Honouring Confidentiality
Explore the ethical principles of confidentiality and privacy in computing, focusing on a healthcare data breach case study. Learn the importance of risk assessments, reporting vulnerabilities responsibly, and complying with legal standards to protect sensitive health information effectively.
We'll cover the following...
Given the scenario below, select the approach that you would choose from the options provided.
Scenario
You are a skilled software engineer working for a healthcare insurance company. Your role involves maintaining and securing vast databases of sensitive patient information.
One day, as you conduct a routine security audit, you find a critical vulnerability in the company’s software system. You know that your company holds sensitive information of thousands of people. If the data is breached, it will expose protected health information (
As you look deeper into the issue, you realize that this vulnerability should have been detected long before. The gravity of the situation dawns upon you. You understand that credit/debit card data or credentials can still be updated or canceled, but the personally identifiable information is not likely to be changed, which makes it even more sensitive information that needs to be secured. So, this vulnerability can potentially result in a catastrophic data breach that could have devastating consequences for patients—their privacy violated, sensitive health information exposed, and the trust in your organization shattered.
One option is to turn a blind eye, hoping the vulnerability goes unnoticed, thereby avoiding immediate consequences. However, you’re aware that this would directly violate
The alternative is to take swift action. You could report the vulnerability to your superiors and work with them to fix it.
What do you do now?