Abstract
Threats represent the individuals, groups, and events that create adverse situations affecting the confidentiality, integrity, and availability of patient information. The human elements include state-sponsored groups, organized cybercriminals, other malicious outsiders, including hacktivists, and malicious insiders. Nonhuman elements include natural disasters or other human-made occurrences, such as terrorist attacks. The process of documenting threats requires the risk analyst to think about the actors and scenarios that threaten ePHI. These actors and scenarios take advantage of vulnerabilities that can lead to a privacy or security incident.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
NIST, “Guide for Conducting Risk Assessments,” http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf , September 2012.
- 2.
Andy Greenberg, “Obama Curbed Chinese Hacking, but Russia Won’t Be So Easy,” Wired, www.wired.com/2016/12/obama-russia-hacking-sanctions-china/ , December 16, 2016.
- 3.
Mandiant, “APT 1: Exposing One of China’s Cyber Espionage Units,” www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf , October 25, 2004.
- 4.
FireEye, “APT 28: A Window into Russia’s Cyber Espionage Operations?” www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf , 2014.
- 5.
Jon DiMaggio, “The Black Vine cyberespionage group,” Symantec, www.symantec.com/content/dam/symantec/docs/security-center/white-papers/black-vine-cyberespionage-group-15-en.pdf , August 6, 2015.
- 6.
Verizon, “2016 Data Breach Investigations Report,” www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ , 2016.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Eric C. Thompson
About this chapter
Cite this chapter
Thompson, E.C. (2017). Who Wants Health Information?. In: Building a HIPAA-Compliant Cybersecurity Program. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-3060-2_5
Download citation
DOI: https://doi.org/10.1007/978-1-4842-3060-2_5
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-3059-6
Online ISBN: 978-1-4842-3060-2
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books