Week 3 Discussion: Cybersecurity & Patient Privacy

Week 3 Discussion | CI1000: Computer Basics for Healthcare Professionals | 60 Points

Aligns with CO-3 (Digital Ethics & HIPAA Compliance)

The Scenario

A medical assistant at Sunnydale Clinic receives an email from "IT-Support@sunnyda1e-clinic.com" (note the "1" instead of "l") warning that her EHR account will be locked unless she clicks a link and verifies her login credentials within 24 hours. She's not sure if the email is legitimate.

Discussion Prompt

Use the cybersecurity and HIPAA knowledge from this week to analyze the scenario and respond to all three parts:

Part 1: Identify WHAT TYPE of cyberattack this scenario represents and explain the specific warning signs that helped you identify it. Reference at least two red flags from the lesson.
Part 2: Describe what the medical assistant should do — step by step — and explain WHY each step matters for patient data protection and HIPAA compliance.
Part 3: Think about your own future workplace: describe ONE policy or practice a healthcare organization should implement to prevent this type of attack. Reference a concept from the lesson (e.g., phishing awareness training, strong password policies, MFA).

Requirements

Initial post: 250+ words covering all three parts
Two replies to classmates: 75+ words each
Initial post due Wednesday 11:59 PM ET; replies due Sunday 11:59 PM ET

Due Dates

Initial Post: Wednesday by 11:59 PM (ET)
Two Replies: Sunday by 11:59 PM (ET)

Grading Rubric

Criterion	Points
Correctly identifies attack type with two or more specific red flags	20
Provides clear step-by-step response with HIPAA reasoning	20
Proposes a realistic prevention policy with lesson-based concept	10
Two substantive replies to classmates (75+ words each)	10
Total	60

“The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards.”

— Gene Spafford

← Previous: Lesson 3.3 Next: Week 3 Assignment →