Security of Patients' Hospital Data Recorded Presentation Transcript Slide 1 Security of Patients' Hospital Data Tabled 29 May 2019...

Propose an IT Governance at Hospital Based on COBIT 2019 Framework


Security of Patients' Hospital Data Recorded Presentation Transcript Slide 1    Security of Patients' Hospital Data Tabled 29 May 2019     This presentation provides an overview of the Victorian Auditor‐General’s report Security of  Patients’ Hospital Data.        Slide 2    2 Overview Public hospitals use  information and  communications  technology (ICT) to  deliver healthcare  and to capture and  store patient  information Health services need  to manage the risk of  cyber attack, which  could steal patient  information and  disable health  services’ ICT systems     Public hospitals are increasingly using information and communications technology (ICT) to  deliver healthcare and to capture and store patient information.     Digital records are valuable in improving patient care, however, health services need to  manage the risk of a cybersecurity breach, which could steal patient information and disable  health services' ICT systems, preventing staff from accessing patient information.        Slide 3    3 What we looked at We assessed  whether health  services are taking  effective steps to  protect patient data     In this audit, we assessed whether health services are taking effective steps to protect  patient data.         Slide 4    4 Who we looked at Health services • Barwon Health • Royal Children's  Hospital • Royal Victorian Eye  and Ear Hospital Departments Department of Health  and Human Services  (DHHS) areas: • Digital Health • Health  Technology  Solutions     We audited Barwon Health, the Royal Children's Hospital and the Royal Victorian Eye and Ear  Hospital.     We also examined two different areas of the Department of Health and Human Services  (DHHS)—their Digital Health branch and Health Technology Solutions—and how they are  supporting health services.        Slide 5    5 What we found Health service staff have low security  awareness DHHS's Digital Health branch has  developed common, health service specific  cybersecurity standards Health services have not fully implemented  needed security measures      DHHS's Digital Health branch has filled an important gap in the sector by developing  common, health service specific cybersecurity standards and acting as the central point for  advice and support.     While Digital Health has developed a clear roadmap to improve security across the sector,  health services' have not fully implemented the security measures necessary to protect  patient data.    Our testing identified key weaknesses in health services' approach to data security,  particularly in relation to staff awareness and network monitoring.         Slide 6    6 Cybersecurity at DHHS’s Digital Health branch  DHHS’s Digital Health branch is supporting  health services to improve cybersecurity Health services identify barriers to fully  implementing security controls     DHHS’s Digital Health branch works to improve cybersecurity in the sector by developing  guidance materials, running awareness and training sessions, and funding ICT infrastructure  upgrades.     We found that DHHS’s Digital Health branch has completed an effective program of work to  improve health services’ approach to data security. However, health services identify key  barriers to fully implementing the controls, such as lack of cybersecurity staff and  insufficient resources for ICT projects.           Slide 7    7 Effectiveness of data security in health services  Health services are responsible for their  cybersecurity  All audited health services vulnerable  to cyberattacks  Most audited health services do not train staff in data security     While DHHS has developed a clear roadmap to improve cybersecurity, ultimately it is the  responsibility of health services to implement those improvements.      We conducted scenario‐based penetration testing at the audited health services and found  that all were vulnerable to attacks that could steal or alter patient data. Key weaknesses  include inadequate user access controls, weak passwords and limited monitoring to detect  suspicious behavior on their ICT network.     Additionally, we found that most audited health services do not train staff to recognise  suspicious behaviour, or to practice basic security such as locking computers, not clicking on  suspicious links, or protecting their security access passes.         Slide 8    8 Health Technology Solutions and vendor management Health Technology Solutions has not fully implemented Digital Health's  cybersecurity controls Lack of health service oversight of  vendor security management creates  risks of security breaches     Health services typically store their patient data in applications hosted and secured by third  party vendors. However, health services remain responsible for protecting patient data and  ensuring that vendors fulfil their security responsibilities. Health Technology Solutions is the  key provider of outsourced ICT business systems to Victorian health services.     Despite being part of DHHS, Health Technology Solutions has made no progress in  implementing Digital Health's cybersecurity controls since they were introduced in March  2017 and has similar security weaknesses to Victorian health services.     We also found issues with vendor management at two audited health services. At one  health service, we gained access to patient data in a system managed by a third‐party  vendor. At another, we found confusion around whether the responsibility for data security  sat with the third party or the hospital.         Slide 9    9 Recommendations 8 Recommendations  for DHHS DHHS is committed to  working with Victorian  health services to  acquit these  recommendations 9 Recommendations  for health  services     We made eight recommendations for DHHS around continuing support for the Digital Health  cybersecurity program and nine recommendations for health services.    DHHS has committed to working with Victorian health services to acquit these  recommendations.             Slide 10    For further information, please view the full report on our website:  www.audit.vic.gov.au 10     For further information, please see the full report of this audit on our website,  www.audit.vic.gov.au.< ascii85encodepages="" false="" allowtransparency="" false="" autopositionepsfiles="" true="" autorotatepages="" none="" binding="" left="" calgrayprofile="" (dot="" gain="" 20%)="" calrgbprofile="" (srgb="" iec61966-2.1)="" calcmykprofile="" (u.s.="" web="" coated="" \050swop\051="" v2)="" srgbprofile="" (srgb="" iec61966-2.1)="" cannotembedfontpolicy="" error="" compatibilitylevel="" 1.4="" compressobjects="" tags="" compresspages="" true="" convertimagestoindexed="" true="" passthroughjpegimages="" true="" createjobticket="" false="" defaultrenderingintent="" default="" detectblends="" true="" detectcurves="" 0.0000="" colorconversionstrategy="" cmyk="" dothumbnails="" false="" embedallfonts="" true="" embedopentype="" false="" parseiccprofilesincomments="" true="" embedjoboptions="" true="" dscreportinglevel="" 0="" emitdscwarnings="" false="" endpage="" -1="" imagememory="" 1048576="" lockdistillerparams="" false="" maxsubsetpct="" 100="" optimize="" true="" opm="" 1="" parsedsccomments="" true="" parsedsccommentsfordocinfo="" true="" preservecopypage="" true="" preservedicmykvalues="" true="" preserveepsinfo="" true="" preserveflatness="" true="" preservehalftoneinfo="" false="" preserveopicomments="" true="" preserveoverprintsettings="" true="" startpage="" 1="" subsetfonts="" true="" transferfunctioninfo="" apply="" ucrandbginfo="" preserve="" useprologue="" false="" colorsettingsfile="" ()="" alwaysembed="" [="" true="" ]="" neverembed="" [="" true="" ]="" antialiascolorimages="" false="" cropcolorimages="" true="" colorimageminresolution="" 300="" colorimageminresolutionpolicy="" ok="" downsamplecolorimages="" true="" colorimagedownsampletype="" bicubic="" colorimageresolution="" 300="" colorimagedepth="" -1="" colorimagemindownsampledepth="" 1="" colorimagedownsamplethreshold="" 1.50000="" encodecolorimages="" true="" colorimagefilter="" dctencode="" autofiltercolorimages="" true="" colorimageautofilterstrategy="" jpeg="" coloracsimagedict="">< qfactor="" 0.15="" hsamples="" [1="" 1="" 1="" 1]="" vsamples="" [1="" 1="" 1="" 1]="">> /ColorImageDict < qfactor="" 0.15="" hsamples="" [1="" 1="" 1="" 1]="" vsamples="" [1="" 1="" 1="" 1]="">> /JPEG2000ColorACSImageDict < tilewidth="" 256="" tileheight="" 256="" quality="" 30="">> /JPEG2000ColorImageDict < tilewidth="" 256="" tileheight="" 256="" quality="" 30="">> /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict < qfactor="" 0.15="" hsamples="" [1="" 1="" 1="" 1]="" vsamples="" [1="" 1="" 1="" 1]="">> /GrayImageDict < qfactor="" 0.15="" hsamples="" [1="" 1="" 1="" 1]="" vsamples="" [1="" 1="" 1="" 1]="">> /JPEG2000GrayACSImageDict < tilewidth="" 256="" tileheight="" 256="" quality="" 30="">> /JPEG2000GrayImageDict < tilewidth="" 256="" tileheight="" 256="" quality="" 30="">> /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict < k="" -1="">> /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False /CreateJDFFile false /Description < ara=""> /BGR /CHS /CHT /CZE /DAN /DEU /ESP /ETI /FRA /GRE /HEB /HRV (Za stvaranje Adobe PDF dokumenata najpogodnijih za visokokvalitetni ispis prije tiskanja koristite ove postavke. Stvoreni PDF dokumenti mogu se otvoriti Acrobat i Adobe Reader 5.0 i kasnijim verzijama.) /HUN /ITA /JPN /KOR /LTH /LVI /NLD (Gebruik deze instellingen om Adobe PDF-documenten te maken die zijn geoptimaliseerd voor prepress-afdrukken van hoge kwaliteit. De gemaakte PDF-documenten kunnen worden geopend met Acrobat en Adobe Reader 5.0 en hoger.) /NOR /POL /PTB /RUM /RUS /SKY /SLV /SUO /SVE /TUR /UKR /ENU (Use these settings to create Adobe PDF documents best suited for high-quality prepress printing. Created PDF documents can be opened with Acrobat and Adobe Reader 5.0 and later.) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ < asreaderspreads="" false="" cropimagestoframes="" true="" errorcontrol="" warnandcontinue="" flattenerignorespreadoverrides="" false="" includeguidesgrids="" false="" includenonprinting="" false="" includeslug="" false="" namespace="" [="" (adobe)="" (indesign)="" (4.0)="" ]="" omitplacedbitmaps="" false="" omitplacedeps="" false="" omitplacedpdf="" false="" simulateoverprint="" legacy="">>< addbleedmarks="" false="" addcolorbars="" false="" addcropmarks="" false="" addpageinfo="" false="" addregmarks="" false="" convertcolors="" converttocmyk="" destinationprofilename="" ()="" destinationprofileselector="" documentcmyk="" downsample16bitimages="" true="" flattenerpreset="">< presetselector="" mediumresolution="">> /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ] >> setdistillerparams < hwresolution="" [2400="" 2400]="" pagesize="" [612.000="" 792.000]="">> setpagedevice
May 03, 2021
SOLUTION.PDF

Get Answer To This Question

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here