Unlawful influence on critical information

[rakhirhif8963]

To prevent any type of secret from being handled carelessly, an organization must:

Conduct training for employees on information security issues and personal responsibility for violations of the law in this area.
Conduct an audit of all organizational processes for compliance and observance of all laws.
Delimit access rights to medical information and limit the possibilities for its transfer outside the medical information system.
Forgery of documents or entering false data into the MIS
Forgery of medical documents and entering false information into medical information systems are the least common. As a rule, such violations are classified either as official forgery or as forgery of state documents and forms. Liability depends on the qualifying article:

Infrastructure. A fine of up to 1 million rubles or restriction of freedom for up to 2 years or imprisonment for up to 10 years.
Unauthorized access to computer information. A fine of up to 500 thousand rubles or restriction of freedom for up to 4 years or imprisonment for up to 7 years.
Forgery, production or circulation of forged documents, state awards, stamps, seals or forms. Depending on the forged document, it is punishable by either a fine or restriction or imprisonment for up to 2 years.
Let's look at cases from judicial practice. Unlawful influence on the critical information infrastructure and falsification of medical documents: a doctor and three nurses organized the issuance of fake COVID-19 vaccination certificates. The perpetrators were sentenced to 2 to 4 years probation.

Unauthorized impact on critical bosnia and herzegovina mobile database infrastructure and unauthorized access to computer information: a general practitioner generated vaccination certificates from her personal laptop, as she saved logins and passwords to the register of those vaccinated against COVID-19 in the Unified State Health Information System. The doctor was fined 300,000 rubles.

To prevent such violations, you need to:

Monitor the actions of employees in the workplace using specialized information security tools.
Restrict access to work information systems through personal devices.
Identify risk groups among employees.
Conclusion
An analysis of judicial practice in the healthcare sector shows a steady trend towards violations using official position: selling classified information, forging documents or entering false information into medical information systems. These violations occur due to a lack of control over the actions of employees who collect and transfer classified information to third parties. Other violations occur due to ignorance of information security rules or negligence, for example, transferring photos from medical information systems to friends in messengers.