The confidentiality of information in the healthcare industry is very important. Actually, one of the jobs of health care practitioners is to keep the records of their customers confidential. Any activity which is prone that is moved towards breaching this must be put to a halt. A health care industry must ensure that attacks, both from inside or outside of the organization must be discovered and necessary measures to address such must be made.
In the case of the healthcare organization incident, the first thing to do upon determination that the crime committed by the employee is positive or there seems to be evidences that this is actually done is inform management and create a plan on how to approach the problem. First, they must prepare for a search where the company has to thoroughly provide a description of the nature of the case and identify the possible computer systems used during the duration of the attack. Further, the company must also determine whether the computers involved can be seized of or not while also obtaining detailed descriptions of the possible location where the attack have been made. It is also important for the company to determine who will be in charge of the investigation and if they need additional technical manpower or expertise to conduct the investigation. Likewise, the tools needed by the investigation team must also be prepared together with a list of the composition of the investigation team and their corresponding responsibilities or role. This is very important to avoid unauthorized people to meddle with the investigation later on, which can be a possible reason failure of the investigation.
Identification of the nature of the case is very important because this will dictate how the investigation will go through and will also determine what resources are needed during the investigation. Identification of the computer systems, likewise is important is this is where the number of computers involves the size of disk, the operating systems used and other hardware details are specified to aid the investigation team in coming up resources or tools to be used during the actual investigation or collecting of evidences. Although seizing computers and bringing them to the laboratory to collect the evidences is the usual practice, this is not always possible as sometimes, sources of evidences cannot be pulled out. However, in this case, since the computers to be investigated are the property of the company, these can be secured and accessed anytime. With regards to obtaining information regarding the location, potential hazards should also be determined like how to protect the storage resources or the target disks before using them to avoid losing data or temperatures.
For this case, investigation may be a little easier since it has been pre-determined that the incident or the crime happened inside the office and that the company is the one initiating the investigation, thus it is assumed that the computers and the network to be investigated will be available anytime without thinking of possible complications whether some administrative policies are violated or not. After preparing to conduct the actual investigation, the healthcare organization must secure the incident scene. During the investigation, no employee that is not part of the investigation team should not be allowed to touch the computers being questioned or investigated. Since it is suspected that several computers were used for the purpose, this means that several computers are not allowed to be touched. This restriction includes the shutting down or opening of computers and likewise the installation or removal of computer files unless authorized by the investigator. Likewise, all known computer users must also be determined and interviewed to determine their extent of access to the computers. After the initial security measures, the crime scene must not be left unattended until such time that the investigation has been completed. Only personnel directly involved with the investigation must be allowed within the crime scene while the investigation is still on-going.
References:
Erorah, Inno (2008). Responding to the Digital crime Scene: Gathering Volatile Data. Retrieved from https://www.owasp.org/images/2/29/NetSecurity-RespondingToTheDigitalCrimeScene-GatheringVolatileData-TechnoForensics-102908.pdf
Hay, Brian (2008). Forensic Examination of Volatile System Data Using Virtual Introspection. Retrieved from http://assert.uaf.edu/papers/forensicsVMI_SIGOPS08.pdf
