https://www.globalsign.com/en/blog/cyber-autopsy-series-phishing-attack-magellan-health
Explain how your organization should restrict access to protect billing and PHI. Explain the organization's processes and workflows to safeguard PHI, including the use of passwords, password management, and password protection. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system. Describe common factor authentication mechanisms to include multifactor authentication.
Finally, review the mission and organization structure of your organization as well as roles within it, and recommend accesses, restrictions, and conditions for each role. What will happen if the CIO and the leaders do nothing and decide to accept the risks? Could the CIO transfer, mitigate, or eliminate the risks? What are the projected costs to address the risks?
