HIM 680 Final Project Milestone One Worksheet
In this milestone, you will conduct a risk assessment for Shoreline Health System. To complete this assignment, you will use the Shoreline Health System case study in the Final Project Case Study document as your base. You will also conduct research to supplement the case study information and to determine common vulnerabilities and threats related to ransomware attacks, the departments impacted by these vulnerabilities and threats, the risk to noncompliance, and the likelihood, severity, and risk level of the vulnerabilities. Finally, you will also recommend best practices to address the identified vulnerabilities.
The information within the tabs of the Risk Assessment Report file will help you complete this milestone and fill in the assessment located on the next page.
Vulnerability Name: Describe particular weaknesses or flaws in your security that could be exploited by a threat source to cause a security violation or breach.
Threat Source: Describe the threats that could take advantage of the vulnerabilities. Consider the four categories of threats—adversarial, accidental, structural, and environmental—as well as more specific examples such as external and internal threats, users, visitors, viruses, natural hazards, and so on.
Departments Impacted: Identify the departments impacted by the crisis with a brief explanation of how each is impacted.
Noncompliance: Explain how the identified vulnerabilities lead to risks of potential noncompliance with HIPAA privacy and security regulations.
Likelihood of Occurrence: Determine if the likelihood of occurrence is high, medium, or low, and explain your reasoning.
Impact Severity: Determine if the impact severity is high, medium, or low, and explain your reasoning.
Risk Level: Determine if the risk level is high, medium, or low, and explain your reasoning.
Recommended Best Practice: Give recommendations for the best new safeguard(s) that can reduce further risk from this vulnerability. These safeguards may include policies, procedures, software, and so on.
Vulnerability Name Threat Source Departments Impacted Noncompliance Likelihood of Occurrence Impact Severity Risk Level Recommended Best Practice
Modified from HIMSS Security Risk Assessment Guide/Data Collection Matrix with permission of HIMSS.
Highest Priority Vulnerability
What is the highest priority vulnerability the organization needs to address to ensure compliance with HIPAA privacy and security regulations?
Use your risk assessment to justify why this is the highest priority: