Encryption failures in organizations involving at-rest and i…

Your assignment this week will require researching two organizational failures involving encryption and discussing ways you might work to reduce these types of failures. First, find an organization that suffered a breach as a result of a failure to implement encryption at-rest. This should be easy, look for an organization that suffered a breach as a result of theft and chances are youll find what you need (HINT: Remember, HHS says a theft of PHI that is encrypted is not a breach, so if they reported a breach due to theft, it most likely wasn’t encrypted). This happens A LOT too, so while youre researching, think about how your own organization implements this security (or if it doesnt). This is applicable even if you don’t currently work for a healthcare organization – if your organization deals with customer data, credit cards, educational records, or any type of sensitive records, are they protected? Second, find an organization that suffered a breach as a result of failure to implement encryption in-transit. This one might be harder to research, so some simple things you can look for to help narrow down the search are organizations that suffered breaches as a result of emailing patient files, or failing to use a VPN or other encryption mechanism while accessing charts remotely. While researching, again, think about how your own organization implements this type of security to protect patient information or other sensitive records (or if it doesnt). For both types of breaches, come up with at least one simple way that they could have been prevented. For the next and last component, you might not have intimate knowledge of what your organization has in place, currently work for a healthcare provider, or be comfortable discussing your organizations implementation thats fine, adjust as needed and dont answer any question that you are uncomfortable answering. This assignment is not about spilling company secrets or worrying about who works where… Last assignment component: Think about this topic and the way your organization currently operates. How does your organization currently handle both types of encryption? Do you think its adequate? If you were in charge, would you do it differently? If so, how? Think about the two breaches that you researched for this assignment – if it were your organization in the place of either breach you researched, in your opinion, would the results be the same? You’ve been researching the failures of others this entire quarter and how it happened – with what you’ve read and seen and learned so far, is your own organization primed to be on a breach list? We’re in Week 9 of this course, apply what you have learned to this assignment. Again, I’m not interested in naming names – if you are uncomfortable with writing about your own organization or do not currently work, keep it generic. I am more interested in you applying what you have learned about compliance requirements to what you know about your own potential workplace. Assignment Number: WK9A7 Assignment Requirements: 700 words, Times New Roman font, size 12, double-spaced. A template for this assignment in Word has been provided previously with formatting set up. APA6 style format – paper must include a Works Cited page at the end and in-text citations for any research incorporated into your work. Direct quotes are limited to 10 words total per quote. You are expected to analyze, evaluate, and paraphrase content into your work, not copy it directly from the source.