In the recent past, several instances of data breaches have happened and successfully led to the compromise of the information systems of various companies resulting into organizational and individual implications (Smyth 2015). For instance, a report by Smyth (2015) shows Medicaid’s information systems were successfully compromised, leading to massive losses of individual data. Other companies in the list include Excellus Blue Cross and Blue Shield that had their information systems compromised in September 09, 2015.
Besides, Cancer Care Group reported data breach attacks on September 02, 2015, that caused personal and organizational loss of data. Exploitations of the vulnerabilities of information systems of CareFirst BlueCross BlueShield Company that has significant operations in the healthcare industry had serious implications on the integrity, confidentiality, and availability of individual and organizational data.
Information security incident that happened through a successful cyber-attack of BlueShield’s information systems in May 2015 caused a data loss belonging to 1.1 million customers. Data breaches were noted to have implications at individual and organizational levels because of the loss of personal and organizational data (Nelson, Phillips & Steuart 2015).
The discovery of the data breaches was discovered when Mandiant-led conducted a security review of BlueCross BlueShield’s information systems. It was established that hackers had exploited the vulnerability of the information system and gained entry into the database customers used to access the company’s websites for online services.
Smyth (2015) notes that the implications include the loss of sensitive personal data that consists of birth dates, subscriber information, names, and email addresses at individual and company levels. That led to the breach of confidentiality, integrity, availability, and privacy, the core defining elements of computer ethics.
Despite that, the social security numbers of the members were not accessed because their passwords were already encrypted, which made it impossible for the hackers to decrypt them. Encrypted passwords made it impossible for the hackers to access data consisting of financial claims, medical claims, employment data, and credit card information.
According to Smyth (2015), the consequences related to the loss of data that was in the custody of the organization demonstrate the vulnerability of the organization’s information systems. Besides, various questions arise on the effectiveness of the information security measures, observance and application of existing laws and standards, policies, honesty, integrity, and employee practices to protect the information assets.
Issues such as the use of encryption to protect data under the State security breach notification law known as the safe harbor arise. However, important questions arise on the credibility of the notifications issued to the customers that the data breaches happened through unauthorized access to the companies’ information systems. That is besides loss of trust in the side of the customers, especially because the events led to the misuses of sensitive personal data.
The ethical implications at company level resulting from the loss of data were related to the loss of privacy. The principles that guide the behavior of people and organizations in protecting other people’s data and organizational information assets were breached. According to the Health Insurance Portability and Accountability Act Regulations (HIPAA), failure to adequately protect personal data contravenes the regulations and leads to loss of trust (Nelson, Phillips & Steuart 2015).
Privacy issues include unauthorized access to sensitive data, which leads to the breach of privacy principles, identity theft, confidentiality, and intrusion. Privacy principles include security privacy that was violated because the organization failed to adequately control logical and physical access to data. Besides, the ethical issues of infringement of copyright laws and intellectual property regarding unauthorized access to private data contrary to the belief that information should be free happened.
References
Nelson, B, Phillips, A & Steuart, C 2015, Guide to computer forensics and investigations, Cengage Learning, New York.
Smyth, V 2015, ‘Cyber-security fortresses built on quicksand’, Network Security, vol. 8, no. 2015, pp. 5-8.