaundice, no rashes or pruritus.
Objective Data:
VITAL SIGNS: Temperature: 98.5 °F, Pulse: 87, BP: 159/92 mmhg, RR 20, PO2-98% on room air, Ht- 6’4”, Wt 200 lb, BMI 25. Report pain 2/10.
GENERAL APPREARANCE: The patient is alert and oriented x 3. No acute distress noted. NEUROLOGIC: Alert, CNII-XII grossly intact, oriented to person, ...
(Student Name)Miami Regional UniversityDate of EncounterMoseStaton39
(Student Name)
Miami Regional University
Date of Encounter:
Preceptor/Clinical Site:
Clinical Instructor: Patricio Bidart MSN, APRN, FNP-C
Soap Note # ____ Main Diagnosis ______________
PATIENT INFORMATION
Name:
Age:
Gender at Birth:
Gender Identity:
Source:
Allergies:
Current Medications:
·
PMH:
Immunizations:
Preventive Care:
Surgical History:
Family History:
Social History:
Sexual Orientation:
Nutrition History:
Subjective Data:
Chief Complaint:
Symptom analysis/HPI:
The patient is …
Review of Systems (ROS) (This section is what the patient says, therefore should state Pt denies, or Pt states….. )
CONSTITUTIONAL:
NEUROLOGIC:
HEENT:
RESPIRATORY:
CARDIOVASCULAR:
GASTROINTESTINAL:
GENITOURINARY:
MUSCULOSKELETAL:
SKIN:
Objective Data:
VITAL SIGNS:
GENERAL APPREARANCE:
NEUROLOGIC:
HEENT:
CARDIOVASCULAR:
RESPIRATORY:
GASTROINTESTINAL:
MUSKULOSKELETAL:
INTEGUMENTARY:
ASSESSMENT:
(In a paragraph please state “your encounter with your patient and your findings ( including subjective and objective data)
Example : “Pt came in to our clinic c/o of ear pain. Pt states that the pain started 3 days ago after swimming. Pt denies discharge etc… on examination I noted this and that etc.)
Main Diagnosis
(Include the name of your Main Diagnosis along with its ICD10 I10. (Look at PDF example provided) Include the in-text reference/s as per APA style 6th or 7th Edition.
Differential diagnosis (minimum 3)
-
-
-
PLAN:
Labs and Diagnostic Test to be ordered (if applicable)
· -
· -
Pharmacological treatment:
-
Non-Pharmacologic treatment:
Education (provide the most relevant ones tailored to your patient)
Follow-ups/Referrals
References (in APA Style)
Examples
Codina Leik, M. T. (2014). Family Nurse Practitioner Certification Intensive Review (2nd ed.).
ISBN 978-0-8261-3424-0
Domino, F., Baldor, R., Golding, J., Stephens, M. (2010). The 5-Minute Clinical Consult 2010
(25th ed.). Print (The 5-Minute Consult Series).
Nutrition and Diet.
Semester:
Spring
Course:
MSN6150C Advanced Practice Pediatrics
Preceptor:
REYES-CHOUZA, CARLOS
Clinical Site:
IDEAL MEDICAL CENTER
Setting Type:
Patient Demographics
Age:
12 years
Race:
Black or African American
Gender:
Male
Insurance:
Medicaid
Referral:
No referral
Clinical Information
Time with Patient:
25 minutes
Consult with Preceptor:
15 minutes
Type of Decision-Making:
Moderate complexity
Reason for Visit:
New Consult
Chief Complaint:
Felling pressure behaving my eyes
Type of HP:
Detailed
Social Problems Addressed:
Sanitation/Hygiene
Emotional
Prevention
Procedures/Skills (Observed/Assisted/Performed)
Physical Assessment - Physical Assessment (Perf)
General Skills - Vital Signs (Perf)
ICD-10 Diagnosis Codes
#1 -
J01.10 - ACUTE FRONTAL SINUSITIS, UNSPECIFIED
CPT Billing Codes
#1 -
99214 - OFFICE/OP VISIT, EST PT, MEDICALLY APPROPRIATE HX/EXAM; MODERATE LEVEL MED DECISION; 30-39 MIN
Birth & Delivery
Medications
# OTC Drugs taken regularly:
0
# Prescriptions currently pre ...
(Student Name)Miami Regional UniversityDate of EncounterPMoseStaton39
(Student Name)
Miami Regional University
Date of Encounter:
Preceptor/Clinical Site:
Clinical Instructor: Dr. David Trabanco DNP, APRN, AGNP-C, FNP-C
Soap Note #1 DX: Allergic Rhinitis
PATIENT INFORMATION
Name: Ms. JD
Age: 23-year-old
Gender at Birth: Female
Gender Identity: Female
Source: Patient
Allergies: NKDA
Current Medications:
· Cetirizine 10mg/d
· Mucinex-D
PMH:
Immunizations: Tetanus.
Preventive Care: No history.
Surgical History: No history of surgery.
Family History: Father- alive, 60 years old, healthy.
Mother-alive, 54 years old, HTN, hyperlipidemia.
Sister-alive, 20 years old, Asthma.
Social History: Denies alcohol, tobacco or illicit drugs use. College student, lives alone in campus hostels. Physically active and occasionally does exercise.
Sexual Orientation: Active
Nutrition History: Eats balance diet but avoids excessive junk food.
Subjective Data:
Chief Complaint: “stuffy nose” that has lasted for two weeks.
Symptom analysis/HPI:
Ms. JD is a 23-year-old patient who presents with complaints of a stuffy nose, rhinorrhea, congestion and sneezing. She reports a spontaneous start of the symptoms that have remained consistent. Indicates no particular aggravating symptoms but reports higher severity of the symptoms in the morning. She complains of a sore throat and itchy eyes. She reports an all-day clear runny nose. She indicates consistent outdoor handball practice routine. She reports using Cetirizine and Mucinex-D which do not help. She denies vision or taste changes. She denies fever or chills. Denies diagnosis with allergies.
Review of Systems (ROS)
CONSTITUTIONAL: Denies change in weight, fatigue, fever, night sweats or chills. NEUROLOGIC: Denies seizure, numbness or blackout.
HEENT: HEAD: Denies headache. Eyes: Reports itchy eyes. Denies vision change. Ear: Denies hearing loss, pain or discharge. Nose: Admits stuffiness, nasal congestion and clear discharge. Denies nose bleeds. THROAT: Reports a sore throat.
RESPIRATORY: Patient denies breathing difficulties, cough, wheezing, TB, pneumonia.
CARDIOVASCULAR: No palpitations or chest pain. No edema, PND or orthopnea.
GASTROINTESTINAL: Denies nausea, abdominal pains, vomiting and diarrhea. Denies ulcers hx.
GENITOURINARY: Denies change in urine color, urgency and frequency. Regular menses cycle. Denies ovulation pain. Denies hematuria and dysuria.
MUSCULOSKELETAL: Denies back and joint pains or stiffness.
SKIN: No skin rashes or lesions.
Objective Data:
VITAL SIGNS: Temperature: 36.7 °C, Pulse: 78, BP: 119/87 mmHg, RR 20, PO2-97% on room air, Ht- 1.60m, Wt 67kg, BMI 26.
GENERAL APPREARANCE: Healthy appearing. Alert and oriented x 3. No acute distress. Well-groomed and responds appropriately.
NEUROLOGIC: Alert, oriented, posture erect, clear speech. gait. to person, place, and time.
HEENT: Head: Normocephalic, atraumatic, symmetric, non-tender. Maxillary sinuses mild tenderness. Eyes: Bilateral conjunctival inject ...
(Monica)Gender rarely shapes individual experience in isolation buMoseStaton39
(Monica)Gender rarely shapes individual experience in isolation but is instead linked to other social statuses in the effects it has on our lives. The gender distinction reflects what we see as appropriate “masculine” or “feminine.” For example, some societies expect men to be more aggressive and competitive and women to be emotionally nurturing. I was playing with dolls one day and was playing with two dolls: a female doll and a male doll. Upon passing by, an uncle of mine saw me playing with my toys and frowned. When I asked what was wrong, he seemed uncomfortable. In this statement, he suggested that girls should act like girls and play with girlie things, while boys should play with boy things, including boy dolls. The family experiences that taught me about gender and gender roles are vividly in my memory. Throughout my childhood, my mother and father stressed how essential it is for me to understand and know that I am a girl, and I should always act and carry myself accordingly.
I found conversations like that to be overly exaggerated at the time, but I subsequently understood why my parents did what they did. We were a family of six, with five girls and one boy. As a child, my parents, specifically my mother, stressed what clothing the girls wore. Our mother was always careful not to let us wear anything provocative, and we were to get married and have our own families. Girls are often told that it's alright to cry because girls cry, and if I was a boy, I'd be made to suck it up and deal with it. In addition, my mother taught me that women nurture and that we take care of the home, including cooking, cleaning, and taking care of the children. As girls, we could not play any sports that were deemed "too rough" or to be performed by boys. From a young age, we chose professional careers. All these careers involved female dominating industries, such as nursing, teaching, caretaking, and hairdressing. They all contributed to the construction of my gender.
Multiple ways are available to conceptualize gender; essentialists see it as a binary division, which classifies you as male or female at birth. In contrast, mainstream social scientists take a constructionist approach to gender. Page 242 argues that gender is a constructed concept that has been shaped through culture and history. Finally, people internalize the social expectations they are introduced to.(Ferris & Stein, 2020) (Links to an external site.)
Resources
Ferris, T., & Stein, J. (2020). Chapter 9/ Page 242. In The Real World: An Introduction to Sociology (7th ed., pp. 236–242). essay, W.W. Norton.
...
(Monica) A summary of my decision-making process starts with flippMoseStaton39
(Monica) A summary of my decision-making process starts with flipping through ads to find a job, I was concerned with what companies offered for pay, the type of work I would be doing, and how long would the job last. There were a few companies that were only looking to hire temporarily and again not an ideal situation if I am already concerned with having a steady income. Between the three ads, Office temp, a server at a restaurant making $2.13hr plus tips with hours varying, and a warehouse position, starting at $14Hr with hours from 12 pm to 7 pm. I chose to pick the warehouse position since it offers the most money and a set schedule. Continuing with the simulation, my monthly take-home pay after taxes is $1,224, making my weekly pay only $306. Ideally $1,224 is not enough funds to help sustain a family, barely one person. During this time, I have to pick my insurance, which is a requirement through the Affordable Care Act. Luckily my child is covered and I picked the cheapest plan that I could afford, the bronze plan and it costs $303 a month, which averages to almost $76 a paycheck. I have to ensure I have a place to live, paying rent over $720 and traveling puts my monthly rental and traveling costs at more than 800 dollars a month. The results of me living further away from my job, so that my rent is lower also increased gas costs. According to the simulation, every working household that saves a dollar spends 77 cents on transportation. My balance jumps from $1000 to $192 after paying rent only to find out my apartment is too small for my things, so I chose to have a yard sale. I only made $150 from the yard sale and made the decision to get paid by the piece, since I am barely making a living wage on an hourly paycheck, and in doing so my paycheck decreased by 25cents. I skipped my grandfather’s memorial service because I can not afford to travel, I paid $25 to replace a broken item I fixed, even though considered hiding the evidence. Grocery shopping is next on my to-do list, spending only 30 for things I needed, I felt was hardly enough food, but could not really afford to splurge and spend on extra things. During this time my stress levels are at an all-time high, but I turn the offer for a cigarette down because I do not want to get addicted. As a result, the simulation states there is a misconception that smoking relieves stress during difficult situations in life.
Now that I have come to payday, I decided to start my fitness journey by asking a friend to be my running partner. On the way to work, something blew in the car and needed to get fixed, and asking a friend to look at the issue saved money. The landlord decided to raise rent and $150 had to be paid or I could spend more on legal fees fighting it in court. On the way out to work, someone stole my gas from my car, so I had to make the decision to take the bus and the result where it took me three buses and fives times longer to get there, making me miss a few hours of p ...
(Note This case study is based on many actual cases. All the nameMoseStaton39
(Note: This case study is based on many actual cases. All the names used are made up, and any relation to actual people or events is purely accidental and coincidental.)
Addictions Case Study: Narrative
Presenting Problem:
Marci is a 22-year-old female college student who was arrested five months ago for driving while impaired with a blood alcohol level of 0.13. She was also charged with possession of a small amount (about 1 gram) of marijuana. Her license was suspended, but she has driving privileges to get to school/work and back.
Drug History and Current Patterns of Use:
She has smoked cigarettes since age 16 and currently smokes one pack daily. Marci stopped smoking cigarettes for six months one year ago, but she presently does not plan to cut down or quit.
She has five prescription pills (Xanax) for depression and anxiety that were given to her by a college classmate (for whom they were prescribed). Marci shared that she had been struggling with feelings of sadness and worrying too much about two months ago. She hasn’t taken them yet, but has considered trying them.
Marci first experimented with marijuana during her senior year of high school (age 17), with her use becoming more regular after she entered college. Marci was first introduced to marijuana by her high school boyfriend, who used it every day along with alcohol on the weekends.
While she started drinking wine with her family when she was 13, she started to
EDCO 740
Page 2 of 2
“seriously” drink starting around 18-years-old. She currently drinks four or more alcoholic beverages (usually wine or wine coolers; sometimes beer) three to four times a week and had been smoking marijuana two to three times a week for one year. Her usual pattern was to go on weekend binges, starting to drink and smoke on Friday evenings until 2:00 a.m. She would then have a glass or two of wine around lunchtime on Saturday, smoking a joint or two with a couple of friends during Saturday afternoons prior to attending college sporting or social events. She would then go to parties with friends on Saturday evenings, typically consuming six to seven cans/bottles/cups of beer and sharing several joints of marijuana with others. She had also started to consume energy drinks (Red Bull, Monster, etc.) when she drank beer at these parties to get an added “boost” to her high.
During the past two months, she has sometimes had one to two glasses of wine (she also used to smoke half a joint of marijuana with it) when alone on school nights. On the mornings after she used alcohol, Marci tended to sleep in and cut class, but not every week. Her recreational and social interests had increasingly involved the use of alcohol and marijuana, now since her arrest, it is mainly alcohol (although she still desires to smoke cannabis). Recently, Marci has begun to express concern to her friends about “feeling depressed and anxious,” but she reports no suicidal ideation or panic attacks. She is also concerned since sh ...
(Individuals With Disabilities Act Transformation Over the Years)DMoseStaton39
(Individuals With Disabilities Act Transformation Over the Years)
Discussion Forum Instructions:
1. You must post at least three times each week.
2. Your initial post is due Tuesday of each week and the following two post are due before Sunday.
3. All post must be on separate days of the week.
4. Post must be at least 150 words and cite all of your references even it its the book.
Discussion Topic:
Describe how the lives of students with disabilities from culturally and/or linguistically diverse backgrounds have changed since the advent of IDEA. What do you feel are some things that can or should be implemented to better assist with students that have disabilities? Tell me about these ideas and how would you integrate them?
ANOVA
ANOVA
• Analysis of Variance
• Statistical method to analyzes variances to determine if the means from more than
two populations are the same
• compare the between-sample-variation to the within-sample-variation
• If the between-sample-variation is sufficiently large compared to the within-sample-
variation it is likely that the population means are statistically different
• Compares means (group differences) among levels of factors. No
assumptions are made regarding how the factors are related
• Residual related assumptions are the same as with simple regression
• Explanatory variables can be qualitative or quantitative but are categorized
for group investigations. These variables are often referred to as factors
with levels (category levels)
ANOVA Assumptions
• Assume populations , from which the response values for the groups
are drawn, are normally distributed
• Assumes populations have equal variances
• Can compare the ratio of smallest and largest sample standard deviations.
Between .05 and 2 are typically not considered evidence of a violation
assumption
• Assumes the response data are independent
• For large sample sizes, or for factor level sample sizes that are equal,
the ANOVA test is robust to assumption violations of normality and
unequal variances
ANOVA and Variance
Fixed or Random Factors
• A factor is fixed if its levels are chosen before the ANOVA investigation
begins
• Difference in groups are only investigated for the specific pre-selected factors
and levels
• A factor is random if its levels are choosen randomly from the
population before the ANOVA investigation begins
Randomization
• Assigning subjects to treatment groups or treatments to subjects
randomly reduces the chance of bias selecting results
ANOVA hypotheses statements
One-way ANOVA
One-Way ANOVA
Hypotheses statements
Test statistic
=
𝐵𝑒𝑡𝑤𝑒𝑒𝑛 𝐺𝑟𝑜𝑢𝑝 𝑉𝑎𝑟𝑖𝑎𝑛𝑐𝑒
𝑊𝑖𝑡ℎ𝑖𝑛 𝐺𝑟𝑜𝑢𝑝 𝑉𝑎𝑟𝑖𝑎𝑛𝑐𝑒
Under the null hypothesis both the between and within group variances estimate the
variance of the random error so the ratio is assumed to be close to 1.
Null Hypothesis
Alternate Hypothesis
One-Way ANOVA
One-Way ANOVA
One-Way ANOVA Excel Output
Treatme
(Kaitlyn)To be very honest I know next to nothing about mythology,MoseStaton39
(Kaitlyn)To be very honest I know next to nothing about mythology, it has never been something that I have had around me or taught in school, I guess it was one of those subjects that got kind of, overlooked. But history is history and in my opinion, it’s important to know what happened in the past to prevent future mishaps or wrongdoings. Therefore I don't know anything about mythology to start, but I am eager to learn more about all these different gods, goddesses, etc., and am surprised to find out that entire towns or civilizations would support the myths or people I am reading about.
The gods and goddesses seem to all have their sanction of what was claimed as their own, one wraps his arms around the earth floating the continents with his aqua arms, and another is essentially the undertaker and decides whose soul belongs where. The people are peasants and they are unequal to those that are considered the higher power, they are the protected and shall not reach out to become a protector. From what I have read it doesn't seem like the gods step on each other’s territory or have competitions to push each other out, it seems as though all that made it up there are respected and get to look down on those that are less than them.
While reading I noticed that there is a bit of a divide between men and women the same as we have today. A big part of societal issues today is gender equality and the general outlook on how each gender is portrayed without any prior information. Men are supposed to be large, strong, and tall, to protect and conquer for the interest of mankind. Women are supposed to be dainty and spread love, make a house a home, and show endearing qualities. I can see the reverse argument for Cupid who is the God of Love being that Eros is a male, being portrayed as the, "fairest of the deathless gods," (Hamilton, 36) but that is one instance in an array of different people. It seems that even though we have come a long way to today with working on gender-specific stereotypes, for these "myths" to be ancient and long ago, it doesn't seem like we have come that far. Yes women are seen as loving and they can be attractive to people around them, but in the man’s brain, they are simply there to be of service to the man, and to man the home when they are not present. It's interesting because even though the language of the reading may be hard for me to get used to, being that it is not in modern English, I can still very well understand one thing. Women like Aphrodite would "...[laugh] sweetly or mockingly at those her wiles had conquered, the irresistible goddess who stole away even the wits of the wise" (Hamilton, 32). Being a woman I translated this to essentially smiling in the faces of those who either are factually in the wrong, or have done wrong to you, and that is something that is still very much alive today. From history, we know that women were seen as property or disposable at the discretion of the man that homed her, and f ...
(Harry)Dante’s Inferno is the first of the three-part epic poem, DMoseStaton39
(Harry)Dante’s Inferno is the first of the three-part epic poem, Divine Comedy, written by Dante Alighieri. The Inferno depicts Dante’s journey through Hell, accompanied and guided by the ancient Roman poet Virgil. In his poem, Dante describes Hell’s topography consisting of nine circles, each representing the seriousness of the sin committed by its offenders, these sins are categorized (by the Catholic Church), grouped, and commonly known as the nine deadly sins. Each level of Hell represent places of torment where the first level is home to less serious offenders, and increase in severity in each circle. As they go deeper into each level, our characters, Dante and Virgil encounter offenders within each ring of hell who have committed more serious offenses and the sins are more egregious. We find that the lowest part of hell houses the betrayers, and punishment here is more severe. Punishment in the poem is handed out in a poetic justice fashion Dante calls contrapasso. In this last (deepest) level or ring of Hell the betrayers of Julius Caesar: Brutus and Cassius are prime tenants, along with Judas, who had betrayed Jesus.
As I read this poem, I can agree with how Hell was organized, and as it sits currently, those guilty of child sexual abuse could reside along with those who are being tortured in the second circle: Lust. But Dante seemed to portray these sins as less severe. But personally, I think that those guilty of committing child sexual abuse should be in the ninth circle of Hell, along with those committing treachery because what is child sexual abuse if not treachery! It is treacherous against the innocent children, who fall betrayed by those who they must respect and obey (adults or those older then they), it is an act of treason to the victim who may have trusted the person committing such a heinous act. But after much contemplation, I still cannot agree with this placement. Child sexual abuse and child sexual assault is, in a very real way, equal to those types of betrayals. The innocence of a child makes those crimes so bad that I feel so uncomfortable writing about. As defined on their website, child sexual abuse includes: any sexual act between an adult and a minor, or between two minors, when one exerts power over the other, forcing, coercing or persuading a child to engage in any type of sexual act, non-contact acts such as exhibitionism, exposure to pornography, voyeurism, and communicating in a sexual manner by phone or Internet. In Dante’s world, those guilty of child sexual assault are far more wicked than those guilty of other sexual sins, and even worse than those guilty of aberrant sexual behavior (as it was understood at the time). Therefore, these sinners would have their very own special place below the ninth circle.
For sinners tormented in the tenth circle, the torture must be as gruesome as the act committed by the sinners. For someone who has committed such a abominable act as is child sexual abuse, assault, ...
(Lucious)Many steps in the systems development process may cause aMoseStaton39
(Lucious)Many steps in the systems development process may cause a project to balloon out of control, affecting the scope's size, where the budget and timeline remain the same. Unfortunately, this is a widespread problem known as scope creep during an IS development. Scope creep is an unexpected demand that moves a project past its predetermined limits. Projects are always documented with a planning outline, which covers in-depth details on boundaries, schedules, major deliverables, time, and budget. Unfortunately, individuals involved in the project may intentionally or unintentionally cause a project to not meet its goals due to the unpredictable nature of adding tasks to a project in progress. Project managers can ensure that the scope is clear by referring to the project planning outline, where all the boundaries and parameters of the project stipulate all deliverables. Spending extra time finalizing the plan can dial in a clear and detailed scope for everyone involved in the project. A project manager needs to engage directly with the clients by speaking with them and thoroughly walking them through all the parameters and deliverables. Closely collaborating with clients throughout the various stages of the project can prevent hiccups that may occur. If issues arise during project development, it is always best to be transparent with the client about every problem. Being able to work through solutions with clients will ease the anxieties as strategies are planned. To ensure deliverables are to the client's expectations, necessary features should be identified as critical for delivering a usable end product. For example, managing a scope creep can be difficult if not handled correctly. However, managing change in a project development does not have to be a battle of wills. Knowing how to address change can be beneficial. It can be outlined in the project planning document with parameters that will deliver the best product for the client without derailing the project. (Joseph S. Valacich, 2015)
REFERENCES
Joseph S. Valacich, J. F. (2015). Essentials of Systems Analysis and Design Sixth Edition. Pearson Education, Inc.
i1v2e5y5pubs
W21153
NEDBANK GROUP: LEADERSHIP AND ADAPTIVE SPACE FOR
DIGITAL INNOVATION
Caren Scheepers, Jill Bogie, and Michael Arena wrote this case solely to provide material for class discussion. The authors do not
intend to illustrate either effective or ineffective handling of a managerial situation. The authors may have disguised certain names
and other identifying information to protect confidentiality.
This publication may not be transmitted, photocopied, digitized, or otherwise reproduced in any form or by any means without the
permission of the copyright holder. Reproduction of this material is not covered under authorization by any reproduction rights
organization. To order copies or request permission to reproduce materials, contact Ivey Publishing, Ivey Business Sch ...
(Eric)Technology always seems simple when it works and it is when MoseStaton39
(Eric)Technology always seems simple when it works and it is when it fails that we see how complex these physical and virtual spiderwebs truly are. Networks can fail due to multiple reasons, namely lack of redundancy and failover. This can be in the form of backup servers and switches that can activate when primary hardware fails or backup power supplies for when there are failures outside the network hardware. Hardware runs firmware and software, which needs to be updated. Forgetting to keep it updated can also lead to issues with loss of efficiency or complete failure.
I work for the Texas Department of Criminal Justice, and one of the common LAN issues that we have on our units is outdated hardware. The units suffer daily from bandwidth problems since the physical cables that are run throughout the building(s) are incredibly outdated. This means that the physical network cannot handle the data required for daily business. Another issue with LAN design is the lack of continuous testing. You should plan to test your networks on a regular basis to ensure that they are continuing to function as intended and plan for unscheduled testing after large increases in company growth.
Introduction
On a cold winter morning in 2006, Jeff Ryan sat in his office steaming over the fax he had just received from his long-time distribution partner. This could easily be the last straw for the company, as what choice did he have since this partner was responsible for the sales and distribution of over 95 percent of their product? The fax had come on the heels of a highly charged discussion with this distributor just two days earlier, which had been tense but ended with the distributor assuring Jeff that they would continue their exclusive arrangement with Versare. At the meeting, Jeff aired his concerns about the distributor’s lack of interest in the business, the cost increases for Versare, and the distributor’s poor receiving and order-taking processes, which cause expensive and unnecessary extra work on wall bed installations. As Jeff walked out of the meeting, though, he was assured by the distributor’s president that they were maintaining the exclusive arrangement. “We give you our word. Everything goes through you,” he assured Jeff.
So, despite the tensions, he felt good about the agreement that had been reached two days earlier. But this fax changed everything. Sent to Versare by mistake, the fax was intended for a competitor, and it included a large order for the same product that the distributor had promised would come only from Versare. Jeff quickly realized that the distributor’s assurances of two days earlier had been a lie. In his head, he could already hear the president saying, “It’s just business you understand.” While he did understand, he also knew that this relationship accounted for nearly all his company’s revenues. In hindsight, this may not have been smart, but in the early days it had been the only way to get the company’s product to t ...
(ELI)At the time when I first had to take a sociology class in higMoseStaton39
(ELI)At the time when I first had to take a sociology class in high school, I was staunchly anti-feminism, as I felt it was unnecessary in first world countries and primarily focused on encouraging immodesty and considering women to be worth more than men. At that time, my only education on feminism or feminist issues had come from my parents during homeschooling. I clearly remember getting into a heated debate with a classmate whom I considered "the feminist equivalent of a vegan," (referring to the stereotypical joke, "How do you know if someone is a vegan? Don't worry, they'll tell you,") and I told her I simply could not see any situations in real life where women aren't being represented without a real reason. She introduced me to the term Bechdel Test, and encouraged me to spend a few weeks watching my usual shows, but counting how many times the female characters spoke to each other about anything other than men.
As my understanding of feminism and of the world around me has evolved, I have seen an increase in media that passes the Bechdel Test, but have also been surprised to find it is significantly less common than I expected. Additionally, the Bechdel Test only looks at named female characters who discuss something other than men. It does not look at factors of race, sexuality, topics of conversation, or visual presentation. Some argue that although media increasingly passes the test, the quality of that media is lacking and therefore the value of the Bechdel Test does not hold up (How does the Bechdel Test measure up in evaluating film representations of women, 2021). More detailed studies show that women remain underrepresented in media, both behind and before the camera (Smith et. al, 2016). The female characters that are portrayed in trend towards being young and traditionally attractive, reinforcing the "ideal" image as the standard and further raising the standard for the average woman. Additionally, women of color and women belonging to other racial or social minority groups are even less visible, impacting the expectations that society has of women based on how they are shown, and influencing what women consider "normal" in themselves.
How does the Bechdel Test measure up in evaluating film representations of women? (2021, April 19). UWIRE Text, 1.
Smith, S., Choueiti, M., & Pieper, K. (2016). Inclusion or invisibility? Comprehensive Annenberg Report on diversity in entertainment. Media, Diversity & Social Change Initiative. USC Annenberg School for Communication and Journalism.
...
(Diquan)Analog Transmission of Digital DataBefore describing theMoseStaton39
(Diquan)Analog Transmission of Digital Data
Before describing the analog transmission of digital data there are a few terms that we should be familiar with, modem, encoding and carrier wave. A modem is modulator, demodulator device that converts digital to analog and analog to digital. Encoding is the conversion of data to a format required and in this case the conversion of digital data to analog data. Carrier wave is a basic wave of constant frequency transmitted through a circuit.
To transmit digital data in an analog format first you must be connected to a modem which encodes the data and converts the digital data into analog data. It does this by populating the analog signal with a carrier wave and modulating the characteristics of the carrier wave which allows for the analog data to be encoded to digital data and digital data to be decoded to analog.
Digital Transmission of Analog Data
An example of the digital transmission of analog data would be Voice over IP (VOIP) or a more modern and relatable example would be a Zoom meeting. This is done through a couple different technologies a Codec and Pulse-code modulation (PCM). Codec stands for Code, Decode and it is a device or software that converts analog signal into digital form and vice versa. PCM on the other hand converts analog to digital by sampling the analog signal at regular intervals, measuring the amplitude of each sample, and then encoding or quantizing the amplitude as binary data. Through this sampling analog data such as your voice is encoded into digital data via the technologies previously mentioned.
Reference:
Samoilenko, S. (n.d.). Physical Layer: Data and Data Transmission.
...
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
(Executive Summary)MedStar Health Inc, a leader in the healthc
1. (Executive Summary)
MedStar Health Inc, a leader in the healthcare industry
regionally and nation-wide, is a constant target of the malicious
attempts of cyber criminals. Over the past 6 years MedStar
Health Inc. has faced several instances of data breach most
notably, the 2016 breach that compromised 370 computer
systems and halted its operations. As the organization continues
to digitize and broaden the use of electronic medical records
across its facilities, the threat of cyber-attack remains even
more pervasive. The purpose of this report is to provide an
overview of MedStar Health Inc cybersecurity vulnerabilities,
examine the overall causes and impact of the breaches and
explore solutions to meet the organization’s cybersecurity
challenges.
With a focal point on MedStar Health breaches, a literature-
based study was conducted, and various news articles, academic
journals and company publications were analyzed. It was found
that the 2016 and 2020 data breaches were attacks on the
organization’s internet servers. The 2020 hack compromised the
records of 668 patients, whereas the 2016 hack was a result of a
ransomware infection that compromised 7500 individuals’
records and halted the organizations’ operations. The cost of the
virus infection was greater than the $19,000 ransom requested
due to additional recovery and remediation costs. It was also
revealed that the 2019 breach was due to human error.
To best combat the efforts of cyber criminals, it is
recommended that MedStar Health Inc. place greater emphasis
on cyber awareness training for employees/professionals,
implementing multiple factor authentications and a strong
password and identity management system to reinforce its IT
infrastructure against future hacks. Failure to effectuate these
measures pose significant risk to MedStar Health Inc., its
affiliates and patients that extend beyond ransom payments,
2. fines, imprisonment, lawsuits and costs incurred for subsequent
identity theft protection services. The damage caused by data
security breaches may prove fatal for patients, the company’s
most valued asset, compromising public perception and the
company’s mission to provide the highest quality of medical
care and build long-term relationships with the patients they
serve.)
Actual Technical Report
MedStar Medical Vs. Cybercrime
In the health sector, experts "see persistent cyber-attacks as the
single greatest threat to the protection of healthcare data"
(Moffith & Steffen, 2017). To the world at large, this is not the
most absurd news or revelation. Healthcare data embodies some
of the most marketable information, and for the black market
this is Eldorado – the fictional tale of the city of gold.
Healthcare organizations are tasked with fighting the uphill
battle of providing quality medical care to their number one
stakeholder – patients – while also ensuring that their valuable
information is kept safe and secure. Despite their efforts,
healthcare organizations sometimes fail in their attempts to
provide adequate security. In 2016, MedStar Health – a not-for-
profit healthcare organization – suffered a data breach that left
thousands of residences of the Washington DC and the
Maryland area distraught. This paper highlights the concerns
faced by MedStar Health and the damage caused by these cyber -
attacks. It also analyses various vulnerabilities seen in the
healthcare sector and highlights needed comprehensive security
perspectives and industry-proven security systems to provide
recommendations on how MedStar Health can potentially face
these challenges.
MedStar Health's Bio
MedStar Health offers "the highest quality care for people in
Maryland, Virginia, and Washington, D.C.," solidifying its
reputation as a leader in the healthcare industry both regionally
and nationally (MedstarHealth, 2021). The organization
3. operates ten hospitals and over twenty health-related
businesses, including ambulatory care, urgent care centers, and
a research institute across the Washington, DC, and Maryland
area. It also currently employs 30,000 associates, 6,000
affiliated physicians and has one of the largest graduate medical
programs in the country, where more than 1,100 medical
residents are trained annually (MedStar Health, 2021). Also,
MedStar Health is the medical education and clinical partner of
Georgetown University.
The 2016 Breach
On March 28, 2016, MedStar Health was a victim of a data
breach that brought the medical "behemoth" to a standstill (Cox
et al., 2016). This attack forced the institution to power down
critical infrastructure and processes for several days to slow the
virus's spread. Specifically, the cybercriminals used a
ransomware attack to encrypt the organization’s data and
infected critical systems. The Washington Post describes this
crime as being "financially motivated, [where] the hackers make
demands that put their victims in a difficult spot…, [targeting]
critical data — such as patient records — then ask for a ransom"
in exchange for decrypting the compromised data (Cox et al.,
2016).
Consequently, as a result of this attack, ten hospitals and over
twenty medical centers were pushed back to the primitive means
of operation, slowing down overall productivity and affecting
thousands of patients. NBC News reported that thousands of
MedStar's patients with appointments were greeted with the
voice message, "Our computer systems are still down, so we
need you to bring a list of current medications and a list of
allergies" (Williams, 2016). The impact of this ransomware
attack was truly daunting, as it denied health care professionals
access to information and resources needed to perform their
duties--it ultimately hindered the organization’s ability to fulfill
its mission of providing quality healthcare to its patients.
The 2019 Accidental Data Leak
On July 22, 2019, MedStar Health's Privacy Director, Mutanu
4. Mutuvi-Thomas, reported to the Attorney General that their
organization experienced an accidental data leak on June 19,
2019, where confidential information was shared. In an email
describing the incident, the Privacy Director explained the
accident and the course of action taken to remediate the issue.
When the mistake was realized, strict instructions were
immediately issued to the recipients of the accidental email to
securely delete the document from their emails and trash
receptacles. To prevent further disclosure of the sensitive
information, legal documents were then issued to the recipients
to sign confirming the deletion (MedStar Health, 2019).
Additionally, the affected residents were "offered one year of
complimentary credit monitori ng and identity theft protection
services through Experian" (MedStar Health, 2019). This was a
valiant effort on MedStar Health’s part, in protecting not only
their patients, but also the care providers in light of this
exposed vulnerability. Although this incident was reported in
the 2019 End of Year Data Breach Report by ITRC (Identity
Theft Resource Center), there was no additional information
available, as it was discreetly handled internally.
The Healthcare and Cybersecurity
Healthcare information is precious, as it encompasses a holistic
view of a person's health, and thus, the health of the wider
community. This information is used to determine medical
treatment and policies that ultimately influence the standard of
living at large. Not too long-ago medical information was stored
as physical files and was accessed through manual processes.
This of course posed unique challenges regarding data
communication, efficiency, accuracy, and security –
demonstrating a need for the digitization of health files (Touro
College Illinois, 2021).
"Today, healthcare information is widely collected, stored,
accessed and transmitted digitally, thanks in part to the Health
Information Technology for Economic and Clinical Health
(HITECH) Act" (Touro College Illinois, 2021). This act
promoted the widespread use of electronic health records (EHR)
5. and health information exchange (HIE) to share and store
healthcare information. This shift in handling medical data
created, without question, overall improvements to healthcare,
as health records are updated in real-time and patients are
treated with more efficiency. "As healthcare information
…migrated to the digital environment, it [became] highly
valuable and therefore vulnerable to cybercriminals on the dark
web" (Touro College Illinois, 2021). Healthcare cybersecurity
laws were then introduced with guidelines to follow set forth by
the Health Insurance Portability and Accountability Act of 1996
(HIPAA) to protect patients' information.
Findings
Cyber threats to the healthcare industry continue to be a major
problem. Organizations have reported more instances of data
breach with the increasing use of EHR. While the scope of the
threats remains unknown, the industry in most recent years have
taken more steps than ever before to close the gap. In this
section, the researchers aim to provide an overview of the
health sector's cyber concerns and the various data breaches
experienced by MedStar Health
How Serious is the Cyber Concern?
Between 2009 and 2016, there were 1,798 data breaches
reported; of which 1,225 were reported by health care providers.
Also, of 257 reported breaches 216 were hospitals, and at least
33 of those facilities were involved in multiple cyber incidents
(Schmeelk et al., 2021). Within 2010 and 2013, studying a
dataset of 949 breaches recorded by the Office of Civil Rights
(OCR), there were more than 29 million compromised health
records (Schmeelk et al., 2021). Figure 1 below highlights the
five categories of breaches recorded by OCR between June 2019
to June 2020: "Hacking/I.T. Incident reports totaling 264
breaches, Improper Disposal totaling 12 breaches, Loss totaling
11 breaches, Theft totaling 27 breaches, and Unauthorized
Access/Disclosure totaling 102 breaches" (Schmeelk et al.,
2021).
Figure 1
6. Breach Types between June 2019 to June 2020 (Schmeelk et al.,
2021).
Moreover, within the exact timestamp of June 2019 to June
2020, there were three significant data breaches within the
healthcare sector. On July 1 of 2019, Optum360 LLC. reported a
breach affecting 11,500,000 individuals and days later, July 15
of 2019, Clinical Pathology Laboratories Inc. also reported a
breach that affected 1,733,836 individuals. Both breaches were
the result of an attack/ hack of their IT Network Servers.
Additionally, on February 5 of 2020, Health Share of Oregon
declared a data breach that affected 654,362 individuals due to a
laptop theft (Schmeelk et al., 2021).
The seriousness of these concerns is seen in figure 2, which
highlights the number of U.S. residents affected by healthcare
data breaches between 2014 to 2019. As reflected, 113.2 million
U.S. residents were affected by cyberattacks in 2015. In 2020,
surprisingly, only 23.5 million affected U.S. residents were
impacted by cybercriminals' acts, despite the Covid 19
pandemic (Johnson, 2021). Nevertheless, this is still a
substantially large number of individuals affected as result of
data breaches in the healthcare sector.
Figure 2
The number of U.S. residents affected by health data breaches
from 2014 to 2019, in millions (Johnson, 2021).
MedStar Health's Data Breaches
Over the last six years, MedStar Health faced three major data
breaches that have heightened concerns surrounding the
organization’s cybersecurity posture. The data breach of 2016
left 10 MedStar Health hospitals and 250 outpatient centers in
the Washington DC and the Maryland area at a standstill. Their
entire infrastructure was victim to the ransomware attack.
According to the Indian Health Services (IHS), 7,500
individuals were affected by this 2016 data breach, and a
ransom of USD 19,000 was requested –which was not paid. The
2019 cyber threat came from an internal error that leaked
7. "sensitive personal information of residents to a class of new
intern physicians" (MedStar Health, 2019). This case was
handled internally, and there are no reports of any further
damage caused by this internal threat. Finally, according to
OCR, on September 25, 2020, 668 individuals were affected by
a network data breach, categorized as an I.T./ Hacking incident,
at MedStar Health. Unfortunately, there was no additional
information posted online concerning this breach, as it is
currently filed under the OCR section of presently under
investigation.
Discussion
In the age of technological advancements, preparedness is vital
when facing the daunting reality of the capabilities embodied by
cybercriminals. MedStar, along with many other medical
facilities, learned this truth the hard way with the
implementation of electronic health records. Craig DeAtley, the
organization's director of emergency management, commented
on the need for better preparations in light of the 2016 data
breach in an interview. He said, "[w]e were practiced at
individual workarounds, but we had never really rehearsed
losing everything, much less all at once, … [Y]ou need to
exceed your comfort level to prepare for a problem this vast"
(Hall, 2016). MedStar Health and healthcare providers need to
keep up with modern cybersecurity practices, regular cyber
awareness training, and up-to-date system infrastructures to
embody this readiness.
In the 2016 cyberattack, several infrastructure resources were
rendered useless because of the virus. The Ransomware that
crippled the hospital's systems restricted access to essential
EHR, leaving thousands of patients without sufficient care. In
the realm of cybersecurity, the CIA triad are core principles of
information security that assist in the discussion and
implementation of measures to turn the tides of this uphill
battle. In essence, these principles help with the needed
preparedness. The CIA triad's core principles ensure that data
remains confidential, maintains its integrity, and access to
8. required information is always available. These principles will
guide the proposed recommendations for MedStar Health on
ways to improve their I.T. systems.
Insider Threats
MedStar Health suffered an external attack in 2016, and
the damage was substantial. However, this gateway was made
possible by human error, and thus cyber harm can be done from
within any organization, whether it be malicious or through
careless actions. This act is referred to as an Insider Threat.
Through these thoughtless or malevolent actions, health records
are compromised, and in turn, patients suffer. More so, these
actions often, more times than not, expose the vulnerabilities in
the CIA triads, endangering "confidentiality, integrity, [and] or
availability of the organization's information or information
systems" (Mazzarolo & Jurcut, 2019). In the case of MedStar
Health, in 2016, employees' access to their systems was
restricted, removing the availability of needed PHI, and the
integrity of the data was potentially compromised.
Understanding the seriousness of the insider threat can
ultimately help protect MedStar Health against these
vulnerabilities.
Typically, when a breach is revealed on the news or reported to
the OCR, it is usually due to an outsider. However, thoughtless
action can prove more lethal. The 2019 data leak at MedStar
Health of residents' confidential information is an example of
insider threat, as this was a careless act that exposed PHI. "The
hazards that originate from inside [an organization are more]
difficult to prevent and detect because insiders pose a serious
danger as they are familiar with the organization's… systems…,
and policies, and they have access to confidential information"
(Mazzarolo & Jurcut, 2019). Although the 2019 incident was
accidental, it doesn’t take away from the potential threats
mistakes can cause. A lesson that MedStar Health is fully aware
of, as seen in their actions to resolve this incident quickly.
Intrusion Motives
At this point, it is understood how valuable medical information
9. is, and not just to healthcare facilities, but also to the cyber
black market. In fighting this unavoidable circumstance,
healthcare management needs to understand the driving factors
behind cybercriminals. There is the common saying that
resonates with the benefit of knowing your enemy, and it holds
true in these challenging circumstances. The intrusive motives
of cyber criminals may be opportunistic for monetary gain,
political exposure and change, ideological activism, disruption
of services or access, and/or just simply to cause physical
harm.
In MedStar Health's 2016 case, the motive was monetary
and to disrupt service and access of their systems. This action,
in turn, caused harm to the patients and the care they required.
Ablon (2018) describes this type of attacker as a Cybercriminal.
"Cybercriminals are motivated by financial gain—they care
about making money. They want access to our personal,
financial, or health data—in order to monetize them on
underground black markets" (Ablon, 2018). The motives behind
the breach of 2016 preyed on the vulnerability in patient data
confidentiality and electronic records' availabili ty to MedStar
Health staff. Thus, understanding the enemy can prove
beneficial in MedStar Health's pursuit of curbing these
vulnerabilities.
Hacker psychology
Like intrusion motives, the hacker's psychology is tied to the
cybercriminal's mindset and begs the question of what
ultimately motivates them to hack. This goes for both
cybercriminals and cybersecurity professionals. The difference
is the motivating factor. As briefly mentioned, some hackers
will conduct their actions with the sole purpose of making
money, while others perform the same steps because of
curiosity. In the case of cybersecurity professionals, these
actions are done to protect everyday civilians who cannot
defend themselves from cyber-attacks. Understanding the
hacker's psychology will help cyber professionals make better
decisions regarding keeping EHR confidential, maintaining all
10. records' integrity, and ensuring that the data remains accessible
to the right employees. "[W]hen analyzing threats and attacks, it
is important to focus on the psychological aspect of an intruder,
their motives and intentions and their way of thinking, planning
and performing attacks" (Pleskonjic, 2006). This mindfulness
will help cybersecurity professionals in their task of creating
sound vulnerability assessments.
More so, understanding the fundamentals of insider
threats, intrusion motives, and hacker psychology provides an
excellent foundation for guiding the conversation surrounding
the CIA triad's principles. This understanding, alongside sound
security systems, will aid MedStar Health in its concerns
regarding the confidentiality, integrity, and availability of PHI
and ePHI.
Identity Management System
Identity management is an important tool in securing
information systems and if properly applied it would aid in the
reinforcement of MedStar Health security posture. It is
essentially the process by which users' identities are defined
and managed in an enterprise environment and encompasses two
vital concepts, "Access" and "User”. "Access refers to actions
permitted to be done by a user (… view, create, or [edit] a file),
[while users refer to] employees, partners, suppliers,
contractors, or customers" (De Groot, 2019). Implementing an
Identity Management System provides the ability to segment
employees based on their roles. This system will ensure that
access is given to the proper personnel at MedStar, and access
will be managed when those employees transition roles and or
leave the company. This type of access management and control
aids the fight against cyber concerns and can ultimately help
reduce the risks of vulnerabilities in MedStar Health's
framework; as it corrects issues surrounding authorization, as
access is controlled based on job description and role.
The Identity Management System is designed to address
three critical security tasks: identity, authenticate, and
authorize. "Meaning, only the right persons should have access
11. to computers, hardware, software apps, any I.T. resources, or
perform specific tasks" (De Groot, 2019). At MedStar Heal th, as
of 2017, OnCore, a clinical management system, was
implemented to work in conjunction with PowerTrials, a module
within the MedStar electronic medical record (MedStar Health,
2017). OnCore holds records of patient's progress, and to some
degree, billing intimation, while PowerTrials stores these
patients' medical records. "These two systems both serve a
different purpose within [MedStar] but work with each other to
serve study and subject information to the appropriate users"
(MedStar Health, 2017). With a proper Identity Management
System in place, access to these systems will remain secure.
The system controls the users' access (their unique passwords)
to each platform, ensuring no unauthorized person gains access
to this confidential information.
In considering an Identity Management System for
MedStar Health, the following components are needed:
a scalable, secure, and standards-compliant directory service for
storing and managing user information; a provisioning
framework that can either be linked to the enterprise
provisioning system, such as a human resources application, or
operated in standalone mode; a directory integration platform
that enables the enterprise to connect the identity management
directory to legacy or application-specific directories; a system
to create and manage public key infrastructure (PKI)
certificates; a run time model for user authentication; and a
delegated administration model and application that enables the
administrator of the identity management system to selectively
delegate access rights to an administrator of an individual
application or directly to a user (Oracle, 2010).
Figure 3
An Identity Management System Model (Oracle, 2010).
In the realm of Identity Management, there are various
ways one may access information and resources, and this system
assists in navigating this dialogue of access. At the basic level
12. of an Identity Management System is Role-Based Access
Control (RBAC). "Under this approach, there are predefined job
roles with specific sets of access privileges" (De Groot, 2019).
For instance, at MedStar Health there is no reason why a
security guard should have the same access as someone on
Payroll. Their individual roles separate their access. The second
approach is Single Sign On (SSO). In this model of the Identity
Management System, users only need to verify themselves once.
The user is "given access to all systems without the need to log
separately into each system" (De Groot, 2019). Finally, there is
the Multi-Factor Authentication (MFA). In this Identity
Management approach, the "authentication process combines
something the user knows (like a password) with something the
user has (like a security token or [One Time Password] OTP) or
something that's part of the user's body (like biometrics)" (De
Groot, 2019). When used independently, these Identity
Management approaches are not sufficient to secure an
organization given the tools currently available to
cybercriminals. However, when these approaches are used
simultaneously to manage and control access along with
passwords, and user identity, there is a greater probability of
securing PHI and ePHI.
In regards to passwords, the Identity Management System
allows for total control over the policies governing passwords,
their requirements and their expiry date. As such, in
implementing a thorough Identity Management System MedStar
Health is taking the most critical steps in securing their
infrastructure and sensitive information, ensuring that
passwords are changed frequently and are complex enough to
safeguard PHIs.. Strong passwords paired with multilevel
authentications will create a defense that is reputable in this
cyber driven world.
Example of an Identity Management System at MedStar Health
When attending to patients at the health care facilities, while
using a laptop, Doctor X will enter their set login credentials
(their username and password). Their identity will then be
13. checked against a database to verify if the correct credentials
were entered and match the ones stored. If correct, Doctor X
will gain access to the laptop. Once logged in, Doctor X will
attempt to visit the needed web service that holds MedStar
Health's PHI. Again, Doctor X will be prompted for their
username and password. The system will also check the user's
credentials against their database. However, at this point, there
is an additional layer of security requiring another form of
authentication for access, an MFA. The website creates a unique
authentication key for the user based on their previously entered
credentials. This identification key is then sent to Doctor X for
confirmation. This MFA may be in the form of an app on a
mobile device linked to the doctor's login credentials. The
identification key is generated on Doctor X's mobile device and
prompts for confirmation. Once confirmed, maybe within a set
time limit, and both forms of authentication match the database
managing credentials, Doctor X will gain access to the database
that holds the patient's health information.
The example above highlights how a simple Identity
Management System may work within MedStar Health, where
only specific users in the organization are allowed to access and
handle sensitive information. The Identity Management System
does a fantastic job at provisioning access across organizations;
however, safe computer etiquette needs to complement these
systems to address significant vulnerabilities.
Figure 4
Example of MFA in the Identity Management System
(Papaspirou et al., 2021).
The importance of safe computer etiquette
In the case of MedStar Health, in the 2016 ransomware attack,
if personnel were adequately trained to identify phishing emails
or malicious hyperlinks, this incident could have been avoided
and their records could have been protected. The same can be
said for the 2019 accident. "IBM's 2015 Cyber Security
Intelligence Index stated that 45 percent of all breaches were
due to insiders and that 95 percent of those breaches were due
14. to human error" (Perez, 2016). The report also stated that 42.75
percent of all cyberattacks are caused by inadequately or
improperly trained staff. Thus, with the proper tools and safe
computer etiquette, MedStar and all healthcare providers can
better protect their number one stakeholder's information, their
patients.
In an interview with SCMagazine, a cybersecurity magazine in
the UK, Jacob Ginsberg, a senior director at Echoworx, said it
best. He compares the basic things an individual learns growing
up, not touching a hot oven – to the education needed in the
digital workplace. He said, "[there] should probably have
similar lessons like that which would educate the digital
workforce on the basic things you can do to stay safe at work"
(Perez, 2016). This fundamental educational gap must be filled
to ensure that the average MedStar employee knows how to
protect their data and not fall prey to crafty phishing emails and
other avoidable mistakes seen in 2019.
Figure 5
The frequency of cybersecurity awareness training in the U.S.
Healthcare Sector as of 2018 (Stewart, 2019).
Conclusion
The numbers reflected in the chart above should be
significantly higher, given that millions of individuals are
affected yearly by cyberattacks in healthcare. Overall, the
current situation society faces is dire however, the technology
and training are available to aid in protecting PHIs and
addressing these concerns. "Patient First is the heart of quality
care at MedStar Health. Part of "Patient First" is [MedStar
Health's] promise to keep patient information private" (MedStar
Health, 2014). Thus, implementing the recomme ndations
highlighted in this paper is critical to MedStar Health's promise
to their patients. With proper cyber awareness training, a robust
Identity Management System, a better understanding of insider
threats, and the motives and psychological mindset of their
potential intruders, MedStar Health is armed with the
appropriate tools needed in this uphill fight. This approach
15. ultimately protects their number one stakeholder, their patients.
References
Ablon, L. (2018, March 15). The Motivations of Cyber Threat
Actors and Their Use and Monetization of Stolen Data. The
RAND Corp.
https://www.rand.org/content/dam/rand/pubs/testimonies/CT400
/CT490/RAND_CT490.pdf
Cox, J., Turner, K. & Zapotosky, M. (2016, March 28). Virus
infects MedStar Health system's computer s, forcing an online
shutdown. Washington Post.
https://www.washingtonpost.com/local/virus-infects-medstar-
health-systems-computers-hospital-officials-
say/2016/03/28/480f7d66-f515-11e5-a3ce-
f06b5ba21f33_story.html
De Groot, J. (2019, December 19). What is identity and access
management (IAM)? Data Insider.
https://digitalguardian.com/blog/what-identity-and-access-
management-iam
Hall, S. (2016, June 30). Lessons from the MedStar Health
ransomware attack. Fierce Healthcare.
https://www.fiercehealthcare.com/privacy-security/lessons-
from-medstar-ransomware-attack
Johnson, J. (2021, March 10). Number of U.S. residents affected
by health data breaches from 2014 to 2019, in millions. Statista.
https://www-statista-
com.lehman.ezproxy.cuny.edu/statistics/798564/number-of-us-
residents-affected-by-data-breaches/
Mazzarolo, G., & Jurcut, A. D. (2019). Insider threats in Cyber
Security: The enemy within the
gates.https://arxiv.org/pdf/1911.09575.pdf
MedStar Health Inc. (2021). Graduate medical education.
https://www.medstarhealth.org/education/graduate-medical-
education/
MedStar Health Inc. (2019, July 22). Security Breach
Notification.https://www.marylandattorneygeneral.gov/ID%20T
16. heft%20Breach%20Notices/2019/itu-315436.pdf#
MedStar Health Inc. (2014, October). Protecting Patient
Privacy.
https://ct1.medstarhealth.org/content/uploads/sites/8/2014/10/M
GUH-Volunteer-Protecting-Patient-Privacy-Policy.pdf
Moffit, R. & Steffen, B. (2017). Health care data breaches: a
changing landscape. Maryland Health Care Commission.
https://mhcc.maryland.gov/mhcc/pages/hit/hit/documents/HIT_
DataBreachesBrief_Brf_Rpt_090717.pdf
Oracle. (2010, January 2). Identity Management Concepts and
Deployment Planning
Guide.https://docs.oracle.com/cd/B14099_19/idmanage.1012/b1
4084/intro.htm#:~:text=A%20complete%20identity%20manage
ment%20system,storing%20and%20managing%20user%20infor
mation.&text=A%20system%20to%20create%20and,time%20mo
del%20for%20user%20authentication.
Papaspirou, V., Maglaras, L., Amine Ferrag, M., Kantzavelou,
I., Janicke, H., & Douligeris, C. (2021, January 20). A novel
two-factor honeytoken authentication mechanism.
https://arxiv.org/pdf/2012.08782.pdf
Perez, R. (2016). Cyber-security awareness. S.C. Magazine: For
I.T. Security Professionals (U.K. Edition), 18–21. https://eds-a-
ebscohost-
com.ezproxy.umgc.edu/eds/pdfviewer/pdfviewer?vid=7&sid=d5
194e8a-a6ee-4c2c-84e2-c0bb5899bbb7%40sessionmgr4008
Pleskonjic, D., Milutinovic, V., Maček, N., Djordjevic, B. &
Caric, M. (2006). Psychological profile of network intruder.
https://www.researchgate.net/profile/Dragan-Pleskonjic-
2/publication/325810196_Psychological_profile_of_network_int
ruder/links/5b2648c1458515270fd4a3f6/Psychological -profile-
of-network-intruder.pdf
Schmeelk, S., Dragos, D. & DeBello, J. (2021). What can we
learn about healthcare I.T. risk from HITECH? Risk lessons
learned from the US HHS OCR breach portal. Proceedings of
the 54th Hawaii International Conference on System Sciences.
3993-3999.
17. https://scholarspace.manoa.hawaii.edu/bitstream/10125/71101/0
393.pdf
Stewart, C. (2019, May 20). Frequency of security awareness
training in healthcare organizations U.S. 2018. https://www -
statista-
com.lehman.ezproxy.cuny.edu/statistics/736704/security-
awareness-training-frequency-in-healthcare-organization-in-us/
Touro College Illinois. (2021, March 4). How is healthcare
information kept safe? https://illinois.touro.edu/news/how -is-
healthcare-information-kept-safe.php
Tutorials Point. (n.d.). What are web
services?https://www.tutorialspoint.com/webservices/what_are_
web_services.htm
Williams. P. (2016, March 31). Medstar hospitals recovering
after 'ransomware' hack. NBC news.
https://www.nbcnews.com/news/us-news/medstar-hospitals-
recovering-after-ransomware-hack-n548121
Lab Report
In the lab, there were two tools used for password
cracking, Cain & Abel and Ophcrack. Brute Force attacks and
Dictionary attacks recovered the passwords by using NTLM
Hashes. Passwords recovered in Ophcrack imported users
username, LM hash, and NT hash into rainbow tables to crack
the users password. This report will provide the results of using
each attack on three separate users.
Using Brute Force, Apollo and Batman passwords were
recovered within 10 seconds. User Csadmin password was never
recovered. Dictionary provides more options to define the
password, Apollo and Batman were found in 5 seconds.
Csadmin password was never recovered. Lastly, Ophcrack
recovered Apollo and Batman passwords immediately. However,
Csadmin password was never recovered.
Ophcrack recovered the password the quickest. When using
Brute Force, the predefined field and the password length has to
18. be adjusted properly to recover a password in a reasonable
amount of time. For example, Apollo password could take 2
years to recover using Brute Force when the predefined field is
set on just letters and the length set to a max of 16 characters.
When the predefined field is set to uppercase and lowercase
letters and numbers the password was recovered within 10
seconds. Ophcrack recovered the password within 1 second.
Please review screenshots below for the results of the lab
conducted.
There are four types of character sets when creating a strong
password. The four types of character sets are password length,
using uppercase and lowercase letters, including numbers and
symbols, and creating a unique password. You should use all
four types of character sets to create a secure password. The
general rule for password lengths are no less than 8 characters.
Passwords should be reset every 90 days.
Penetration testing is very important to do to ensure the security
of a system. Penetration testing reveals system vulnerabilities,
help develop security strategies for a real attack, and expose
any poor security practices. Penetration testing can be a
learning experience for MedStar’s IT Security team to learn
different methods hackers use to penetrate a system. The team
could also learn how to conduct incident reports and a
remediation plan to apply a permanent fix.
Grader - Instructions Excel 2019
ProjectExp19_Excel_Ch09_CapAssessment_Tips
Project Description:
Your friend Kimo is a server at a restaurant. He downloaded
data for his customers’ food and beverage purchases for the
week. You will complete the workbook by applying consistent
formatting across the worksheets and finalizing the weekly
summary. The restaurant requires tip sharing, so you will
calculate how much he will share with the beverage worker and
the assistant.
19. Steps to Perform:
Step
Instructions
Points Possible
1
Start Excel. Download and open the file named
Exp19_Excel_Ch09_Cap_Assess ment_Tips.xlsx. Grader has
automatically added your last name to the beginning of the
filename.
The Excel workbook contains circular references. When you
open the file, an error message displays. This error will be
resolved as part of the project
0
2
The Tip Left column in the Friday worksheet contains a fill
color and number formatting. You want to fill these formats to
the other daily worksheets.
Group the Friday through Monday worksheets, staring with the
Friday worksheet. Fill the format only for the range E5:E24.
8
3
Now you want to insert column totals for the five worksheets
simultaneously.
With the worksheets still grouped, insert SUM functions in the
range B25:E25 and apply the Totals cell style. Ungroup the
worksheets.
5
4
The Week worksheet is designed to be a summary sheet. You
want to insert a hyperlink to the Total heading in the Monday
worksheet.
On the Week worksheet, in cell A5, insert a hyperlink to cell
20. A25 in the Monday worksheet with the ScreenTip text Monday’s
Totals. Test the hyperlink to ensure it works correctly.
2
5
In cell A6 on the Week worksheet, insert a hyperlink to cell
A25 in the Tuesday worksheet with the ScreenTip text
Tuesday’s Totals. Test the hyperlink to ensure it works
correctly.
2
6
In cell A7, insert a hyperlink to cell A25 in the Wednesday
worksheet with the ScreenTip text Wednesday’s Totals. Test the
hyperlink to ensure it works correctly.
2
7
In cell A8, insert a hyperlink to cell A25 in the Thursday
worksheet with the ScreenTip text Thursday’s Totals. Test the
hyperlink to ensure it works correctly.
2
8
In cell A9, insert a hyperlink to cell A25 in the Friday
worksheet with the ScreenTip text Friday’s Totals. Test the
hyperlink to ensure it works correctly.
2
9
Now, you are ready to insert references to cells in the individual
worksheets. First, you will insert a reference to Monday's Food
Total.
In cell B5 on the Week worksheet, insert a formula with a 3-D
reference to cell B25 in the Monday worksheet. Copy the
formula to the range C5:E5.
2
10
The next formula will display the totals for Tuesday.
21. In cell B6, insert a formula with a 3-D reference to cell B25 in
the Tuesday worksheet. Copy the formula to the range C6:E6.
2
11
In cell B7, insert a formula with a 3-D reference to cell B25 in
the Wednesday worksheet. Copy the formula to the range
C7:E7.
2
12
In cell B8, insert a formula with a 3-D reference to cell B25 in
the Thursday worksheet. Copy the formula to the range C8:E8.
2
13
In cell B9, insert a formula with a 3-D reference to cell B25 in
the Friday worksheet. Copy the formula to the range C9:E9.
2
14
Now you want to use a function with a 3-D reference to
calculate the totals.
In cell B10 on the Week worksheet, insert the SUM function
with a 3-D reference to calculate the total Food purchases (cell
B25) for the five days. Copy the function to the range C10:E10.
5
15
The servers are required to share a portion of their tips with the
Beverage Worker and Assistants. The rates are stored in another
file.
Open the Exp_Excel_Ch09_Cap_Assessment_Rates.xlsx
workbook. Go back to the
Exp_Excel_Ch09_Cap_Assessment_Tips.xlsx workbook. In cell
F5 of the Week worksheet, insert a link to the Beverage Worker
Tip Rate (cell C4 in the Rates workbook) and multiply the rate
by the Monday Drinks (cell C5). Copy the formula to the range
F6:F9.
22. 5
16
Next, you will calculate the tips for the assistant.
In cell G5 in the Tips workbook, insert a link to the Assistant
Tip Rate (cell C5 in the Rates workbook) and multiply the rate
by the Monday Subtotal (cell D5). Copy the formula to the
range G6:G9. Close the Rates workbook.
Note: The tip is a monetary value in the Week worksheet. It
should be formatted for Accounting Number Format.
5
17
You noticed a circular error when you first opened the Tips
workbook. Now you will find and correct it.
On the Week worksheet, check for errors and correct the
formula with the circular reference.
5
18
You want to create a validation rule to prevent the user from
accidentally entering a negative value. For now, you will create
a validation in the Friday worksheet.
Select the range E5:E24 in the Friday worksheet, create a
validation rule to allow a decimal value greater than or equal to
zero. Enter the input message title Tip and the input message
Enter the amount of tip. (including the period). Use the Stop
alert with the error alert title Invalid Number and the error alert
message The tip must be zero or more. (including the period).
Test the data validation by attempting to enter -20 in cell E5
and then cancel the change.
10
19
Now you will copy the validation settings to the other daily
worksheets.
23. Copy the range E5:E24 in the Friday worksheet. Group the
Monday through Thursday worksheets, select the range E5:E24,
and use Paste Special Validation to copy the validation settings.
10
20
You want to unlock data-entry cells so that the user can change
the tips in the daily worksheets.
Group the Monday through Friday worksheets. Select the ranges
E5:E24 and unlock these cells.
10
21
Create footer with your name on the left side, the sheet name
code in the center, and the file name code on the right side of
all worksheets.
5
22
Now that you unlocked data-entry cells, you are ready to protect
the worksheets to prevent users from changing data in other
cells. Individually, protect each sheet using the default
allowances without a password.
12
23
Mark the workbook as final.
Note: Mark as Final is not available in Excel for Mac. Instead,
use Always Open Read-Only on the Review tab.
0
24
Save and close Exp19_Excel_Ch09_Cap_Assessment_Tips.xlsx.
Exit Excel. Submit the file as directed.
0
Total Points
100
24. Created On: 05/04/2020 1
Exp19_Excel_Ch09_CapAssessment - Tips 1.1
MedStar
Group 3
March 3, 2021
MANAGING CYBER THREATS FOR MedStar system
1
Agenda
About MedStar
Our Story
Our Product and Services
Cyber Challenges
Mission
Technical Paper Summary
Lab Report Results Review
Vulnerabilities
Unauthorize Access
Ransomware
Denial of Services
Key project updates
2021 Plan
Recommendation
25. Executive Team
Kenneth A. Samet
Susan K. Nelson
Scott MacLean
Closing
Summary
Questions and Answers
Our Story
Highlights
MedStar Health is a not-for-profits health system dedicated to
caring for people in Maryland and the Washington DC
MedStar’s 30,000 associates, 6,000 affiliated physicians, 10
hospitals ambulatory, and urgent care center
MedStar Health research institute are recognized regionally and
nationally for excellence in medical care
MedStar trains more than 1,100 medical residents annually
Highlights
MedStar treated more than 6,000 patients, handled 2,400 ER
patients, and performed 782 surgeries.
MedStar judged top among 70 nominees in the category
recognizing “best use of storage technology to drive
performance gains
26. 3
Our Products and Services
ephi
phi
Hipaa/hitech
Cyber Threats Challenges
The health system was forced to shut down its computers and
email during the March 28 attack
The healthy system lost access to more than 370 computer
programs
New employee didn’t know how to operate without computer
system
Cyber attacks represent the greatest threats to protecting
healthcare data
The attack forced the organization to power down critical
process and infrastructure
The attackers used ransomware
The attack slowed down operations with majority of services
taken offline
27. 5
Mission Best Practices
Email Projection
Endpoint Protection
Asset Management
Network Management
Medical Device Security
Policies and Procedures
6
Technical Paper Summary
7
28. Organization Overview
Technology Used
Vulnerabilities and Mitigation
Conclusion
LAP REPORT REVIEW APOLLO
(ophcrack)
(BRUTE FORCE)Batman
(ophcrack)
(BRUTE FORCE))CHEKOV
(ophcrack)
(BRUTE FORCECSADMIN
(ophcrack)
(BRUTE FORCE)Ophcrack recovered the password the
quickest. Ophcrack recovered the password the quickest.
Ophcrack recovered the password the quickest. Ophcrack
recovered the password the quickest. Using Brute Force, the
predefined field and the password length has to be adjusted
properly to recover a password in the reasonable time.Using
Brute Force, the predefined field and the password length has to
be adjusted properly to recover a password in the reasonable
time.Using Brute Force, the predefined field and the passw ord
length has to be adjusted properly to recover a password in the
reasonable time.Using Brute Force, the predefined field and the
password length has to be adjusted properly to recover a
password in the reasonable time.Apollo password could take 2
years to recover Apollo password could take 2 years to recover
29. Apollo password could take 2 years to recover Apollo password
could take 2 years to recover
8
BRUTE FORCE
an attacker submitting many passwords or passphrases with the
hope of eventually guessing a combination correctly. The
attacker systematically checks all possible passwords and
passphrases until the correct one is found
Dictionary Attack
is a form of brute force attack technique for defeating a cipher
or authentication mechanism by trying to determine its
decryption key
30. Ophcrack
is a free open-source program that cracks Windows log-in
passwords by using LM hashes through rainbow tables. The
program includes the ability to import the hashes from a variety
of formats, including dumping directly from the SAM files of
Vulnerabilities
12
Unauthorize Access
Ransomware
Denial of Services
31. Key Project Updates
Implementing preventive measures by working to educate
employees and staff on how to mitigate and prevent further
attacks on the systems infrastructure.
Ethical decisions regarding protected patient information should
be made in timely manner
Maintaining communication with stakeholders, acting in a
timely manner, protecting confidentiality, ensuring professional
competence, and collaborating with appropriate agencies to
solve the issue.
Most cyber security breach are due to compromised passwords,
MedStar should taken a strong view that all external/internal
access requires two factor authentication to prevent comprising
our systems
Lesson Learned
13
Recommendation
What are our keys plans for the coming years of 2021?
MedStar need to implement both key technologies and process
32. to protect against Cyber Threats as well as defining
organizational process to manage risk
Network Segmentation diving the network into manageable
parts and monitoring communications between each of the part
provides early detection of potential cyber threats while
limiting organization risk
Most cyber security breach are due to compromised passwords,
MedStar should taken a strong view that all external/internal
access requires two factor authentication to prevent comprising
our systems
14
Our People Executive Team
Scott T. MacLean
CEO
Susan K. Nelson
CFO
Scott T. MacLean
CIO