| Question 1: How can stolen medical identities be used? |
| Reference: | Coventry, Lynne, and Dawn Branley. "Cybersecurity in healthcare: A narrative review of trends, threats and ways forward." Maturitas 113 (2018): 48-52. |
| Choice A: | Obtain health services and prescription |
| Choice B: | Fraud |
| Choice C: | Open bank accounts |
| Choice D: | Secure loans |
| Choice E: | All of the above |
| Question 2: What is the number one cybersecurity risk for health care organizations? |
| Reference: | Joyce, Christine, et al. "Emerging Cybersecurity Threats in Radiation Oncology." Advances in Radiation Oncology 6.6 (2021): 100796. |
| Choice A: | Injection |
| Choice B: | Phishing |
| Choice C: | Man-in-the-Middle |
| Choice D: | Denial-of-Service |
| Question 3: What access will NOT be lost after a successful cyberattack in a health network? |
| Reference: | Nelson, Carl J., et al. "Development of rapid response plan for radiation oncology in response to cyberattack." Advances in Radiation Oncology 6.1 (2021). |
| Choice A: | Electronic medical records access |
| Choice B: | Hospital Secure email / telecommunication platform access |
| Choice C: | Personal messaging devices |
| Choice D: | Departmental virtual server residing on the hospital network |
| Question 4: An example of informational continuity from the perspective of a radiation oncology patient is based on which of the following? |
| Reference: | Christ, Sebastian, et al. "Continuity and coordination of care in highly selected chronic cancer patients treated with multiple repeat radiation therapy" Radiation Oncology (2021): 16:227. |
| Choice A: | medical oncologist evaluation |
| Choice B: | Chronic cancer disease management |
| Choice C: | surgeon evaluation |
| Choice D: | linear accelerator uptime |
| Question 5: What is the most appropriate background for business continuity planning? |
| Reference: | Zawada, Brian. "The Business Continuity Operating System," Gravitas Press, 2021. ISBN:9781735943527, p18. |
| Choice A: | information technology |
| Choice B: | legal |
| Choice C: | risk management |
| Choice D: | medical school |
| Question 6: A Business Continuity Management System can be viewed from which of the following perspectives? |
| Reference: | The International Organization for Standardization. "ISO 22301: Security and resilience – Business continuity management systems - Requirements," 2nd edition, 2019-10, pp vo=vii. |
| Choice A: | business |
| Choice B: | finance |
| Choice C: | internal processes |
| Choice D: | interested parties |
| Choice E: | All of the above |
| Question 7: Running off of a cloud platform keeps your health system safe from cyber attacks? |
| Reference: | Hart, Ariel, “Cyber attack disrupts cancer care” The Atlanta Journal Constitution. April 27, 2021
(https://www.ajc.com/news/investigations/cyberattack-disrupts-cancer-care/EJWYPB3KNNEMDAJK2FW2HFULLM/) |
| Choice A: | True |
| Choice B: | False |
| Question 8: The weakest link in a healthcare institution is: |
| Reference: | Mulcahy, Nick, “Recent Cyberattack Disrupted Cancer Care Throughout U.S.” Web MD Health News, July 20, 2021.
https://www.webmd.com/cancer/news/20210720/recent-cyberattack-disrupted-cancer-care-us |
| Choice A: | Poor IT preparation |
| Choice B: | Healthcare Employees |
| Choice C: | Hospital firewall systems |
| Question 9: A successful backup and recovery strategy should include |
| Reference: | NISTIR 8374 - Ransomware Risk Management: A Cybersecurity Framework Profile, National Institute of Standards and Technology James K. Olthoff, Performing the Non-Exclusive Functions and Duties of the Under Secretary of Commerce for Standards and Technology & Director, National Institute of Standards and Technology
NIST Guide for Conducting Risk Assessments https://www.nist.gov/publications/guide-conducting-risk-assessments |
| Choice A: | Dispersed backups on a segregated network (many copies) |
| Choice B: | Backups that include at minimum one copy on immutable storage |
| Choice C: | Backup frequency that maintains a reasonable Recovery Point Objective (RPO) |
| Choice D: | Annual Testing of your Recovery Plan |
| Choice E: | All of the above |
| Question 10: Single vendor environments can be categorized into different infrastructure categories when assessing your ransomware preparedness and developing Disaster Recovery (DR) and High Availability (HA) plan which include |
| Reference: | Recommendations on Securing Customer Purchased Varian Products from Ransomware (CTB GE-1076-A)
Disaster Recovery (DR) - User Implementation Reference Guide (UG-GE-DRRG-A)
Mission Critical Application Protection (MICAP) Whitepaper (CTB MI-781-B)
Backup Guidelines (CTB GE-936-C) |
| Choice A: | The Treatment Delivery System |
| Choice B: | Customer Hosted Software and Services |
| Choice C: | Vendor Hosted Software and Services |
| Choice D: | Mixture of A, B, and C |
| Choice E: | All of the Above |
