Assessment Description: Organizations need to clearly identify risks before they become relative issues. Therefore, it is important for security professionals to comprehend what must be done to constr

Assessment Description: Organizations need to clearly identify risks before they become relative issues. Therefore, it is important for security professionals to comprehend what must be done to constr 1

CYB-650 Augusta Medical Hospital

Mission, Vision, and Values:

At Augusta Medical Hospital, our primary missions are patient care, education, and research. This means we bring world-class clinicians, pioneering research, and the latest technologies and breakthroughs directly to you, right here in Augusta, Georgia.

Mission:

Our mission is to provide leadership and excellence in teaching, discovery, clinical care, and service as a student-centered comprehensive research university and academic health center, with a wide range of programs from learning assistance through postdoctoral studies.

Vision:

Our vision is to be a top-tier medical facility that is a destination of choice for health care, discovery, creativity, and innovation.

Our Values:

Collegiality – reflected in collaboration, partnership, sense of community, and teamwork.
Compassion – reflected in caring, empathy, and social responsibility.
Excellence – reflected in distinction, effectiveness, efficiency, enthusiasm, passion, and quality.
Inclusivity – reflected in diversity, equality, fairness, impartiality, and respect.
Integrity – reflected in accountability, ethical behavior, honesty, and reliability.
Leadership – reflected in courage, honor, professionalism, transparency, and vision.

Augusta Medical Hospital: Your role

The Augusta Medical Hospital has hired you as their new Chief Information Officer/Chief Information Security Officer (CIO/CISO). Over the last two years, Augusta Medical Hospital has been the victim of several cybersecurity incidents. Many of these incidents involved Ransomware, forcing the organization to pay the ransom to regain access to their data and patient medical records. Your employment is part of a comprehensive approach by the organization's leadership to improve the organization's overall security and protect patient medical data.

Leadership Objectives:

Augusta Medical Hospital is planning on doing a significant upgrade to the information systems used in its clinic. The clinic consists of 22 doctors working in general practice and specialty medicine. The clinic supports over 10,000 patients in Augusta, GA, and neighboring counties. The clinic's last systems upgrade occurred in 2000 and consists of outdated equipment, software applications, and limited networking and integration abilities.

Medical Systems Requirements:

The medical systems need to be integrated with an existing medical system that will help improve patient diagnosis and support secure access to databases that contain patient medical records such as electronic medical records (EMRs), electronic health records (EHRs), personal health records (PHRs) and protected health information (PHI); support staff efficiency process with medical charting; and support access to medical insurance claims, radiology, pharmacy, and laboratory systems, along with the transfer of EHR to other medical providers.

The hospital chief experience officer and chief innovation officer would like to incorporate the patient's ability to view their medical records, including medical history, current diagnosis, and treatment plans, from the internet. The system should have the ability to enable patients to create and cancel medical appointments and pay any medical bills from the patient portal. A key priority of the hospital chief medical officer is to ensure that systems can support all the digital medical imaging requirements from the radiology department, such as computerized tomography (CT) scans, magnetic resonance imaging (MRI) scans, and X-rays.