Patient Data Breached At Geisinger. Computer Forensics Can Aid In Evidence Collection
Recently, Geisinger Health Systems revealed beach of information related to around 2,928 patients. The data revealed includes Protected Health Information (PHI) of patients. The information was reportedly sent by a gastroenterologist from his work computer to his personal computer. The transmission was unencrypted. In this case, the transmitted information included medical record numbers, procedures, treatment information and health indications. Usually, PHI information also includes past and present health status, future indications, patient account information and social security numbers among others. Such information may be misused by offenders to misrepresent individuals and gain unauthorized benefit.
Usually, experts who have undertaken computer forensic training help organizations in tracking the offender. Computer forensic experts use procedures such as imaging and cryptographic hash verification to detect alteration of files and folders. In this case, professionals at Geisinger were able to detect unauthorized transmission of information. The physician cooperated with the authorities and deleted the information from his computer. Home email provider was also informed and requested to delete the email from their server. Fortunately, there was no malicious intention behind unauthorized disclosure of sensitive information by Geisinger employee. However, in most cases, cybercriminals use sophisticated techniques to intrude into computer systems and networks. Also, improper monitoring mechanisms may fail to detect unauthorized access and data breaches by insiders in an organization. It is important to punish cybercriminals to prevent recurrence of such crimes. Therefore, it is important to collect evidence, which is legally admissible in a court of law.
The affected systems must be quarantined to prevent tampering and modification of evidence. IT Department must have professionals with knowledge of computer forensic procedures to ensure protection of evidence. Organizations may encourage IT professionals to undertake computer forensics online training programs offered by universities and institutions offering security certifications to update themselves on the latest techniques, tools and best practices.
Individuals, government institutions, media and all forms of business organizations are affected by cybercrime. Recent events such as WikiLeaks disclosure, attack on university websites and state-sponsored attacks indicate the serious threats emanating in the cyberspace. Universities and educational institutions must encourage students to undertake computer forensics courses to deal with sophisticated crime as well as to meet future requirements of IT professionals.