Which situation described in scenario 1 represents a threat to HealthGenic?

Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients’ data and medical history, and communicate with all the [^involved parties, including parents, other physicians, and the medical laboratory staff.

Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.

The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic’s patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients’ privacy.

Which situation described in scenario 1 represents a threat to HealthGenic?
A . HealthGenic did not train its personnel to use the software
B . The software company modified information related to HealthGenic’s patients
C . HealthGenic used a web-based medical software for storing patients’ confidential information

Answer: B

Explanation:

According to ISO/IEC 27001:2022, a threat is any incident that could negatively affect the confidentiality, integrity or availability of an asset1. In this scenario, the asset is the information related to HealthGenic’s patients, which is stored and processed by the web-based medical software. The software company’s modification of some files that comprised sensitive information related to HealthGenic’s patients is an incident that could negatively affect the confidentiality and integrity of the asset, as it resulted in incomplete and incorrect medical reports and invaded the patients’ privacy. Therefore, this situation represents a threat to HealthGenic.

Reference: ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection ― Information security management systems ― Requirements ISO 27001 Key Terms – PJR

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments