Heart Group suffers computer breach

June 2nd, 2015 by admin No comments »

 

Laptop icon

Heart Group suffers computer breach

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Beacon Health attacked by phishing scam

May 30th, 2015 by admin No comments »
Downtown South Bend Indiana 02

Beacon Health attacked by phishing scam 

Beacon Health System in South Bend, Indiana suffered a data breach when it was attacked by sophisticated phishing attack and unauthorized individuals gained access to employee emails. The affected information includes patient names, doctor names, internal patient ID numbers, and patient status (either active or inactive).  According to the reports, Social Security numbers, dates of birth, driver’s license numbers, diagnoses, dates of service, and treatment and other medical record information could also have been accessed for some individuals.

“Beacon continued an extensive review to determine if sensitive information was affected,” Beacon explained in the statement. “On May 1, 2015, Beacon was advised that protected health information was contained in the affected emails. While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, Beacon confirmed that patient information was located within certain email boxes.”

Notification letters are sent to the affected individuals. According to beacon, there is no evidence of attempted or actual misuse of information. The statement fails to mention the number of people affected by the incident.

“Beacon is reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again,” the health system explained.

According to the statement:

Individuals are encouraged to regularly review any Explanation of Benefits statements received from insurers for suspicious activity. If an individual does not receive a regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report.Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

CareFirst database breached by cyber attackers

May 27th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

CareFirst database breached by cyber attackers 

The database which is used for members and other individuals to access CareFirst’s websites and online services was breached when cyber attackers gained access to it. The attack was discovered by the CareFirst IT security team. The company mentioned that it is working with Mandiant for IT examinations. The attack likely led to “limited unauthorized access to a database.

The affected information includes member-created user names created by individuals to access CareFirst’s website, members’ names, dates of birth, email addresses and subscriber identification numbers. Social Security Numbers, medical claims information and financial information were not affected.

“Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords,” the statement read.

Affected individuals will receive notification with an activation code to safeguard their accounts from further damage.

“We deeply regret the concern this attack may cause”, CareFirst President and CEO Chet Burrell said in a statement. “We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New York facility suffers data breach

May 22nd, 2015 by admin No comments »

A former employee at HHC Jacobi Medical Center in the Bronx improperly accessed and transmitted files containing PHI to her personal email account. According to the reports, the incident has put the PHI of 90,000 patients at risk.  Apart from that, the employee also sent the information to her email account at her new employer, New York City agency.

Affected information includes patient names, addresses, dates of birth, telephone numbers, medical record numbers, treatment dates and types of services, and limited sensitive health information. Information related to health insurance identification numbers, which may have included Social Security numbers

Laptop icon

New York facility suffers data breach 

, were also potentially exposed for some patients.

“The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization,” the statement read.

HHC believed that there is no evidence showing that the data was misused in any way, or that it was viewed or sent to anyone other than the former employee.

“HHC has taken immediate measures to prevent the recurrence of this incident, including the automatic blocking of communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network other than for legitimate business purposes,” the organization said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical billing company suffers data breach

May 20th, 2015 by admin No comments »
English: A wing of UPMC Shadyside, the co-flag...

Medical billing company suffers data breach

University of Pittsburgh Medical Center (UPMC) suffered a data breach when third party working with the facility reported that approximately 2,200 UPMC patients may have had their records exposed by an employee.

After the incident, a Medical Management LLC employee, no longer works for the company. It was found that the employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

Affected information includes names, dates of birth and Social Security numbers. Statement mentioned that there is no evidence that information about medical histories or treatments was disclosed.

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause for our patients,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners.”

“UPMC has been informed by law enforcement authorities based on their ongoing investigation that more employee information was stolen than they originally knew,” Gloria Kreps, a UPMC spokeswoman, wrote in an email to the Pittsburgh Post-Gazette. “This new information has indicated that employee names, Social Security numbers, addresses, salaries, bank account numbers and bank routing numbers may have been accessed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Computer infiltration by malware

May 18th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Computer infiltration by malware 

Cleveland’s MetroHealth System suffered a data breach when its computers were infiltrated by malware. According to the reports, 981 patients were notified that their PHI may have been compromised. The affected information includes patient names, dates of services, dates of birth, height, weight, medications administered during procedures, medical record numbers, case numbers (limited to only to that procedure), and cardiac catheterization raw data such as tracings of EKG and oxygen saturation.

Three computers in the facility’s Cardiac Cath Lab had malware, according to The Plain Dealer. The facility came to know about the breach on March 17, and patients who had procedures in the lab between July 14, 2014 to March 21, 2015 will potentially be affected. Financial information were not affected by the breach.

“MetroHealth has no evidence that the malware is used to obtain medical information,” MetroHealth said. “We sincerely apologize and regret that this situation has occurred.”

According to the statement:

In investigating the breach, the health system found that a business associate disabled antivirus software on the computers to facilitate a software update. There is no evidence that any health information was accessed.

The health system recommends that affected patients monitor account statements and any Explanation of Benefits statements related to the procedures.

In response to the breach, MetroHealth said it has strengthened procedures to protect patient privacy, including increased monitoring for malware and added antivirus update reviews, and revised software update procedures for the Cath Lab computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical records found in residential driveway

May 15th, 2015 by admin No comments »
A medical record folder being pulled from the ...

Medical records found in residential driveway 

An Orlando facility suffered a data breach after medical records were found in a residential driveway. According to the reports, Florida resident John Henderson received a letter from Orlando facility informing that a list of patients and their information was found in a neighborhood driveway. Henderson also mentioned that his son’s information was on the found patient list.

The affected information includes patient names, medical record numbers, account numbers and even diagnoses. The notification letter added that Social Security numbers and insurance information were not included on the papers. Facility mentions that one of its employees reportedly took the patient list home by mistake, and it is believed that it fell out of the employee’s car

“It just don’t make sense, it don’t make sense,” Henderson told the news source. “And I can’t believe Orlando Health is this irresponsible.”

Orlando Health said that notification letters were sent to 68 patients “out of an abundance of caution,” and that it does not believe that any harm will come from the incident.

“We understand the concerns of patients involved in this incident,” Orlando Health said in its letter, according to the news reports. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Improper disposal of paper documents leads to Lawsuit

May 12th, 2015 by admin No comments »
Laptop icon

Improper disposal of paper documents leads to Lawsuit

A lawsuit was filed against a Chicago area storage company, after it allegedly exposed sensitive patient information by dumping paper records in a public dumpster. Illinois Attorney General Lisa Madigan filed a lawsuit when improper disposal of paper records breached patient names, dates of birth, Social Security numbers and other sensitive personal information.

FileFax Inc. “failed to provide safe, secure and proper collection, retention, storage and destruction of Suburban Lung records, Madigan explained.

“This company brazenly violated the law and jeopardized the personal information and privacy of thousands of Illinois residents,” she said.

Earlier, Suburban Lung Associates had contracted with FileFax to maintain and destroy patient medical records. Affected individuals had been patients at Suburban Lung Associates. The facility operates in numerous north and northwest suburban Chicago locations.

According to Madigan, FileFax violated Illinois’ Personal Information Protection Act. The act was passed to ensure consumers’ personal information protection in the state. The lawsuit states that the company violated Illinois’ Consumer Fraud and Deceptive Business Practices Act. According to the lawsuit statement, in some instances, FileFax disposed of Suburban Lung records in an unlocked garbage dumpster outside of its facility that was accessible to the public.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Document goes missing in Florida

May 6th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Document goes missing in Florida

The Florida Department of Health allegedly suffered a data breach affecting five patients when sensitive document was stolen from the car. A department employee had documents in his car, which was broken into on March 31. According to the news source, the papers were in a secured briefcase.

One of the affected patient, Chris Kibodeaux claims that he was not notified until May 7. He said that his name, Social Security number, address, phone number and diagnosis were included in the stolen documents.

“Someone could’ve definitely had enough time to do what they were going to do, and if there is damage it’s already been done,” Kibodeaux said. “I’m going to have to pull my credit report and I’m going to have to try to figure out if someone has done something with my name.”

Chris does not want personal information of HIV Positive status in someone else’s hands.

“HIV is still a stigma,” said Kibodeaux. “It’s different me telling my status because it’s my personal tellings, but for someone to have that in the open, it’s not right.”

The facility mentioned that it is still in the process of notifying all affected patients, and that it will offer identity protection services to those individuals.

According to the reports, the letter Kibodeaux received said the employee was put on administrative leave while the incident is investigated, but the Department of Health said they could not comment on personnel issues.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Records accidentally sent to wrong recipient

May 5th, 2015 by admin No comments »
UT Southwestern

Records accidentally sent to wrong recipient 

Immunization records for approximately 1,000 patients at the UT Southwestern Medical Center were mistakenly sent to a confidential Texas registry.

“UT Southwestern notified us of the issue, and we deleted the records from the ImmTrac system,” department spokeswoman Christine Mann told the news source. “It appears it was an error and the issue has been resolved.”

The registry is used by physicians, health departments and school districts. The facility mentioned that the system is “subject to strict confidentiality requirements” and that all data transmitted is done with “high-strength encryption.”

Letter to patients, signed by Pamela Bennett, UTSW’s interim privacy officer mentioned that there is a very low probability that the information disclosed was compromised.

According to UTSW, the issue was due to a computer glitch that occurred during “a routine upgrade to the system”.

“We corrected the electronic issue in our system the same day it was discovered,” UTSW spokesman Russell Rian said in a statement, according to the news source. “And we worked diligently…to prevent any future occurrence.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Flash Drive and Data Exposure

May 4th, 2015 by admin No comments »
English: A Sandisk-brand USB thumb drive, SanD...

Flash Drive and Data Exposure 

According to the reports, a lost flash drive containing “limited patient information” rendered a hospital to send out notification letters. As per the statement, Roper St. Francis Hospital mentioned that the flash drive did not contain Social Security numbers, dates of birth or financial information. Affected information includes patients’ names, ages, diagnoses, and dates of procedures.

After conducting a thorough investigation, hospital spokesperson stated that Roper St. Francis does not believe that the information was inappropriately accessed or used in a malicious way.

The story was covered by South Carolina news station, WCSC. It did not state how the flash drive went missing, or if Roper St. Francis was making efforts to adjust its physical, technical, or administrative safeguards.

As per the mail to the security news website-

“A USB flash drive for a computer that contained some patient information was inadvertently misplaced.” The lost flash drive contained information for about 375 patients including name, age, diagnosis, date of service, length of stay, procedure, outcome and provider name, according to the spokesperson. However, it was reiterated that the flash drive did not contain Social Security numbers, financial information, dates of birth, addresses, or insurance information. 

“There is no evidence or reason to believe that the information has been improperly accessed, acquired, or misused in any way,” the spokesman wrote in the email. “We are notifying individuals affected to let them know what we are doing to protect their patient information.”

Phishing attack leads to data breach

May 2nd, 2015 by admin No comments »

Partners Health Care System, Inc. suffered data breach when it learned that employees had fallen victim to a phishing scheme, providing sensitive information to unauthorized individuals. Affected information includes names, addresses, dates of birth, telephone numbers, and Social Security numbers in a few cases. Moreover, patients’ clinical information, such as diagnoses, treatment received, medical record numbers, medical diagnosis codes, or health insurance information, could also have been exposed in a few cases.

“Responding to the ‘phishing’ emails created an opportunity for unauthorized access to the workforce members’ email accounts within the Partners HealthCare network,” the statement read. “When we learned of this, we took steps to secure the email accounts and contacted law enforcement.”

Partners’ affiliated hospitals and institutions are also potentially affected which includes Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital.

“We deeply regret any inconvenience this may have caused you,” Partners said in its statement. “To help prevent something like this from happening in the future, we have reinforced workforce member education regarding ‘phishing’ emails and are enhancing our existing technical safeguards to protect patient information.”

The hospital mentioned that notification letters are sent to the affected individuals. They believe that there is no indication of affected information being misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records exposure leads to data breach

April 29th, 2015 by admin No comments »
Los Angeles County-USC Medical Center (Emergen...

Medical Records exposure leads to data breach 

LAC+USC Medical Center (LAC+USC) – Augustus F. Hawkins (Hawkins) Mental Health Center mentioned  that patients’ records were found in the home of a facility employee, when a search warrant was being served at the residence. Authorities reportedly found confidential patient information for 900 Hawkins patients in the nurse’s home. The search was unrelated to County business.

“The incident has been reported to the Health Authority Law Enforcement Task Force (HALT), and we are also actively working with other law enforcement agencies,” the LAC+USC and Hawkins statement read. “We will notify the California Department of Public Health, the California Attorney General, and federal authorities in accordance with statutory requirements LAC+USC Medical Center is conducting a review of its privacy and security practices and will revise them as needed based on the findings.”

The affected information includes information such as names, medical record numbers, addresses, phone numbers, dates of birth, diagnoses, dates of admit, insurance carriers, insurance identification numbers, and Social Security numbers. Other personal data, including driver’s license information, may also have been compromised.

According to the reports, the nurse who allegedly took the documents has resigned and is no longer working at the hospital.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Maryland facility scam hit by Email Phishing scam

April 27th, 2015 by admin No comments »
Laptop icon

Maryland facility scam hit by Email Phishing scam 

Maryland-based St. Agnes Health Care, Inc. recently mentioned on its website that it suffered data breach when one of its employees was the victim of an email phishing scam. St. Agnes said that it sent data breach notification letters to approximately 25,000 patients. It included the warning as protected information was potentially exposed.

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” Saint Agnes Corporate Responsibility Officer Sharon McNamara said in a statement. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our email service provider and are evaluating additional ways to enhance our already robust security program.”

The affected information includes patient names, dates of birth, genders, medical record numbers, insurance information, and limited clinical information. There were four cases where Social Security numbers were exposed.

“Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account,” the statement read.

The statement failed to mention the date and time of breach incident.  Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ascension Health Facility hit by Email Phishing Scam

April 25th, 2015 by admin No comments »
English: email envelope

 Ascension Health Facility hit by Email Phishing Scam  

Ascension Health Facility suffered consecutive data breaches due to email phishing scam. It is not confirmed whether two incident were related to each other. Seton Family of Hospitals, a division of Seton Healthcare Family (“Seton”) announced the breach on the website. According to the reports, 39,000 patients’ got affected. Username and passwords was targeted by the scammers.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said in a statement.

The exposed information includes patient demographic information, such as names and dates of birth, medical record numbers, insurance information, limited clinical information, and Social Security numbers in a few cases. Medical records or billing records were not included in the breach.

“Seton launched an investigation into the matter, and the investigation has required electronic and manual review of affected emails to determine the scope of the incident,” Seton said in its statement. “Seton engaged computer forensics experts to assist with the investigation.”

The facility said that patients who had their Social Security numbers potentially exposed will receive free identity monitoring and protection services. Seton said that it is working with its email service provider “to evaluate ways to enhance its already robust security program,” and will provide more employee education on email phishing scams.

“We value the privacy and security of protected information, and we are committed to protecting the confidentiality and privacy of our patients and employees,” Garza said. “It is our priority to support those who have been affected.”

Washington’s attorney general and two lawmakers’ favors stronger data breach laws

April 22nd, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Washington’s attorney general and two lawmakers’ favors stronger data breach laws 

Washington’s attorney general and two lawmakers are calling for stronger data breach laws after the recent incidents of Premera Blue Cross and Anthem, Inc. data breaches. Attorney General Bob Ferguson, Sen. John Braun, and Rep. Zack Hudgins wrote an opinion piece in The Olympian this week.

As per the statement, current state data breach law is a decade old and obsolete and more meaningful and timely notification laws are necessary. They are trying to close current loopholes. The proposed legislation would require that individuals and the attorney general be notified within 45 days of a data breach occurring.

“In the present statute, there are too many loopholes about when notification must be provided, leaving consumer’s vulnerable to financial fraud and identity theft,” the opinion piece said. “The current law is alarmingly vague on the timeline to notify consumers when data has been compromised. And unlike other states, our current statute does not require notification to the Attorney General when a data breach puts state residents at risk.”

The proposed legislation states that HIPAA covered entities are “deemed to have complied with the notice requirements” if they have “complied completely with section 13402(f) of the federal health information technology for economic and clinical health act, Public Law 111-5.”

Murray discussed the data breach notification process as he was upset with the Premera data breach. He said that it was troubling that it took Premera so long to notify individuals, the media, and lawmakers that an incident took place.

“These failures are particularly troubling given the scope of the attack,” Murray wrote. “It is my hope that Premera can move with great speed and efficiency to ensure that my constituents receive prompt notice and information about the services that are being made available to them.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Email Phishing scam leads to data breach

April 20th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Email Phishing scam leads to data breach 

St. Vincent Medical Group, Inc. suffered data breach when approximately 760 patients’ PHI got exposed. Employee’s username and password was compromised because of an email phishing scam which resulted in to the incident. St. Vincent learned about the data breach on Dec. 3, 2014, and said that it “immediately shut down the username and password of the impacted account and launched an investigation into the matter.”

The affected information includes patient names, demographic information such as dates of birth and phone numbers, account numbers, and Social Security numbers in a few cases. Limited clinical information related to services patients received was also included.

“The investigation has required electronic and manual review of affected emails to determine the scope of the incident,” As per the statement.

As per the St.Vincent individual medical records and billing records were not accessed.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said.

St. Vincent mentioned that complimentary identity monitoring and protection services will be offered to patients whose Social Security number was exposed. It will also be providing further employee education on how to avoid phishing scams.

This is not the first time St.Vincent suffered data breach. Earlier, St. Vincent Breast Center mistakenly sent letters with patient information to the wrong addresses.

As per the previous statement:

“Please be assured that the Center is taking steps to mitigate this incident by notifying affected individuals through this substitute notice, media notice, and destroying all letters that have been returned,” St. Vincent said on its website. “The Center is also evaluating and making changes to its patient mailing processes internally and with external vendors to avoid an incident of this nature in the future.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malicious Software

April 17th, 2015 by admin No comments »

Malicious Software

Malicious Software is a kind of software which gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc.

What is the purpose of Malicious Software?

Malware may be intended to steal personal information or spy on computer users without their knowledge or it may be designed to cause harm, often as sabotage or to extort payment.

Types of Malware

Viruses

A computer program usually hidden within another seemingly useful program that duplicates itself to inserts them into other programs or files and destroys the data or performs intended action.

Trojan Horses

Trojan Horses is computer program that asks users to install it under the pretext of description which appears useful. It is the way to fool users by providing fake information for malware.

Rootkits

Malicious Software which conceals their identity by modifying the host’s operating system to hide from the user.

Backdoor Access

A backdoor is the method by which normal authentication procedures are bypassed, usually over a network connection such as internet.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Common sense can stop phishing attack

April 15th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Common sense can stop phishing attack 

What is phishing attack?

Phishing emails, websites and phone calls are designed to steal money. It can be also be done by installing malicious software. Cybercriminals asks you to install malware under pretext of useful software.

How to stop phishing attack?

Spelling & Grammar – Cybercriminals are not that good at spellings and grammar. Professional organizations have dedicated writers for drafting emails. So, the possibility of error in the phishing write up is more.

Fake Alerts – You may get the update from the company you know. Please check for the authenticity of the email and then take any action.

Website Links – Do not click the links from the email. They may also include direct download .exe file which installs malicious software on your computer.

Threats – One of the popular ways to steal the user is by threatening email which states that your account will get closed if you didn’t respond to the said email. Ignore such emails or mark them as spam.

Report Phishing Attack

Company Pretension – Verify the information with the official company helpdesk before taking action for the email, phone etc.

Phone Calls – Report to your local authorities if you receive any phishing phone call.

Emails – Report it to your email service provider like Google, Yahoo etc. if you receive phishing emails.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

IT security Professional Survey about Insider threat

April 12th, 2015 by admin No comments »
A percent sign.

IT security Professional Survey about Insider threat 

The SANS 2015 Survey on Insider Threats provided below results:

  • 74 percent of the IT security professionals said they’re worried about insider threats from negligent or malicious employees
  • 32 percent said they have no capacity to prevent an insider breach
  • 28 percent said insider threat detection and prevention isn’t a priority in their organizations
  • 44 percent of respondents said they don’t know how much they currently spend on solutions to mitigate insider threats
  • 45 percent said they don’t know how much they plan to spend on such solutions in the next 12 months
  • 69 percent of respondents said they currently have an incident response plan in place
  • More than 52 percent of survey respondents said they didn’t know what their losses might amount to in the case of an insider breach.

“While it’s good to see that a strong majority of security professionals are concerned about the dangers posed by insider threats, I was struck by the fact that investment in solutions that can help does not appear to be keeping pace with that concern,” SpectorSoft COO Mike Tierney said in a statement. “I believe a key action item called out by the survey data is that increased focus on, and investment in, addressing the concerns is required.”

According to the  2015 Vormetric Insider Threat Report:

  • 92 percent U.S.-based healthcare IT decision makers said their organizations are vulnerable to insider threats
  • 49 percent felt “very” or “extremely” vulnerable to insider threats.

According to the Harris Poll Survey-

  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.
  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.

“Healthcare data has become one of the most desirable commodities for sale on black market sites, yet U.S. healthcare organizations are failing to secure that data,” Vormetric CEO Alan Kessler said in a statement. “An overreliance on compliance requirements and a cursory nod to data protection point to systemic failures that are putting patient data at risk.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Skill gap widens for information security professionals

April 9th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Skill gap widens for information security professionals 

Today, organizations are finding it difficult to manage IT security threats and avoid error. They also face challenges to recover after cyber attack. According to the survey, by 2020 there will be shortfall of 1.5 million information security professionals.

The IT security of companies is being threatened by understaffed workforce and the high level of complexities. (ISC)2 conducted survey polled 3,000 information security professionals and practitioners worldwide.

“Our first workforce study was conducted in 2004 to illuminate critical concerns within the information and cyber security that were struggling for attention,” said Adrian Davis, managing director, Emea, at (ISC)2.

“The 2015 report shows that many of these issues are finally getting much-needed budget and priority, but we are facing new challenges and our skills and staffing challenge is growing,” he added.

Davis mentions that the findings are more or less similar to US and Europe.

“There are some small differences from country to country, but at a higher level, as information security environments become increasingly homogeneous, there is not much variance,” he told Computer Weekly.

“This is likely to be due to the fact that the legal and privacy environment in Germany may make companies more sensitive to protecting information,” he said.

The study also shows that security spending is increasing across the companies.

“We are playing catch-up in an environment where information security has never really made its case as being an interesting and exciting career, and where security professionals are retiring faster than they are being replaced,” said Davis.

Sony like attack possible

April 6th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Sony like attack possible 

According to the security researchers, many hackers across the globe can launch Sony like attack. Around 90% of the companies can suffer possibilities of hacking considering their current security standards.

There is no shortage of technically proficient people willing to launch such an attack, said Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker.

“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller tells “60 Minutes”‘ Steve Croft in an interview airing Sunday evening on CBS television stations.

Complicating things for companies is the sheer number of computers that must be protected, usually from the employees operating them, said Kevin Mandia, chief operating officer of FireEye, the anti-malware company that worked with Sony to mitigate the effects of the hack.

“The advantage goes to the offense in cyber,” Mandia says. The defense must defend every computer, thousands in some cases, but “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”

The Sony security breach was more serious that it was perceived. Hackers leaked the personal information which includes Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. They also leaked movies which were not released, as well as embarrassing emails between Sony Pictures executives, among other internal documents.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cloud Security Adoption

April 4th, 2015 by admin No comments »

 

 

English: Icon from Nuvola icon theme for KDE 3...

Cloud Security Adoption 

 

Cloud security is given more and more importance by the health care and pharmaceutical industries. These two represent about 38% from the sample survey for cloud security adoption. Privacy regulations and the related laws require the Protected Health Information (PHI) to be secured.

 

“While these regulations vary by region and local governments, the common theme is to ensure both the data at rest within the cloud application and associated data workflows are protected, which enables these organizations to launch new service portals and provide improved methods for sharing information,” the authors explained.

 

The survey also states that there is rising trend in adoption of data encryption software.

 

“While data encryption is considered the primary method for protecting data in the cloud, additional requirements include the organization’s ability to control access to the encryption keys and preserve search, sort and filtering functions,” the report stated. “Successful cloud security deployments also require workflows and interoperability with both enterprises on-premises applications as well as external cloud-based applications.”

 

Healthcare organization needs to adopt stringent security measures due to HIPAA Omnibus Rule, which also makes third party companies liable for data breach.

 

“For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis,” the Rule states. “Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Missing documents lead to data breach

April 2nd, 2015 by admin No comments »
English: MA Route 152 northbound in Attleboro ...

Missing documents lead to data breach

Life Care Center of Attleboro in Massachusetts suffered a data breach when the company that stores its patient records could not find certain documents. Iron Mountain which stores records for Life Care Center could not find certain documents which contained patients’ information. The breach came to notice during the audit. The affected patients involved those who received medical care in Life Care Center between 1992 and 2004. Employees who worked at Life Care between 1992 and 1999 may also suffer a data breach.

The compromised information includes patient names, addresses, Social Security numbers, dates of birth, diagnoses, and other medical status and assessment information. The missing box of documents may also contain financial information. It is not clear how the incident occurred.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.

According to Iron Mountain, records were inadvertently destroyed during a planned consolidation of storage facilities by a predecessor company.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.”

Iron Mountain mentioned that it will continue the search.

“Until Iron Mountain completes a full audit of its records, they will not be able to ascertain whether the stored boxes are located, missing, misplaced, or destroyed,” according to Life Care. “This audit is expected to be completed by December 2015.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Potential PHI exposure due to phishing scam

March 29th, 2015 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

Potential PHI exposure due to phishing scam

Children National Health System (Children’s National) employees fell victim to phishing scam which led to potential PHI breach for some patients. According to the reports, hackers could have gained access to PHI from the employee’s email account. The affected information includes names, addresses, dates of birth, and telephone numbers. Moreover, clinical information such as diagnoses, treatment received, medical record numbers, medical service codes or health insurance information, were also potentially accessed. Few records also included Social Security Numbers.

“We reported the phishing attack to federal law enforcement and continue to work with them in their investigation,” the statement read. “Importantly, neither patient charts nor our electronic medical records system were compromised. Only the discrete information contained in the email accounts was potentially affected.”

After the incident, the company is training the employees to handle the suspicious emails. The facility has enhanced its existing technical safeguards and a review of systems is underway.

According to the statement:

We have no evidence that this information in the emails has been misused or even accessed. However, in an abundance of caution, we began sending letters to affected patients on February 24, 2015, and have established a dedicated call center to answer questions patients may have.

We recommend that affected patients regularly review the explanation of benefits statement that they receive from their health insurer. If you identify services listed on your explanation of benefits that you did not receive, please immediately contact your insurer.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

HIPAA Compliance and the Cloud

March 26th, 2015 by admin No comments »

HIPAA compliance is becoming an important topic with the rise of Cloud usage. It is important to secure the patients’ data because there are vulnerabilities in cloud storage. The HIPAA Omnibus Rule had made several changes in terms of handling patient’s data. Now, cloud service providers are considered as business associates and remain accountable in case of breach.

According to the HIPAA rule, patients’ privacy is protected, regardless of where it is being stored which includes cloud storage option.

“For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”

The Center for Democracy and Technology (CDT) has published Frequently Asked Questions (FAQs) about the Omnibus Rule.

“The obligations of a business associate depend on the extent of services and functions it is performing with PHI on behalf of a covered entity,” the CDT paper states. “A CSP that has no capability to access PHI, that provides storage functionality only, and that adheres to HHS standards with respect to encryption should have little liability risk as a business associate (except to ensure that it properly manages encryption).”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare Data Breaches and Patients

March 23rd, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Healthcare Data Breaches and Patients 

Healthcare breaches affect hospitals and patients alike, says survey by TransUnion. The organization can face huge penalties from the Department of Health and Human Services (HHS) due to data breach. The lost personal information takes time to recover and leads to loss of trust.

According to the recent survey, healthcare data breaches can also push patients away from the affected organization. TransUnion conducted an online survey of around 1200 US adults who received medical care.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” TransUnion Healthcare President Gerry McCarthy said in a statement. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

According to the survey-

  • Sixty-five percent of surveyed adults said that they would avoid providers that experience a healthcare data breach
  • Forty-six percent of those surveyed said they expect a notification within one day of the breach
  • Thirty-one percent said that they expect to receive a response or notification within one to three days
  • Seventy-three percent of patients ages 18 to 34 said they were likely to switch healthcare providers after a data breach

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new health care provider following a data breach,” McCarthy said. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Florida Hospital Employees compromise Patient PHI

March 21st, 2015 by admin No comments »
English: Florida Hospital Celebration Health -...

Florida Hospital Employees compromise Patient PHI

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sacred Heart Health Systems suffers billing data breach

March 19th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Sacred Heart Health Systems suffers billing data breach

Florida facility of Sacred Heart Health Systems suffered data breach when its third party vendor experienced email hack. The affected information includes patient names, dates of service, dates of birth, diagnoses and procedures, billing account numbers, total charges, and physician names. Along with above information, 40 patients’ Social Security numbers were also compromised.

“Upon notice of the incident, Sacred Heart, in cooperation with our billing vendor, immediately launched a thorough investigation into the matter,” according to the company statement. “Sacred Heart engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.”

According to the reports, third party billing vendor employee’s e-mail username and password were compromised because of this incident. The Facility is trying to solve the loopholes in the email system to avoid such incidents in the future. It is working with email service provider to evaluate how to enhance its “already robust security program.”

According to the statement, Sacred Heart said that it will offer complimentary identity monitoring and protection services for patients whose Social Security number was affected. As soon as the incident came to notice, the access of employee username and password were immediately shut down.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Missing encrypted devices leads to data breach

March 17th, 2015 by admin No comments »
Laptop icon

Missing encrypted devices leads to data breach 

Home health and hospice company Amedisys suffered data breach when its encrypted devices which consisted of computers and laptops went missing. Amedisys failed to find near about 142 devices. The incident came to notice when risk management process was conducted. The devices were assigned to Amedisys clinicians and other team members who left the company between 2011 and 2014.

The compromised information includes names, addresses, Social Security numbers, dates of birth, insurance ID numbers, medical records and other personally identifiable data.

“The confidentiality and security of patient information has been and will remain a top priority for Amedisys,” Chief Compliance Officer at Amedisys Chief Compliance Officer Jeffrey Jeter explained. “We have worked actively with leading risk management and technology experts to inventory and assess devices that may contain personal or health information and ensure the integrity of our information security systems.”

Amedisys explained the situation on its website statement.

“All of the computers were encrypted, and the vast majority of them were used by licensed Amedisys clinicians to provide care for patients in their homes,” Amedisys stated, adding that it has not been able to rule out “unauthorized access to patient data.”

According to the statement:

We have received no reports of any hacking, fraud, or identity theft. However, as required by law and out of an abundance of caution for our patients, we are providing notice to all patients whose information was on devices because we cannot rule out unauthorized access to patient data on the devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malware hits Advantage dental database

March 13th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Malware hits Advantage dental database

Oregon based Advantage Dental suffered data breach when its internal database was attacked by malware. The unauthorized access affected 151,626 Advantage patients. The compromised information includes names, dates of birth, phone numbers, Social Security numbers, and home addresses. According to the reports, treatment, payment, and other financial data were not accessed.

“Since terminating the illegal access, Advantage has been reviewing and improving its safeguards, implemented mitigation steps to prevent further access and has been working with law enforcement to properly determine the scope of the incident and any additional steps that might be required,” the statement read. “At this time, Advantage has no indication that the stolen information has been used for criminal activity, to include identity theft.”

Advantage Compliance Manager Jeff Dover told that the theft happened after the malware accessed an Advantage employee’s computer. Username and password that allows access to the membership database was stolen from there. This is a separate database from the one that contains financial and treatment information.

“Unfortunately this happened,” Dover said, adding that Advantage computers are equipped with anti-virus software, but sometimes new variations of a virus are not detected. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.”

After this incident, Advantage is no longer allowing access to its internal patient database from computers that are not within company clinics or its Redmond headquarters.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

11M affected by Premera Health data breach

March 11th, 2015 by admin No comments »
English: Blue Cross Blue Shield Tower under co...

11M affected by Premera Health data breach 

Sophisticated cyber attack on Premera Blue Cross leads to health data breach affecting 11 million individuals. Company discovered data breach on Jan 29, 2015. Affected entities involve Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Also, members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska were also affected by the cyber attack.

The breached information includes Applicants and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information.

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected,” according to the Premera statement. “The investigation has not determined that any such data was removed from our systems.  We also have no evidence to date that such data has been used inappropriately.”

According to the statement, letters will be sent to affected individuals, and two years of free credit monitoring and identity protection services will also be offered to those applicants and members.

“As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” Roe said. “All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI breach due to break in

March 9th, 2015 by admin No comments »
English: Acer Aspire 8920 (with 18.4 inch scre...

PHI breach due to break in

Mosaic Medical may have suffered data breach when PHI got exposed due to break-in. The incident took place at a temporary office location for the facility’s Bend, Oregon location. Mosaic is not sure whether the medical record got accessed or not because at prima facie nothing appears to be stolen.

“The personal information that was possibly accessed was on paper documents within the office and included health information, medical insurance information, phone number, and e-mail addresses,” Mosaic said in a statement, according to local news station KTVZ. “A report was filed with the Bend Police Department and they have investigated the break-in.”

Mosiac Medical discovered that a break-in happened at night. According to the reports, the facility has taken steps like moving its HIT office to secure more information. Also, affected patients have been notified via letters.

“We understand the importance of safeguarding our patients’ personal information and take that responsibility very seriously,” Mosaic Medical Chief Operating Officer Allison McCormick said in the statement. “We will do all we can to work with our patients whose personal information may have been compromised.  We regret that this incident occurred, and we are committed to preventing future occurrences.”

Mosaic Medical is a local nonprofit community health center system with primary care clinics in Prineville, Bend, Madras and Redmond.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Online application glitch may lead to data breach

March 7th, 2015 by admin No comments »
Laptop icon

Online application glitch may lead to data breach 

A nonprofit organization, Painted Turtle based in California which runs a camp for children with life-threatening diseases and their families free of charge suffered data breach when some personal information may have been exposed because of online application glitch.

The affected information includes names, addresses, Social Security numbers, driver’s license numbers, personal medical information, and employment information.An error in the database of the painted Turtle’s online application server for campers and volunteers caused the data breach. Bank account and credit card information were not present on the server.

“We immediately brought the database offline to prevent anyone from being able to access your records,” Maher wrote. “Also, in an effort to prevent similar data breaches in the future, before bringing the system back online we updated our database’s code to prevent the issue from occurring again.”

According to the statement on the website:

Your information would not have been viewable unless a specific chain of events occurred.

Specifically: (1) you would have had to identify someone as a Reference in your application in 2013–2014, and (2) that person would have had to begin filling out an application as well, and (3) while that person’s application (and your application) was still pending, (4) they would have had to access their pending application and click “show related profiles” and your name. Again, your information would not have been accessible to anyone outside of the persons you listed as References in your application.

We became aware of this issue on January 12, 2015. As soon as this error was brought to our attention, we began taking steps to address and mitigate the risk to you. We immediately brought the database offline to prevent anyone from being able to access your records.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Texas warehouse vandalized

March 4th, 2015 by admin No comments »

A warehouse in Texas which stores patients’ records was vandalized leading to the data breach. The affected entity involves Westlake Medical Centre patients as intruders gained access to that particular section. The affected information includes patient addresses, health information, and Social Security numbers. The affected numbers of patients is not known.

According to the statement on website:

Warehouse Roof

Texas warehouse vandalized

Having recently purchased the practice formerly known as Westlake Medical Center, Hunt Regional Medical Partners Family Practice at Westlake is taking full responsibility for the potential breach.

The protection of private information is something we take very seriously. After being informed of the incident, Hunt Regional Medical Partners and the local Sherriff’s department began an immediate investigation and are in the process of notifying the affected patients. We have relocated the records and are reviewing internal procedures to determine added safeguards for the future.

As a precaution, Hunt Regional Medical Partners will also cover the cost for one year for you to receive credit monitoring from AllClear ID Alert Network.

We are committed to protecting the privacy of our patients. Please do not hesitate to contact us with any questions at our toll-free telephone number

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop stolen from Doctor’s Car

March 2nd, 2015 by admin No comments »
English: Laptop

Laptop stolen from Doctor’s Car 

Heath information was potentially compromised when laptop was stolen from doctor’s car. Around 400 patients are notified about the recent data breach. The incident took place at the Medical College of Wisconsin. According to the Medical College spokesperson, that a document with private information on about 400 patients was stolen from the vehicle, while a laptop with data on one patient was also taken.

“Firm policies are in place prohibiting the downloading of patient information to portable media, as well as the secured transport of documents containing patient information,” read a Medical College statement obtained by WDJT. “We sincerely regret that this unfortunate event occurred.

According to the statement, the affected patients are contacted and steps are taken to prevent this type of event. Institutional policy is revisited to safe guard the sensitive information. Excerpts from the statement on website -

The purpose of this policy is to address the appropriate protection and encryption of all MCW Electronic Protected Information (EPI) when it is stored, transferred or accessed on any mobile device.  Full mobile device encryption and related controls are required to access MCW’s electronic network or information through another means.

All Workforce members must protect MCW EPI. Workforce members using a Mobile Device owned by a workforce member, an external entity or one provided by MCW, to access or store EPI must have encryption using an institution-approved tool.

On personally owned devices (i.e. BYOD), should a workforce member choose not to permit MCW’s MDM tools and supporting processes on their personal device, access to MCW’s secured resources will be limited as outlined in procedure below.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

File Sharing and Security

February 28th, 2015 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

File Sharing and Security 

In recent times, file sharing is done frequently on the internal servers, websites or through Instant Messaging service. Due to availability of various services on personal devices like smart phones it has become challenging for the organization to secure the sensitive information. Even unprotected Windows networking shares can be exploited by intruders in an automated way. Companies can follow below guidelines to protect themselves from data breach:

  • Protecting your computer against malicious file sharing tools and websites
  • Domain checking of the website for authenticity and then allowing permission to transfer data
  • Downloading data from trusted sites
  • Save downloads instead of running them from pop up window
  • Checking license agreement and privacy statement before installing any software
  • Avoiding illegal downloads
  • Don’t open mail from unknown sources
  • Don’t share your computer access
  • Regularly update your security software with the patches
  • Check your security on regular basis
  • Don’t open your IM on public list
  • Never send sensitive information or files like credit card numbers, SSN’s etc on IM
  • Secure your IM by contacting security admin regularly
  • Highly social nature of IM helps imposters to get information
  • Beware of sharing your personal as well as company information with strangers

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Information Technology, PHI security and Access to records

February 26th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Information Technology, PHI security and Access to records 

In today’s demanding world, it is important to provide speedy access to clinician, staffs etc. to treat their patients. But Protected Health Information (PHI) security should also remain top most priority. The data breach not only puts patients at risk but also tarnishes the image of the institution. It’s better to follow below guidelines:

  • Protection of clinician workstations using  IT security measures
  • Restricting unauthorized access to PHI
  • Follow real world examples of most secured facilities
  • Use encryption software like Alertsec to protect your devices
  • Avoiding the pitfalls of online access
  • Recognizing malware by installing genuine anti virus
  • Preventing and responding to identity theft
  • Recovering from computer viruses
  • Understanding your computer and their use like email accounts, sharing, chats etc for sensitive information
  • Using secure connections
  • Use of desktop firewalls
  • Backing up data and refreshing affected systems
  • Work with people to understand importance of security
  • Thinking like an attacker and implementing security measures
  • Be wary of how much authority you give to a consultant
  • Record as much activity you can
  • Destroy discarded documents efficiently
  • Destroy and recycle electronics correctly

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Protected Health Information documents in Dumpster

February 24th, 2015 by admin No comments »

Suburban Lung Associates in Illinois may face a protected health information (PHI) breach after its medical record was found in the dumpster. Local CBS affiliate news station reported the incident. It found out that number of patient charts was thrown in the trash that contained PHI such as patients’ medical histories, Social Security numbers and driver’s licenses.

According to the reports, CBS affiliate discovered that the dumpster belonged to Filefax, a company that stores and transports medical records. The news station broadcasted news with inputs from dumpster driver. The women driver explained that Filefax had allowed her to take the papers a week prior and she had made ten trips with 1,000 pounds of Suburan’s medical records.

Filefax avoided news reporter after the incident. News station has alerted Northbrook police of the unsecure medical information, and police then ordered Filefax to secure the dumpster in their facility.

Hospital mentioned that its security policy mandates that the vendor destroy all medical files. They also said that they believe in protecting patient’s information at priority and this breach is isolated incident. The Illinois Attorney General and US Department of Health and Human Services are now investigating the breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

8.8 To 18.8M Individuals affected by data breach

February 22nd, 2015 by admin No comments »
Anthem Blue Cross-Blue Shield office in Denver.

8.8 To 18.8M Individuals affected by data breach 

The recent revelation by Anthem was the continuation of previous data breach which was caused by hacking incident. Anthem, Inc spokesperson stated that anywhere from 8.8 million to 18.8 million non-customers could be impacted. The affected information included names, birthdates, Social Security numbers, addresses, phone numbers, email addresses and employment data that may have included income information.

Credit card information, bank account numbers or other financial data were not affected. Anthem is a member of an independently run Blue Cross Blue Shield (BCBS) national network and runs the BCBS healthcare plans in 14 states. Other states’ plans are independently run. Approximately 105 million individuals have coverage under the BCBS license in 37 different companies.

The Anthem spokesperson said that the facility’s investigation is in process, but it estimated that tens of millions of personal records were stolen during the breach. Federal and State investigations are also conducted along with internal investigation. Anthem will start sending notification to the affected individuals. As per the report, the Anthem’s drive was not encrypted which aggregated the breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Sensitive information posted on Lone Star’s website

February 21st, 2015 by admin No comments »

Lone Star suffered data breach when sensitive data was posted on its website by the third party company working for them. According to the reports, exposed information included names, addresses, phone numbers and some dates of birth.

Lone Star CEO Rhonda Mudhenk told Roser that no financial information was compromised, and that the company at fault no longer works on Lone Star’s website.

English: A candidate icon for Portal:Computer ...

Sensitive information posted on Lone Star’s website 

Lone hired security expert to determine the parameters of breach. It is observed that many unauthorized individuals accessed the information. The clinic is offering one year credit monitoring services to the affected patients.

Mudhenk told Roser that Lone Star was taking the breach seriously, that the organization wanted to assure patients that no financial information was impacted, and that only five individuals had their full or partial Social Security number exposed.

Previous Lone Star breaches includes below incidents:

  • Lone Star suffered a data breach in May 2013 after an employee’s laptop was stolen affecting Protected Health Information (PHI)
  • The online exposure of information happened to the District Medical Group (DMG) affecting an unknown number of patient’s protected health information (PHI)

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen server leads to data breach

February 18th, 2015 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Stolen server leads to data breach 

Three notices were sent to patients informing them about the data breach which was caused by burglary in California dentist Dr. Cathrine Steinborn’s office. Apparently, first notice didn’t contain enough information, as two more notices were sent.

“Your dental records and radiographs were fully backed up, so there will be no loss of continuity of care,” Steinborn wrote in the first data security notice. “However, your personal identity and insurance information is on the server and could be compromised.”

The first notification failed to notify patient’s the details of information may have been compromised by the data breach. Dr. Catherine explained that a door was forced open and the server containing patients’ electronic records was stolen.

A police report was filed and the dentist’s office is working with its property manager “to enhance the physical security of the building,” Steinborn explained.

Second letter mentioned that the dentist’s office does not store patients’ financial information, such as credit cards, or driver’s license numbers but keeps names, addresses, phone numbers, insurance information, dates of birth and group numbers on file. Also, patients’ Social Security numbers, as well as all patients’ health history and dental records are kept in office.

“Our server had two levels of password protection, but was not encrypted,” Steinborn said in the second letter. “Currently, our files are in the cloud, in an encrypted form. I will be having the new server encrypted. An IT specializing in HIPAA will complete a thorough risk evaluation and we will be implementing robust physical and IT security going forward.”

Final letter was about security aspects.

“We previously provided notice of this incident to you, and are providing you additional information about the incident and helpful information on protecting against identity theft and fraud.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach due to device theft

February 15th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Data breach due to device theft 

A medical facility in Tennessee suffered data breach when external hard drive was stolen from employee’s home. Along with hard drive, personal electronics were also stolen. The affected information includes patient demographic information, dates of birth, Social Security numbers, phone numbers, and first and last dates of clinic visits. In terms of employee data, the hard drive contained titles, office location, Social Security numbers, dates of birth, pay rates, hire dates, and termination dates (if applicable).

According to the Boston Baskin Cancer Foundation statement:

  • The employee was properly authorized to work on the data at home as part of his job.
  • The hard-drive was not encrypted
  • Patients and employees may wish to place a fraud alert on their credit reports. Questions may be directed to a toll-free helpline

Organization can consider below precaution to avoid data breach due to stolen devices:

  • Encryption of all the work devices – Smart phones, Tablets, Laptops and desktops
  • Passcode protection
  • IT security training for employees
  • Implementation of administrative, technical, and physical safeguards

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A box of documents spilled off of a courier truck

February 13th, 2015 by admin No comments »
Kaiser Permanente office building in the Lloyd...

A box of documents spilled off of a courier truck

Kaiser Permanente suffered possible data breach when a box of documents spilled off of a courier truck. Incident took place during transit of box from Kaiser Permanente’s Kona Medical Office to storage. The company is notifying about 6,600 patients which includes – 4,000 patients who has their prescriptions electronically filled and the information may have been printed and included in the box of documents. The other 2,600 patients had their prescription paperwork in the box.

“Swift action by Kaiser Permanente employees allowed the retrieval of many of the documents, but unfortunately, not all were recovered,” the statement explained.

The documents were expired prescriptions. Affected information includes names, addresses, dates of birth, and medical record numbers. Moreover, the type and amount of specific medications were on the papers.

“You may get a letter and still not be affected,” Kaiser spokesperson Laura Lott told the news source. “But, we’re being very cautious because it’s the right thing to do.”

According to Kaiser Permanente statement:

Organization will offer credit monitoring to members whose Social Security numbers or driver’s license numbers was potentially exposed.

We are taking this matter very seriously and will inform each of the individuals whose information may have been involved in the incident,” Kaiser Permanente said. “As part of our outreach we are advising affected individuals to contact one of the national credit reporting agencies (Equifax, Experian, or TransUnion) to place a fraud alert on their file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hard Drive Stolen from Employee’s home

February 10th, 2015 by admin No comments »
Inner view of a Seagate 3.5 inches hard disk d...

Hard Drive Stolen from Employee’s home  

A medical facility in Tennessee suffered data breach when employee was burglarized and the hard drive was stolen. Reportedly, the personal electronics was also stolen from employee’s home. According to the Baskin Cancer Foundation statement, the device contained patient demographic information, dates of birth, Social Security numbers, phone numbers, and first and last dates of clinic visits. In terms of employee data, the hard drive contained titles, office location, Social Security numbers, dates of birth, pay rates, hire dates, and termination dates (if applicable).

Highlights of the data breach and statement:

  • The employee was properly authorized to work on the data at home as part of his job.
  • The hard-drive was not encrypted
  • The affected individuals are patients who were seen at each of Boston Baskin’s office locations between 2008 and July 2014.
  • All affected individuals are being notified by mail.
  • Patients and employees may wish to place a fraud alert on their credit reports. Questions may be directed to a toll-free helpline

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen laptop may lead to data breach

February 7th, 2015 by admin No comments »
Laptop icon

Stolen laptop may lead to data breach 

Private behavioral and mental health non-profit organization may suffer data breach after it found out that several laptops were stolen from its Noblesville location, Indiana. Organization believed that laptops were not stolen for the information. The stolen laptops “may have resulted in the limited disclosure of personal information” for both employees and patients.

Affected information includes names, addresses, and Social Security numbers for employees and a few clients. Moreover, some clients’ medical record numbers and personal health information may have been on the devices. However, electronic medical records were not on the laptops. Aspire mailed notifications to approximately 45,000 individuals which included 1,500 Social Security number.

Aspire added that it is offering identity protection services to members whose information was potentially exposed.

“Our organization is committed to maintaining the privacy and security of the personal information in our control, and we sincerely regret this incident occurred,” Aspire President and CEO Rich DeHaven said. “We have taken steps to enhance our security, including upgrading our alarm and security systems. We remain committed to continually improving our IT and physical security to further protect our data and our clients.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Emergency bill by Maryland General Assembly

February 5th, 2015 by admin No comments »
Maryland legislative districts

Emergency bill by Maryland General Assembly

The Maryland General Assembly passed an emergency bill which is designed to highlight and implement certain aspects of HIPAA and patient privacy. According to the new bill, forms will be made available to patients allowing them to request confidential communications with their health insurer or provider. The new bill also allows patients to send their medical information to a different address other than residence.

“The bill also specifies that certain written notices from an insurer to a claimant regarding denial of a claim made on an individual health insurance policy and certain annual summary explanations of benefits provided to an insured are subject to confidential communications requirements under HIPAA privacy rule,” stated the bill.

Simply put, HIPAA Privacy Rule explains that individual can request sending of medical information to another location if he or she is endangered because of the disclosure of certain information.

“Privacy concerns may encourage an individual to delay or avoid seeking services or to pay out-of-pocket despite insurance coverage,” the bill stated.

 “This may present a barrier to care for sensitive services such as reproductive care, substance abuse, or mental health. While confidential communication protections are already required under the HIPAA privacy rule, they are not well known.”

“It is important for patients to have confidence in how clinicians and others use their sensitive health information,” Lucia Savage, chief privacy officer of the Office of the National Coordinator for Health Information Technology, told Clemson University, which helped conduct the study.

 “Patient-centered decision making in electronic health information exchange can inspire trust in health IT and the papers in the journal, along with this study, give us new insights on these issues.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hackers potentially compromise data of 80 million individuals

February 2nd, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Hackers potentially compromise data of 80 million individuals

Anthem, Inc.’s database was attacked by hackers potentially compromising the personal information of approximately 80 million former and current customers, as well as employees. The affected information includes  names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

According to a statement from Anthem president and CEO Joseph Swedish posted on the company website:

“Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”

Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach using “very sophisticated external cyber attack”.

“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he said.

Anthem will notify the affected individuals.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish said. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”

The HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) has been collaborating with Anthem since it discovered the breach.

“As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Security Breach due to stolen device

January 30th, 2015 by admin No comments »
See related blog post

Security Breach due to stolen device

Premier Home Health (Premier) may likely suffer data breach due to stolen laptop and cell phone from a nurse’s apartment. The incident puts PHI at risks for 2,700 patients.  Premier is an Senior Health Partners (SHP) business associate. According to SHP, laptop was password protected and encrypted.

An SHP press release mentioned that a laptop bag that contained both the laptop and the cellular device was stolen. The cell phone was not password protected or encrypted and  the encryption key for laptop was stolen with the laptop bag

According to the forensic expert hired by SHP, it was unclear if the laptop was inappropriately accessed. Affected information includes names, addresses, Social Security numbers, Medicaid ID numbers, dates of birth, phone numbers, type of medical services provided, diagnoses and health insurance claim numbers.

According to the statement:

 Senior Health Partners sincerely regrets that this incident occurred.  It takes the privacy and security of members’ health information very seriously and expects its vendors to do the same. SHP values the trust its members have placed in it as their health plan, and it is SHP’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.

Although there is no report of any attempted or actual misuse of member information, SHP has retained AllClear ID to protect its members’ identities. SHP members who have been affected by this incident will receive access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring. SHP has advised its members to contact the confidential assistance line or their Care Manager for more information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Possible data breach in UMASS

January 27th, 2015 by admin No comments »
University of Massachusetts Amherst

 Possible data breach in UMASS

The University of Massachusetts (UMASS) Memorial Medical Group (UMMMG) found out that an employee allegedly accessed patient billing information outside their normal job functions. UMMMG started investigating in depth for  breach issue and and notified local law enforcement.

UMMMG mentioned that this employee no longer works for the company. According to the reports,local law enforcement also discovered an unauthorized individual in possession of copies of patient billing information. Affected information includes patient’s names, addresses, dates of birth, medical record numbers, and Social Security numbers. Other information which may get affected includes phone numbers, email addresses and credit or debit card information used for payments to UMMMG.

According to the UMMMG statement:

We deeply regret this incident and any inconvenience it may cause our patients. To help prevent this type of situation from happening again, UMMMG is further strengthening its privacy and information security program, including identifying additional measures and enhancements to existing safeguards to protect patient information. UMMMG is also re-enforcing staff education regarding our policies and procedures to safeguard patient information.

UMMMG is committed to the security of patient information and we are taking this matter very seriously. We began sending letters to potentially affected patients on January 30, 2015, and have established a dedicated call center to assist patients with any questions.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Ophthalmology and Dermatology patients affected by data breach

January 25th, 2015 by admin No comments »
English: Acer Aspire 8920 (with 18.4 inch scre...

Ophthalmology and Dermatology patients affected by data breach

Laptop has been reported missing from Riverside County Regional Medical Center (RCRMC) in California which led to the data breach. The affected individuals include approximately 7,900 ophthalmology and dermatology patients. The organization’s chief compliance officer, Jan Remm, said that the hospital wasted no time in informing local law enforcement.

“We are taking significant measures to safeguard patient privacy and to restrict unauthorized access to computers and devices that potentially contain patient data,” Remm said in a statement. “The privacy of our patients is a fundamental priority in our organization and part of our commitment to quality healthcare.”

The laptop was unencrypted. Remm stated that there will be in depth investigation of the problem. Notification letters are being mailed to potentially impacted patients. Affected information includes names, addresses, dates of birth, Social Security numbers and health plan policy numbers.

Remm believes that laptop was not stolen for the information it contained.  According to the press release:

Remm said the hospital has significantly strengthened its inventory controls to prevent future loss of electronic devices, while cyber-security experts are currently encrypting all the organization’s computers and laptops to safeguard patient data.

Patients concerned about whether their information was stored on the laptop are encouraged to contact the RCRMC confidential assistance line staffed with professionals familiar with this incident.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Security Breach in California

January 20th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Security Breach in California

California Pacific Medical Center (CPMC) mentioned in recent press release that one of its pharmacist employees possibly accessed patient records with no apparent business or treatment reason. There is possibility of data breach due to this incident. As per the policy, CMPC terminated its relationship with the pharmacist employee when the incident was discovered. CPMC audit of its electronic medical record (EMR) system revealed the probable data breach.

Affected information includes the last four digits of patient Social Security numbers, clinical information, and prescription information. CPMC notified affected 844 patients about the incident. According to the press release:

 The type of information varied for each patient. While the employee potentially viewed the last four digits of some social security numbers, the employee did not have access to full Social Security numbers, driver’s license numbers, California identification numbers, credit card numbers or financial account information. CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity.

No action is required by the patients in response to CMPC’s notice.

CPMC takes patient privacy very seriously. CPMC has also reiterated to all staff that policy allows them to access patient information only when necessary to perform job duties and that violating this policy may result in loss of employment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Stolen cellphone causes data breach

January 18th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Stolen cellphone causes data breach 

 

Albany, New York-based St. Peter’s Health Partners revealed that its manager cellphone got stolen and may lead to potential healthcare data breach.  The affected entity involved emails from the cellphone. After the investigation by St. Peter’s officials, it was determined that the cellphone was not encrypted.

 

According to the reports, the stolen cellphone may have contained emails that included patient appointment scheduling information for St. Peter’s.  Emails within the stolen device did not include any health record information or information on inpatient hospital treatment or emergency care.

 

Officials at the healthcare facility said there is no indication that emails have been accessed or viewed at this time. According to the news source, they believed the theft was random. After the incident, St. Peter’s reviewed all mobile devices networked to its corporate email system to ensure security compliance in response to this incident.

 

Steps to prevent data breach – cellphones:

 

  • Proper antivirus should be installed on cellphones
  • Periodically change the password to the corporate accounts
  • Encryption of the cellphone
  • Don’t install malicious software
  • Visual notifications for abnormal activity
  • Biometric identification
  • Using secured network access
  • Conducting security audit
  • User awareness about the proper usage

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

HIPAA violation by County employee

January 15th, 2015 by admin No comments »
English: St. Louis County Courthouse in Duluth...

HIPAA violation by County employee 

The recent incident involved sending of personal information of inmates at a county jail to a personal email address. The Saint Louis County Department of Health is investigating a potential HIPAA violation. The affected data includes names and Social Security numbers of several inmates. The information is related to the inmates who are imprisoned at St. Louis County’s Buzz Westfall Justice Center from 2008 to 2014.

The number of affected individuals is not known. As per the county department, there is no indication that anyone other than the employee accessed the information.

“St. Louis County is strongly committed to patient privacy,” the statement said. “It is something we take very seriously. Even though there is no indication that there was any intent to use the information to commit fraud, it is important to make sure that those potentially affected are fully aware of the violation that occurred and fully aware of the steps they are advised to take at this point.”

Information related to free credit monitoring is not confirmed but the County Health Department explained that if an individual believed that their information was potentially included in the email, he or she should check with any of the three major credit bureaus.

The employee who sent the information currently does not work with County who earlier resigned after completing 25 years of services.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop theft leads to data breach

January 12th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Laptop theft leads to data breach

Sunglo Home Health Services patients were affected by the recent breach as laptop containing sensitive data was stolen from the Harlingen, Texas-based facility. According to the reports, the burglar broke into a van in the Sunglo parking lot and drove away after filling the vehicle with various tools and gear.

It happened that he returned and broke into the Sunglo building by breaking a window with a fire extinguisher and stole computer that held patients’ Social Security numbers and personal information, including PHI.

The numbers of affected patients are not known which also include elderly and disabled persons. Sunglo drives patients across the Valley in the vans, which are kept in a parking lot at the Harlingen corporate office.

“We’re just worried about the safety of the patients themselves because of the information. We had to contact local police to see what we could do,” Means told.

The potential suspect is behind the bar. Harlingen police arrested Matthew de la Cruz based on surveillance camera footage. The security aspect of the laptop was not known including the status of encryption.

“It leaves you uneasy, just something that was there that you can’t recover, it’s an uneasy feeling,” Means told Action 4. “We don’t really want this to happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unencrypted computer stolen from IEHP

January 9th, 2015 by admin No comments »
Desk full of laptop computers

Desk full of laptop computers (Photo credit: Wikipedia)

Inland Empire Health Plan (IEHP) revealed that an unencrypted desktop computer was stolen from its Rancho Cucamonga facility. The affected information includes names, IEHP member ID numbers, dates of birth, addresses, phone numbers and dates of past or future appointments.

Children’s Eyewear Sight was the owner of the machine, which is a participating provider with IEHP that provides vision services. Social Security numbers were not present on the stolen computer.

“Rancho Cucamonga police were notified of the incident and subsequently apprehended a suspect,” IEHP stated on its website. “At this time, there is no evidence that the information has been accessed. The desktop computer was password protected, but the data was not encrypted.”

According to the statement:

The Compliance Department at IEHP has taken appropriate steps to report this incident to the Department of Health Care Services (DHCS), the Department of Health and Human Services (DHHS), the California Office of Attorney General (OAG) and to local media.

While there is no indication that your information will be used for fraudulent activities,IEHP would like to offer you the option of applying a confidentiality alert to the electronic record maintained by IEHP.

IEHP takes its duty to secure the personal information of our Members very seriously, and we appreciate the trust you have placed in us by choosing us as your health plan,” the letter stated. “We apologize for any inconvenience this may cause you.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Settlement of $12,000

January 6th, 2015 by admin No comments »
English: Indiana Attorney General Greg Zoeller

Settlement of $12,000

Indiana’s Attorney General finalized a settlement with Dr. Joseph Beck. Earlier 60 boxes of Beck’s patient records were found in a dumpster. Beck agreed to pay a $12,000 penalty in a consent agreement with the state. Dr. Joseph Beck works as a dentist who was accused of mishandling 5,600 patients’ medical records.

“In an era when online data breaches are top of mind, we may forget that hard-copy paper files, especially in a medical context, can contain highly sensitive information that is ripe for identity theft or other crimes,” Attorney General Greg Zoeller told. “This file dump was an egregious violation of patient privacy and safety.”

There are series of charges against beck which includes fraudulent billing and negligence. The affected information includes Patient names, medical records, phone numbers, dates of birth, Social Security numbers, insurance cards, insurance information and state ID numbers. The incident happened when Beck hired the third-party company.

“The amount of sensitive, personal data that is stored online is growing every day, and the risks are obvious as more people are impacted by massive corporate data breaches or individual identity theft that can imperil a consumer’s good name and credit rating,” Zoeller said, according to the Indiana Attorney General website. “Our existing laws are proving inadequate to address this global crime, and we must sharpen our legal tools and take action to keep Indiana on the forefront of protecting consumers.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Discharge Paper work causes data breach

January 4th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Discharge Paper work causes data breach 

Around 20 patients suffered data breach when their medical information was passed to other patient along with her discharge papers. The breach in Medical Center of Aurora apparently gave Karen Billings seven pages of operating room records after her hospital release.

The information contained Protected Health Information (PHI) for other patients. The data also included patient names, dates of birth, the doctor’s name, the procedure done, and the prescribed medication.

“I was shocked. I was mad. I was hurt that I had somebody else’s information,” Billings said.  “I wouldn’t want my stuff out there.”

In a statement, the healthcare organization said that it takes the protection of patients’ private information very seriously.

“We were made aware that one day’s surgery schedule was mistakenly given to a patient on November 22nd and, per policy, our Facility Privacy Official immediately began an internal investigation and we are notifying the affected patients,” the statement read. “We are committed to protecting the privacy of our patients and are reviewing internal procedures to determine additional safeguards we should implement.”

The affected individuals were shocked to get the data breach information from media rather than Medical Center of Aurora itself.

“If the doctor knew about it, the administrators knew about it, the hospital knew about it, then they should’ve been proactive instead of waiting, trying to hide it,” Scott Anderson told the news station.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Cyber Security breach affects 485K USPS Workers

January 2nd, 2015 by admin No comments »
English: United States Postal Service headquar...

Cyber Security breach affects 485K USPS Workers 

The breach in United States Postal Service (USPS) has affected around 750, 000 employees, as well as the data of 2.9 million customers. According to the reports, breach also potentially compromised 485,000 employees’ health information. Injury diagnoses, procedure codes, and the physical location of bodily harm were possibly exposed in the breach.

The affected information also includes names, dates of birth and Social Security numbers. The affected individuals include employees, former employees, and retirees who filed for workers compensation.

“The Postal Service took steps to obtain current addresses for as many affected employees as possible through private contractors who used, among other sources, the Postal Service’s own National Change of Address database,” USPS spokesman David Partenheimer said in a statement.

Partenheimer also told that all employees, former employees and retirees whose medical information may have been exposed received a notification letter last month.

According to the statement:

“The privacy and security of employee and customer data is of the utmost importance to us. Despite devoting a lot of time and attention to the security of our information systems, the Postal Service joins the list of major companies and government agencies that have had similar cyber intrusions,” the company said in its November statement. “The remediation efforts we took to address the cyber breach have resulted in an even stronger system to protect our data.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Reachout Home Care Services suffered data breach

December 30th, 2014 by admin No comments »
English: Laptop

Reachout Home Care Services suffered data breach

Theft of stolen laptop caused data security breach for the Reachout customers who live in the Dallas/Fort Worth area. According to the Reachout Home Care Services, their stolen laptop was unencrypted and contained protected health information (PHI).

According to the statement, 5,000 individuals had their information potentially exposed. The incident of theft occurred at the offices of ReachOut Home Care in Richardson, Texas. The computer contained names and claims data for patients. In some cases, Medicare identification numbers were included.

According to the statement:

At this time, ReachOut Home Care has no reason to believe the information has been used inappropriately. ReachOut Home Care is in the process of notifying all of its customers whose information was on the computer and will provide individuals whose Medicare identification number was included free access to a credit-monitoring service that can help them protect against potential misuse of their information.  We are strongly encouraging these ReachOut Home Care customers to enroll for the free service.

While ReachOut Home Care has policies and procedures in place to maintain the security of its members’ information, we are taking additional steps as a result of this incident. These steps include a comprehensive review of our technical security procedures with ReachOut Home Care and an inventory and review of all ReachOut Home Care equipment that maintains protected health information to ensure that all equipment has been encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop stolen from Car

December 25th, 2014 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Laptop stolen from Car 

According to the company statement, DJO Global employee’s laptop was stolen from a locked car in Roseville, Minnesota. While the laptop was password protected but it contained personal patient’s information. According to the company, apart from password protection, the laptop had firewalls, anti-virus software, logical access control and tracking/remote management software.

The affected information includes patient names, phone numbers, diagnosis codes, DJO products received by patients and the dates that products were ordered or shipped. According to the reports, information about doctors that tended to patients may have been included in the laptop.

“Since learning about this incident, we have been working very closely with data privacy experts,” the statement read. “As of today, we have conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.”

The affected numbers of patients is not disclosed by the DJO but all the affected are informed about the breach. No credit card information was included but a small number of Social Security numbers were present on the laptop.

“Please be assured that we also are taking reasonable steps to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again,” DJO said.

According to the statement:

  • Since learning about this incident, DJO have been working very closely with data privacy experts.
  • DJO has conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data breach involves Veterans

December 23rd, 2014 by admin No comments »
VA Medical Center in Long Beach, California

Data breach involves Veterans

Contractor’s flaw lead to the data breach which exposed sensitive information of around 7000 Veterans. The department of Veterans Affairs (VA) notified the incident and also told to the press that the vendor was providing home telehealth services to veterans. The breach was caused because of potential flaw in a vendor’s system.

“An investigation was immediately initiated and security scans were conducted by VA, which confirmed the concern,” the spokesman said. “The contracted vendor has assured VA that only vendor staff and VA staff had accessed this information. The security flaw in the vendor database was immediately corrected and VA continues to closely monitor the application.”

The affected information includes names, addresses, dates of birth, phone numbers and VA patient identification numbers.  Veterans are offered complementary credit protection services.

The VA didn’t disclose the name of the vendor but according to the reports, this particular data leak till now has not caused security problems. The information was potentially seen after a database was inadvertently exposed online.

The latest data breach has raised yet another concern in VA’s data security aspects. Earlier, the agency has also failed its annual cybersecurity audit. VA Chief Information Officer Stephen Warren presented the audit results at a House Veterans Affairs Committee hearing.

“Specifically, by not keeping sufficient records of its incident response activities, VA lacks assurance that incidents have been effectively addressed and may be less able to effectively respond to future incidents,” the GAO report stated. “In addition, without fully addressing an underlying vulnerability that allowed a serious intrusion to occur, increased risk exists that such an incident could recur.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data accessible on third party website

December 21st, 2014 by admin No comments »
English: Mercy North Medical Center

Data accessible on third party website

Redding, Calif.-based Mercy Medical Center found out that physician progress notes were publically accessible on a third-party website. Potentially affected patients took the treatment at Mercy Medical. Data breach doesn’t include Social Security numbers and other financial information.

The affected information includes patient names, medical record numbers, dates of birth, ages, dates of service, diagnoses, medications, review of systems, current therapies, and treatment plans.

“We sincerely regret this incident occurred and are taking appropriate measures to prevent any similar incident in the future, including continuing efforts to educate staff and physicians on securing medical information,” Michelle Kirby, Dignity Health Service Area Compliance Director mentioned on the letter which was posted on the California Attorney General’s website.

According to the reports, patients’ information is not believed to have been accessed inappropriately. Kirby suggested that patients can contact one of the three major credit bureaus and place a fraud alert on their credit file.

According to the statement, Mercy Medical simply explained that “Upon discovery the third party removed the link from their website rendering the information no longer accessible.”

Points to be considered:

  • Facilities should be active in implementation of security measures
  • All aspects of security should be considered instead of focusing on one
  • Proper training of the staff

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Northwestern Memorial laptop stolen

December 19th, 2014 by admin No comments »

 

 

English: Acer Aspire 8920 (with 18.4 inch scre...

Northwestern Memorial laptop stolen

 

Data breach occurred when Northwestern Memorial password protected, unencrypted laptop containing patient information was stolen from inside of employee’s vehicle. The affected information includes patients’ names, addresses, dates of birth, health insurance information, billing codes, date of services, physician’s name, medical record numbers, diagnosis, and treatment information. In a few cases, Social Security numbers might have also been compromised.

According to the statement on the website:

“We deeply regret any inconvenience this may cause you,” the statement read. “NMHC has a robust privacy and security program, including encryption of laptop computers. To help prevent something like this from happening again, NMHC is confirming and ensuring encryption of all laptop computers and reinforcing education with our staff on the importance of handling patients’ information securely.”

Northwestern Memorial has notified around 3,000 patients that their PHI was potentially compromised. According the reports, there is no malicious use of data. However, notification letters were sent to potentially affected patients and individuals are urged to reach out to a dedicated call center if they have any questions or concerns.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach may affect 200,000 individuals

December 17th, 2014 by admin No comments »
MSI laptop computer

Data breach may affect 200,000 individuals  

Belle Glade office of Family Central, Inc. in Florida suffered data breach when former employee accessed the electronic database inappropriately. The said database manages the personal information of individuals applying for or receiving services from the coalition.

“The security breach compromised the personal information of individuals whose data is contained in the system, including parents and children residing in Palm Beach County who have received school readiness services or participated in the Voluntary Prekindergarten Education Program,” the statement read.

According to the reports, federal officials are investigating the incident. Individuals who have received services from the organization are encouraged to carefully monitor their credit history and enroll for free fraud alerts with one of the three major credit agencies.

“Family Central has implemented additional security measures including expanded security training for all employees, further restricting access to the information system and revising data security policies,” the statement said.

Currently, 177 individuals are affected but the number can grow.

According to the statement published on company’s website –

Individuals who have received services from the coalition and Family Central, Inc., may wish to review their credit history for any potential fraudulent or suspicious activities they have not authorized.  To protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files.  A fraud alert notifies creditors to contact individuals before opening new accounts in their name.  

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Children Art Project and Data Breach

December 12th, 2014 by admin No comments »
English: Compact Disc Nederlands: Compact Disc

Children Art Project and Data Breach

A healthcare data breach was caused by what started as goodwill attempt when a health system employee mistakenly donated CDs having patients’ protected health information (PHI) for children’s projects.

According to the reports, Virginia Commonwealth University Health System (VCUHS) employee took CDs that were no longer needed for the organization’s services and gave it to Children as a reference for art project.  The affected information includes patients’ full name, and one or more of the following: home addresses, dates of birth, medical record numbers, clinical information and health insurance information. A few of the CDs also contained Social Security numbers.

The website statement didn’t mention about the number of individuals affected but likely more than 1,000 medical information records were involved.

“What began as a well-intentioned philanthropic effort by a staff member wanting to help turned into a serious mistake that we are working very hard to remedy,” John Duval, CEO of MCV Hospitals and Clinics, said in a statement. “This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients.”

VCUHS has revised its protocols regarding media destruction and will intensify its efforts to protect all sensitive information, Duval added. VCUHS said that it also re-collected most of donated CDs.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Subcontractor mishandled sensitive information

December 10th, 2014 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Subcontractor mishandled sensitive information

A potential data breach was caused because of information mishandling by  a health insurance subcontractor. According to the reports, WellCare Health Plans notified 47 Medicare subscribers at the end of November that their protected health information (PHI) was breached. Around 500 people were affected by this incident.

Social security numbers and other financial information were not exposed. Also, information regarding specific diagnosis was not revealed. A total of 47 people were notified in Monroe County along with more than 500 people in New York.

“When the error was discovered, WellCare sent postage-paid envelopes to the members who were believed to have received the inadvertent mailings,” the Democrat & Chronicle stated.

According to the reports,

The insurer said it was not aware of misuse of anyone’s information. Nevertheless, it urged the 47 individuals to review their credit card bills and other financial statements. The insurer is providing one-year credit protection.

The breach was a violation of the Health Insurance Portability and Accountability Act. Crystal Walker, director of public relations, said WellCare learned on Nov. 3 that a vendor had a computer coding error, which caused denial letters to be sent to the wrong members. The information included the person’s name, address, member ID number and general descriptions of the procedure, such as evaluation, radiology or administrative. No specific diagnoses were revealed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Series of lawsuits against Good Samaritan

December 7th, 2014 by admin No comments »
Legacy Good Samaritan Hospital & Medical Cente...

Series of lawsuits against Good Samaritan

Troy, NY-based Good Samaritan Hospital breach has various pending lawsuits from seven parties which include four current or former correction officers, a jail employee, the family of a correction officer on behalf of a minor child, and a private individual who sued the county.

“Rensselaer County has paid $25,000 in a court award and set aside $90,000 for expected legal fees in a flurry of lawsuits brought by jail officers and others whose medical information was viewed for years by employees using a computer in the jail nurses’ office,” the article stated.

Good Samaritan has earlier notified 23 people about data breach which resulted from stolen data from Rensselaer County Jail’s nurse’s station. The recent example involved inappropriate access to girl’s record. Case was resolved by parents agreeing for $25,000 settlement. Incident involved next door neighbor who is Rensselaer County Jail officer reportedly gaining access to the girl’s data.

To safeguard information companies should follow below steps:

  • Keep all HIPAA safeguards up-to-date
  • Training employees for importance of securing the data
  • Staff members must understand what type of medical access is appropriate
  • Proper HIPAA technical safeguards can monitor when employees log in, and whether that access is necessary

One should understand importance of technical safeguards whose definition goes by:

The technology and policies meant to protect electronic health information is safe. There used to be two divisions for this safeguard called “technical security and mechanisms” and “technical security services.” Covered entities are not forced to choose a specific type of technical safeguard as long as what they choose permits them to remain HIPAA certified and compliant.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Second Data Breach in one Month

December 4th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Second Data Breach in one Month 

Visionworks suffered two incident of data breach in span of two months which involved compromised protected health information (PHI). According to the reports, individuals who received services at Visionworks’ Jacksonville, Fl. are notified about the incident. During computer upgrade, a database server was lost which resulted in breach.

“The server potentially held partially unencrypted protected health information belonging to approximately 48,000 of the store’s customers,” the statement read. “All credit card information housed on the server was encrypted, and therefore should not be at risk. Customers’ exam information was not stored on the lost server.”

Visionworks also added that there is no potential reason for any misuse of the data on the server.

“Nevertheless, in an abundance of caution, Visionworks is notifying the customers potentially affected by the incident and informing them of the associated personal risks,” according to the statement. “In addition, Visionworks will provide those customers with free credit monitoring for one year.”

First data breach in Visionworks also involved a missing computer server that was lost during scheduled upgrades. As per the reports, around 75000 Visionworks customers were affected in that incident. The Visionworks stated that it was believed that the server was sent to one of the landfills along with other “miscellaneous refuse.”

According to the company’s statement:

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Dumpster Case Settled

December 2nd, 2014 by admin No comments »
English: Midwest Genealogy Center, Independenc...

More than 1,500 women in Missouri got affected by data breach

More than 1,500 women in Missouri got affected by data breach when their protected health information (PHI) was compromised after their personal records blew out of a dumpster on a windy day. According to the reports, Midwest Women’s Healthcare Specialists have decided to settle the case by paying amount of $400,000 to compensate the patients for the PHI exposure. All the affected patients will get the share from the victim’s fund.

“Both sides worked very hard to get this resolved quickly, and to seek justice for all of those involved,” plaintiff attorney Maureen Brady told the news source.

The affected records include patients’ names, Social Security numbers, addresses, procedures and tests performed. Papers were scattered up to several blocks away by the wind.

“At Midwest Women’s Healthcare we take patient privacy very seriously,” a spokesperson said in an email to the news station back in May. “We continue to thoroughly investigate this issue and will take appropriate action based on our findings. Midwest Women’s Healthcare is in the process of determining which patients may have been affected and intends to notify them as soon as possible.”

After the judge’s approval, the letters will be sent to patients explaining process to receive funds. The decision and status to implicate Midwest Women’s Healthcare for HIPAA violations by Department of Health and Human Services (HHS) is not known. Civil penalties from HIPAA violations, added to any compensation sought by potential victims could add up to amounts.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Former employee’s unauthorized access causes data breach

November 30th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Former employee’s unauthorized access causes data breach

Health care security breach was caused due to theft of 35 computers and 34 scanners by former IT contractor of Franciscan Health Systems. Three affected Washington hospitals are working to solve the lapses. According to the reports, the former employee Justin Page accessed one hospital six times, an administrative office 24 times, and an education and support facility eight times.

“We’re going to find the discrepancies in our system and make sure it doesn’t happen again,” Scott Thompson of Franciscan Health Systems told the news source. “We’re right now taking some internal review of all those policies and procedures, to make sure we’ve figured out why this happened and make sure it doesn’t happen again.”

Justin Page kept his active security pass months even after he had completed his work for the company. He is charged with stealing $100,000 in computers, scanners and other equipment from three Franciscan facilities. Court documents indicate Page attempted to sell the hardware to help pay for an expensive pill addiction. A man identifying himself as the suspect’s grandfather said Page was feeling sorry.

According to the preliminary reports, Patients’ Protected Health Information (PHI) might not have been affected. Organizations need more stringent administrative and technical safeguards to prevent such incidents. It is always advisable to keep track of individual’s activities having sensitive data access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Detroit hospitals hit by Medical Identity Theft

November 27th, 2014 by admin No comments »
English: Harper Hospital, Detroit, Michigan

Detroit hospitals hit by Medical Identity Theft

According to the reports, two hospitals in Detroit were affected when two thieves stole Protected Health Information (PHI) of around 1,400 people. The purpose of the thieves was revealed when phony tax refunds were filed for around $500,000 using the stolen data.

A search warrant was issued and the investigation led to confiscation of stolen information, which included bank records, credit cards, “stacks of hospital patient records” and hand written notes that included individuals’ names, dates of birth, and Social Security numbers. The accused Markitta Washington, 29, and Martez Lear, 29 allegedly took patient records to file false tax returns in other people’s names. Washington is a former employee of Henry Ford West Bloomfield Hospital and DMC Harper Hospital.

“Criminals should know that while technology has made it easier than ever for them to commit identify fraud, technology is also making it easier for law enforcement to catch them,” U.S. Attorney Barbara McQuade said in a statement. “We are making enforcement of identity theft a high priority because this crime has become so pervasive and can be so damaging to victims.”

Henry Ford spokesman David Olejarz told that the hospital takes the misuse of patients’ information very seriously and that the conduct of a former worker does not represent the entire hospital staff.

Approximately 1,000 patients’ PHI from DMC Harper was found in the home of the two suspects. After the investigation, Washington’s access to the computer systems was revoked.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Brigham and Woman’s Hospital suffered data breach

November 24th, 2014 by admin No comments »
MSI laptop computer

Brigham and Woman’s Hospital suffered data breach 

Brigham and Woman’s Hospital (BWH) laptop was stolen which may have exposed Protected Health Information (PHI) of certain individuals. An armed robbery off hospital ground led to stealing of BWH physician’s laptop and cell phone. According to the reports, physician was forced by the robbers to reveal pass codes and encryption keys.

“Possession of the pass codes/encryption keys along with the devices themselves could provide an individual the ability to view information stored on the laptop or cell phone,” BWH said. “The theft was immediately reported to the Boston Police Department.”

The hospital is unaware of the devices and the status of information access by the robbers is unknown. The devices include information about patients receiving treatment at BWH’s Neurology and Neurosurgery programs. The affected patients count stands at 999 for breached information which includes Patient names, medical record number, age, medications, and information about diagnosis and treatment. Social Security numbers or other financial information was not present on the devices.

“Upon learning of this theft, BWH initiated a thorough investigation, including the creation of a multidisciplinary workgroup to respond to this incident,” the statement said. “BWH is currently reviewing related policies and procedures in an effort to determine if there are steps that BWH can take that may decrease the likelihood of reoccurrence of this type of incident in the future.”

The hospital started sending letters to potentially affected patients asking them to report any illegal activity.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI exposed on emails

November 22nd, 2014 by admin No comments »
Anthem Blue Cross-Blue Shield office in Denver.

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line.

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line. It is not known whether the act of sending PHI in email is considered as data breach. The email was related to routine checkups and preventative screenings with their doctors. But the email also included information like age range and language along with possible medical screening tests – marked “Y” for recommended tests and “N” for tests not listed in the email.

This information is certainly sensitive, as you can imagine, because a call for certain tests, and frequency, could indicate a health problem,” wrote one female Anthem patient who received the email.

The woman said she received the following subject line from her health insurer:

Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N

“We know that patient privacy and security is just as important as having the most comprehensive medical records,” Mark Morgan, president of Anthem Blue Cross, told a reporter at the time of the HIE announcement. The incident occurred when the Anthem Blue Cross is working to further expand in the health IT world.

Blue Shield of California and Anthem Blue Cross has combined strength of 9 million customers in a new comprehensive network, Cal INDEX.

“Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider,” said Jonathan Mayer, a computer scientist and lawyer at Stanford who specializes in data security and privacy.

He added, “It’s especially bad when the information is in the subject line because who knows where that could pop up — on a desktop, a phone.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Computer server goes missing

November 20th, 2014 by admin No comments »
Headquarters of the insurance company in Pitts...

Headquarters of the insurance company in Pittsburgh, , . Address 120 Fifth Ave., Downtown. (Photo credit: Wikipedia)

A subsidiary of Pennsylvania-based health insurer Highmark Inc., Visionworks is facing potential data breach when its computer server went missing from Annapolis store.  Though safeguards and measures exist, incident like this happens when there is negligence in handling computers and data storage devices.

According to the reports, server consisted of partially encrypted Protected Health Information (PHI) which doesn’t includes Social Security numbers. The total of the affected patients stands at 75,000 customers. According to the Visionworks, Customer credit card numbers were encrypted.

Lisa Martinelli, the chief privacy officer for Highmark Health told that company is currently in the process of notifying affected patients. She also told that customers are offered free credit monitoring for one year.

According to the Statement:

An investigation is currently underway to locate a missing database server, which was replaced on June 2, 2014 during scheduled upgrades.

While the location of the server has yet to be determined, it is believed to have been sent to one of the store’s local landfills along with other miscellaneous refuse. At this time, there is no reason to believe that any of the information residing on the server has been accessed or used inappropriately.

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Bon Secours suffers data breach due to former employee

November 17th, 2014 by admin No comments »
Français : Rue Bon Secours, à Nantes

Bon Secours suffers data breach due to former employee.

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Medical records in Dumpster

November 15th, 2014 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

Medical records in Dumpster

Another case of improper disposal came to notice in Texas when medical documents containing “sensitive personal information” were spotted in a dumpster outside of a church in Alamo Heights. Affected information includes patients’ medical records and PHI from the offices of Dr. Huyen Nguyen and Dr. Orlando Kypuros. Affected information includes Patients’ medical conditions, Social Security numbers and driver’s license numbers.

“We were shocked that such information was found unsecure and outside our office,” Nguyen and Kypuros said in a statement to the news station. “Upon discovery of the breach, we immediately investigated the incident to determine how it occurred. Our investigation revealed that some of our employees were not following our office policy, which required protected health information to be shredded. Instead, they were placing the documents in a recycling container.”

After the breach, doctors ‘until further notice’ terminated the recycling program, counseled and retrained all employees, and revised their policies and procedures to ensure that such situation never happens again.

“We are in the process of identifying all affected patients and providing written notification in compliance with state and federal law, which will provide notification of the breach and directions for placing a fraud alert on a credit report,” the statement read.

Affected patients with most sensitive information were contacted personally by the doctor’s office and free credit monitoring services for one year has been setup. Number of affected patients is not known but all the records are under lock and key while the search for an explanation begins.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Community Center ID Theft

November 12th, 2014 by admin No comments »

 

http://openclipart.org/clipart/people/magnifyi...

Community Center ID Theft

A nonprofit system of health clinics in Florida suffered data breach due to identity theft criminal operation. The affected clinic Jessie Trice Community Health Center said that patient’s information was targeted. According to the reports, personal information that was stolen includes Patients’ names, dates of birth and Social Security numbers.

 

“The leadership of Jessie Trice Community Health Center, Inc. deeply regrets this incident and is working vigorously and diligently assessing how to mitigate future risks to all patients and has implemented new procedures and protocols to protect patient information so that this type of theft cannot reoccur,” Jessie Trice president and CEO Annie Neasman explained in the statement.

 

The incident is under investigation by FBI and IRS. Total count of affected patients stands at 7,888 and are notified about the breach. The organization has retained a leading data breach response vendor to work with patients through the process.

 

For additional information about the JTCHC data breach, statement asks to contact their corporate office. According to the statement, no medical records were obtained or have been compromised. The mode and how the theft occurred are not clear. But the statement mentions that immediate action steps are underway to ensure clients protection.

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

No Heath Data Encryption in Federal Sites

November 9th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

No Heath Data Encryption in Federal Sites 

Individuals used AIDS-related medical services information on government health websites which lacked health data encryption. In the recent times health care security is on high priority agenda and lapses like federal websites demands for change.  According to the reports, government is taking initiatives to secure the data. The sites have possible risk of exposing the identities of visitors as private information, like the actual latitude and longitude location of visitors.

“The sites and apps did not themselves track visitors, but their data was handled in ways that could have enabled monitoring by employers, universities or others with access to the data flowing between individual devices – such as computers and smartphones – and the Internet.,” the news source reported.

Steve Roosa, a partner at law firm Holland & Knight, first made the health data encryption discovery. Roosa explained that as part of HIPAA, the Department of Health and Human Services (HHS) enforces federal healthcare privacy rules when personal medical information is handled by private entities.

“It is somewhat shocking, and more than a little ironic, that HHS has opted not to adhere to its own standards here, when the failure to do so puts sensitive health information at risk,” Roosa said in the report.

Aids.gov was one of the website and its Director Miguel Gomez said they started automatically using encryption for all of its users. Since 2010, the website transmitted unencrypted location information of users searching for healthcare providers online. However, the site started offering encryption services – for those who knew how to use it – since last year.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Barriers for big data, mobility, and cloud technology in heath sector

November 6th, 2014 by admin No comments »
Computer-blue

Barriers for big data, mobility, and cloud technology in heath sector

With the evolving technology, the healthcare security is major issue which needs due attention. Many healthcare organizations are wary of using services like big data, mobility and cloud technology mainly because of security concerns. Dell recently surveyed around 2,000 global organizations which confirm that numerous industries are not using evolving technologies because of security consideration. According to the survey:

  • 44 percent of IT decision makers consider security the biggest barrier for expanding mobility technologies
  • 52 percent of respondents said it was a hindrance to using cloud computing
  • 35 percent of surveyed IT decision makers said that security was a barrier for leveraging big data
  • 30 percent of respondents said they have the right information available to make risk-based decisions.
  • One in four organizations said they have a plan in place for all types of security breaches
  • 43 percent of respondents said that security resources are primarily spent on protecting against hackers
  • 37 percent reported that adhering to compliance regulations were the primary security expenditure

“Despite mounting security risks and increased reliance on the Internet and technology to run their businesses, many small and midsize organizations are underprepared to deal with today’s security threats, let alone those of the future,” SMB Group Partner Laurie McCabe said in a statement. “These companies know that disruptive technologies like cloud, mobility and big data can drive innovation and create competitive advantage. But it’s often difficult for them to take a strategic approach and overcome security concerns in order to fully harness the potential.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New Healthcare Apps possess security threat?

November 4th, 2014 by admin No comments »
English: Texas Children's Hospital Complex in ...

With the growth in technology, healthcare organizations are implementing policies to secure data.

With the growth in technology, healthcare organizations are implementing policies to secure data. But there are few application loopholes which may lead to severe data breach.

Founder and Chief Medical officer Dr. Joshua La told that the application has more than 150,000 users in six countries including the US, Canada, UK and Australia.

“In Australia, a customized consent form can be signed by patient or representative before images can be taken,” Landy said. “After that images are reviewed by privacy moderators to make sure they have educational value. [They are] being taken respectfully, there’s no sensationalistic images.”

Bryan Vartabedian, a pediatric gastroenterologist at Texas Children’s Hospital wrote in his blog post that the overall concept makes sense as images in medicine are a good way to teach. He is also wary of Figure 1 and what it could mean to patient privacy.

“There’s a difference between de-identification of images on a level that’s compliant with health privacy law and de-identification that respects a patient’s wishes,” Vartabedian wrote. “I operate within the understanding that if a patient can individually identify their own leg, finger, laceration within an image, they should understand very clearly that the image is headed for the very public domain.”

Healthcare professionals must follow rules to keep patients’ protected health information (PHI) secure, even if they are working to improve a patient’s health.

“In the old days medical images never left the medical library or the glossy paper on which they were printed,” he said. “But times have changed, technology is advancing faster than the discussion surrounding its use, and we have to think carefully about how we repurpose and share the images of those under our care.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Doctors Can Be Sued

November 2nd, 2014 by admin No comments »
Connecticut Supreme Court

According to the Connecticut Supreme Court ruling, doctors can be sued for HIPAA Negligence.

According to the Connecticut Supreme Court ruling, doctors can be sued for HIPAA Negligence.  Recent case involves Emily Byrne who claimed that Avery Center for Obstetrics and Gynecology in Westport violated her right to privacy. According to the reports, she didn’t want to share information about her pregnancy with the father of the child, with whom she was no longer in relationship.

The suit mentioned that the organization failed to make any communication with Byrne for his consent before releasing her medical file.

“Before this ruling, individuals could not file a lawsuit claiming violation of their privacy under the (Health Insurance Portability and Accountability Act of 1996) regulations,” Trumbull lawyer Bruce Elstein told the news source. “It was for that reason that we filed a negligence claim, claiming the medical office was negligent when it released confidential medical records contrary to the requirements set forth in the regulations.”

According to Byrne, she suffered agony when the father of her child used her personal information for “a campaign of harm, ridicule, embarrassment and extortion.”

The Connecticut Supreme Court agreed that a violation of HIPAA regulations may result in a violation of commonly accepted standards of care. This is the first instance that Connecticut’s Supreme Court has ruled regarding HIPAA negligence. The state now joins Missouri, West Virginia and North Carolina in similar rulings.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Moving into new location aggravate reasoning for two data breaches

October 29th, 2014 by admin No comments »
English: Tennessee State Capitol in Nashville,...

Moving into new location aggravate reasoning for two data breaches.

The Metro Public Health Department in Nashville, Tennessee is facing its second data breach when a file cabinet containing files of HIV patients was accidentally sent to a Metro school instead of surplus warehouse. The files were decade old and Health department is monitoring its process of how files are handled during a move to avoid such incident.

The first breach involved missing 1,700 index cards with names, dates of birth, Social Security numbers, addresses and medical coding after the department moved to its new building. The information affected patients in the Children Special Services (CSS) program.

“We are letting them know we started an investigation immediately and we do not believe, according to our investigation, that any of their information was accessed,” health department spokesman Brian Todd told an ABC affiliate at the time. “We believe those index cards probably ended up in a landfill.”

The health department is taking extra efforts to train staff for process and information related to HIPAA laws, patient identification and security.

Todd added that when the department realized those files were missing, it did a “thorough review of all files that were moved from the old building to the new building.” No other files were found to be missing, so if an individual came for any other service, were not impacted, Todd said.

Health department announced it was offering all the impacted people one year of free identity protection through AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Record stolen from doctor’s storage shed

October 25th, 2014 by admin No comments »

Dr. Nisar A. Quraishi came to know that both latches on the shed door of his office’s storage facility had been cut and medical records of patients he had treated was stolen. According to the reports, approximately 40,000 patient records containing protected health information (PHI) were missing. The records reportedly included patients’ Social Security numbers, dates of birth, home addresses and medical histories.

Quraishi said he had “no idea” who broke into the shed and that he had not been to the property since Aug. 10, at which point the shed was still secure, the news source reported. Quraishi became aware of the issue when he was contacted by a neighborhood resident that the lock was broken. Quraishi also told police he was unable to immediately provide any of the names of the patients whose records were stolen from the shed.

While conducting investigation, police said there were no security cameras or witnesses in the area or at the scene. According to the Journal, neighbors weren’t even aware that a break-in had occurred in the first place. It was also reported that the first floor of Quraishi’s office “is a gutted, empty space with exposed beams and no carpet.

A spokeswoman for NYU Langone Medical Center, where Quraishi has been employed since January, said the stolen records were not of NYU Langone patients.

“The patient records involved were from Dr. Quraishi’s private practice … and therefore do not include any treatments provided by him since his employment with NYU Langone as of January 2014,” said Lisa Greiner, senior director of institutional communications at NYU Langone Medical Center. “The medical records of patients who were treated at NYU Langone by Dr. Quraishi are not part of the breach in question.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

X-Ray films and data exposure

October 23rd, 2014 by admin No comments »

California healthcare facility suffered data breach when improper disposal of information affected PHI. Graybill Medical Group notified patients of a potential data breach after X-ray films were accidentally taken out with the regular trash. It was meant to be sent to a waste disposal company.

According to the reports, the films set for disposal were placed in a trash liner bag but the employee who was supposed to take them to the disposal company was ill.

“Later that evening or early the next morning, our janitorial service gathered the films, believing they were to be disposed of as ordinary trash,” Arena said in the release. “That bag was then taken to a dumpster and collected by the waste disposal company. When this was discovered the following day, we attempted to locate the films in the dumpster but it had already been emptied.”

Graybill tried to possess the information by reaching to trash company but was informed that they had already been taken to a landfill and were irretrievable.

“Of the total group of X-ray films that were taken during that period, only a small percentage were to be destroyed,” Arena explained. “Unfortunately, because we do not know which films were in the group set for destruction, we are taking the extra precaution of notifying all patients who had X-rays taken during that time.”

According to the reports, films did not contain Social Security numbers or any other medical information. However, they did contain patient names, addresses, phone numbers, dates of birth and medical provider identification.

“It is our sincere belief that the trash bag of X-ray films is now buried in an unknown location in the landfill, and we have no reason to believe that any of demographic information they contain will be accessed or used in an adverse way in the future,” Arena said. “Protecting the privacy of our patients is of the highest priority in our organization and we deeply regret this incident occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptops with PHI missing

October 21st, 2014 by admin No comments »
MSI laptop computer

Laptops with PHI missing

In the unprecedented event, few laptops went missing in the period of three years from ambulances in the Dallas area. According to the reports, laptops contained patient information. Dallas City Hall stated that Dallas Fire-Rescue (DFR) Emergency Medical Services (EMS) laptop computers in DFR ambulances “became unaccounted for” in the three-year period.

“If the EMS laptop used during a patient’s treatment was one of those unaccounted for, and if the paramedics performed an electrocardiogram (EKG) on the patient, that EKG and possibly the patient’s name, age and gender, may have become accessible to an unauthorized person(s),” explained a press release from the city of Dallas.

Incident was reported to US Department of Health and Human Services (HHS) and according to the process affected patients were notified.

“The City has formed a breach assessment team, which is working with an outside consulting firm to assess potential security risks related to the EMS laptops,” the statement read. “Once the risks have been identified, actions will be implemented to prevent such events from recurring.”

Reports failed to mention number of laptops that went missing. According to the release, Patients who have been contacted and who have questions related to this matter can call the Dallas Fire-Rescue EMS staff.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A Pennsylvania healthcare service suffers data breach

October 19th, 2014 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

A Pennsylvania healthcare service suffers data breach.

A Pennsylvania healthcare service suffered data breach incident which may led to personal health information (PHI) misuse. According to the reports, computer server containing patient information for Dr. Barry Snyder was breached after a third party element accessed information wrongly.

“Our forensics experts cannot verify with 100 percent certainty that the data security event occurred, but Penn Highlands Brookville is providing notice to affected patients so that they may take steps to protect their identity if they feel it is necessary,” the release said.

The affected information includes patients’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, phone numbers, insurance information, medical information and gender.

Healthcare swung into action and hired national security and computer forensics experts to thoroughly investigate the incident. It also provided toll free number for patients to call for more information.

According to the press release:

Penn Highlands Brookville encourages its patients to remain vigilant by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. 

At no charge, you can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Please note, however, that because it tells creditors to follow certain procedures to protect the individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

18th Breach for Oregon Health Insurance Exchange

October 17th, 2014 by admin No comments »

In the successive events, Oregon Health Insurance Exchange suffered 18

Library at Oregon Health & Science University,...

Library at Oregon Health & Science University, in Portland, Oregon. (Photo credit: Wikipedia)

security breaches in past six months. The recent incident involved documents with PHI being sent to wrong patient. Cover Oregon spokeswoman Ariane Holm said the breach is under investigation. The exchange’s security team with a return envelope was immediately sent to Migliaccio who got the other patients information.

“We take the security and privacy or our customers very seriously and have policies and trainings in place to protect personally identifiable information of our consumers,” Holm told the news source, adding Cover Oregon regularly improves procedures.

According to the Associated Press, Ann Migliaccio applied for health coverage through Cover Oregon and then received documents in the mail containing the names and birth dates of two other applicants. However, Migliaccio told the news source that the documents did not include Social Security number. Affected information included addresses, names, dates of birth and internal Cover Oregon IDs.

“It was pretty shocking,” Migliaccio said. “But with Cover Oregon nothing is shocking anymore. They should be very thankful I’m an honest person and I will not try to use this information.”

When applicants need to update their applications, the exchange no longer mails the completed documents that include Social Security numbers and other information. Earlier, Cover Oregon was working with Oracle Corp. to create an HIE for the state but it missed the deadlines and individuals were required to use a hybrid paper-online application process.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UC Davis Health suffers data breach

October 15th, 2014 by admin No comments »
English: UC Davis Medical Center, Sacramento.

UC Davis Health suffers data breach

UC Davis Health suffered data breach when a provider’s email was compromised by an unknown source. According to the reports, 1,326 patients’ data suffered breach. A member of the UC Davis IT team detected unusual activity in the email account and came to conclusion that the provider’s email was compromised by the unknown source. The source is not confirmed till date.

The event did not involve access to patient EHRs, Social Security numbers or other personal financial information. UC Davis Health System said that it has notified or is in the process of notifying several government agencies regarding the breach.

According to the statement:

UC Davis Health System’s email program is encrypted, and there are measures in place to prevent intrusions like this one including email filtering and cyber surveillance from occurring. Immediate actions to protect patient privacy — including blocking access by the unauthorized user and changing the account credentials – were taken when it was discovered that the email account had been compromised.

Since we are unable to determine the exact nature of the access by this unauthorized third-party, we are sending a letter to all patients who had information about them included in this email account.

UC Davis Health System is improving lives and transforming health care by providing excellent patient care, conducting groundbreaking research, fostering innovative, inter professional education, and creating dynamic, productive partnerships with the community. The academic health system includes one of the country’s best medical schools, a 619-bed acute-care teaching hospital, a 1000-member physician’s practice group and the new Betty Irene Moore School of Nursing. It is home to a National Cancer Institute-designated comprehensive cancer center, an international neuro developmental institute, a stem cell institute and a comprehensive children’s hospital. Other nationally prominent centers focus on advancing telemedicine, improving vascular care, eliminating health disparities and translating research findings into new treatments for patients. Together, they make UC Davis a hub of innovation that is transforming health for all.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cone Health Mailing Error

October 12th, 2014 by admin No comments »
English: Torbay Hospital In-patient wards and ...

Cone Health Mailing Error

Cone Health of Greensboro, N.C. has notified 2,076 Southeastern Heart and Vascular Center patients about the data breach which was caused due to mailing error. According to the reports, a courier mistake which led to letters being sent to wrong patients having other patient names, their doctors and names of the practices.

According to the statement on the Cone Health website, social security numbers, dates of birth or insurance information was not compromised in the breach. Cone Health has individually notified all the patients affected by the breach. Cone Health regrets any confusion resulting from the incorrect mailing.

According to the information available on the website of Cone Health one can get the overview of this organization:

Cone Health is a not-for-profit network of healthcare providers serving people in Guilford, Forsyth, Rockingham, Alamance, Randolph, Caswell and surrounding counties. Our tagline – “The Network for Exceptional Care” – highlights our commitment to excellence, which is shared by our more than 10,000 professionals, 1,300 physicians and 1,200 volunteers.

As one of the region’s largest and most comprehensive health networks, Cone Health has more than 100 locations, including six hospitals, 3 medical centers, four urgent care centers, 95 physician practice sites and multiple centers of excellence.

It includes:

The Moses H. Cone Memorial Hospital

Alamance Regional Medical Center

Wesley Long Hospital

Women’s Hospital

Annie Penn Hospital

The Behavioral Health Hospital

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Touchstone Medical folder exposed on Internet

October 10th, 2014 by admin No comments »
Laptop icon

Touchstone Medical folder exposed on Internet

Touchstone Medical Imaging, LLC has suffered data breach as sensitive data was exposed on the internet. It posted notice on the website stating that they didn’t think data was accessible on the internet.

Organization conducted internal investigation which revealed the breach. According to the reports, medical records weren’t included but patient names,dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and some Social Security numbers may have been readable from the exposed folder.

According to the statement:

Touchstone Medical Imaging, LLC is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

We have no knowledge and there is no indication that any patient information has been used improperly. However, in an abundance of caution, we began sending letters to affected patients on October 3, 2014, and have established a dedicated call center to answer questions you may have.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Tampa General hospital data breach

October 7th, 2014 by admin No comments »
English: Tampa General Hospital

Tampa General hospital

Employee access is another major area to work upon, as the new data breach in Tampa General proved the limits of data security. Tampa notified 675 patients that their data had been compromised as a result of a former employee’s inappropriate access.

According to the hospital investigation data compromised includes patient names, addresses, dates of birth, admitting diagnoses, names of insurance payers and in some instances, Social Security numbers. But medical records weren’t compromised. The employee had the records with him during Tampa Police Department traffic stop that led to his arrest. Tampa immediately ordered termination of the employee.

According to the Tampa General hospital statement:

Tampa General Hospital (TGH) is committed to maintaining the privacy and confidentiality of our

patients’ information. Regrettably, this notice concerns an incident involving some of that information.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we continually communicate to and educate our staff on the importance of protecting and securing patient information; emphasizing the importance of reporting any unusual staff behavior as we enhance procedures to prevent and detect misuse of patient information. We have also implemented technology that blocks patient information based on an employee’s job description, including limiting access to patients’ Social Security numbers.

We want to assure our patients that we are taking this matter very seriously and are actively cooperating with law enforcement in their investigation.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

‘Shellshock’ Bug

October 4th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

‘Shellshock’ Bug

What is Shellshock Bug?

Attackers are exploiting critical, newly-disclosed security weakness present in countless networks and Websites that depends on Unix and Linux operating systems. According to the Experts, “Shellshock Bug,” is so tangled with the modern Internet that it could prove puzzling to find solution.

If the threat remains unchecked then in the short run it is likely to put millions of networks and countless consumer records at risk of exposure. There are lot of similarities between recent Heartbleed vulnerability because of its omnipresence and sheer potential for causing havoc on Internet-connected systems mainly websites. According to the reports, the issue lies in the GNU Bourne Again Shell (Bash), the text-based, command-line utility on multiple Linux and Unix operating systems.

Jaime Blasco, labs director at AlienVault, has been running a honeypot on the vulnerability since yesterday to emulate a vulnerable system.

“With the honeypot, we found several machines trying to exploit the Bash vulnerability,” Blasco said. “The majority of them are only probing to check if systems are vulnerable. On the other hand, we found two worms that are actively exploiting the vulnerability and installing a piece of malware on the system. This malware turns the systems into bots that connect to a C&C server where the attackers can send commands, and we have seen the main purpose of the bots is to perform distributed denial of service attacks.”

The OS vulnerability table can be given as:

Microsoft Windows users: No Impact

Linux and UNIX systems: Patches are available

Mac users: Vulnerable

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

JPMorgan Chase attacked by the hackers

October 2nd, 2014 by admin No comments »
JPMorgan Chase Tower (Dallas)

JPMorgan Chase attacked by the hackers.

An overwhelming attack on JPMorgan Chase by the hackers has compromised the accounts of 76 million households and seven million small businesses. It’s one of the largest ever intrusion which has overcame the previous estimates of the bank.

Earlier Target, home depot and a number of other retailers has suffered major data breaches.  The recent incident is blow to already shaken confidence in the digital operations. Below are the details of last year breaches for above mentioned companies –

Target: 40 million cardholders and 70 million others were compromised

Home depot: 56 million cards

Breaches in largest banks like JPMorgan can lead to exposure of more sensitive data.

“We’ve migrated so much of our economy to computer networks because they are faster and more efficient, but there are side effects,” said Dan Kaminsky, a researcher who works as chief scientist at White Ops, a security company.

Bank believes that no money has moved out of the accounts and till today customers are safe. According to the reports, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. It is believed that account information, including passwords or social security numbers are safe.

Jamie Dimon, JPMorgan’s chairman and chief executive, has recognized the growing digital threat. In his annual letter to shareholders, Mr Dimon said, “We’re making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe.”

Due to rising threat of online crime, JPMorgan has said it plans to spend $250 million on digital security annually.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Technologies for Healthcare security and efficiency

September 27th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Technologies for Healthcare security and efficiency

Technologies have been upgraded to accommodate more users and extra efforts are done to safe guard the data. Organizations are demanding software to process larger amount of workload with reduced hardware infrastructure. But they are equally concerned about the data security and multiple products and process are used to implement same. Large amount of investment is done on data loss prevention techniques within and outside of a healthcare IT network.

With the acceptance and growth of Cloud Computing and virtualization technologies, there is also advancement in the security technologies. Below are the linked technologies for Healthcare security efficiency.

Software-defined technologies: Technology is designed specifically to simply networking and security process using new type of software based engines taking security to complete different level.

Virtualization: Virtual firewalls or virtual security appliances are making their way into many large health care environments. To deal with internal traffic security, more virtual applications are used.

Scanning and control engines: With the advancement of the technology new type of scanning and control engines are deployed to detect the threat as early as possible. Features like data-loss prevention (DLP), intrusion detection/prevention services (IPS/IDS), and even disaster recovery load-balancing, are all become more standard.

Controlling end-user devices and BYOD: This is about controlling access to the end user device which employees bring according to the company BYOD policy.

Cloud security:  Due to Cloud, more devices are equipped with scanning more types of traffic coming into a healthcare infrastructure. Specific attention is given to the access control for the users and efforts are made only to provide authorized access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Owensboro Medical Practice suffers data breach

September 24th, 2014 by admin No comments »
Daviess County Courthouse, at Owensboro, Kentu...

Owensboro Medical Practice suffers data breach

Medical Practice has notified 3000 patients who have suffered data breach due to employees who tried to contact them with intention of starting own business. Still there are conflicting reports about the involvement of a business associate (BA) and the dates of breaches. Information which was affected included patient names, addresses, telephone numbers, dates of birth, Social Security numbers, and health conditions.

According to the reports, Medical Practice, located in Owensboro, KY, the breach occurred three years ago and Director of Research for Owensboro Medical Practice, Timothy Hillard said he knew of the incident.”Even if it was one patient, that one patient’s information is highly important to us and not the entire medical records were taken but demographics such as name, date of birth, age, social security number, which is, you know, very concerning to us.”

According to the statement:

On or about July 24, 2014, Owensboro Medical Practice, PLLC, and its business associate, Research Integrity, LLC, learned that a spreadsheet containing protected health information was wrongfully copied and removed from the offices of Research Integrity by a former employee. This occurred despite the fact that only properly authorized persons at Research Integrity had access to the spreadsheet.

Owensboro Medical Practice and Research Integrity are both investigating the incident and taking steps to ensure that patient information is secure. The companies are also pursuing the return of all hard copies of all information from the spreadsheet, the deletion of all computerized versions of such information on a permanent basis, and permanent injunctions against the persons or entities who had possession of the data from utilizing such data in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Malvertising and Online Ad Networks

September 22nd, 2014 by admin No comments »

This decade has seen tremendous rise in the internet business and online advertising has become second largest ad medium after newspaper. So it has attracted attention of attackers to rip off the user.

Advertising networks could become “the next primary attack vector,” contends new research from Bromium Networks. Worse, popular security technologies such as signature-based detection are essentially useless against such attacks, said Rahul Kashyap, Bromium’s chief security architect and head of Research.

Attackers simply put the advertisement on popular sites like YouTube and Yahoo and when user clicks such ads, malware is downloaded. Video sites like YouTube is the best for such attacks as users tend to spend more time on these sites.

These so-called malvertising attacks offer “one of the best ways to compromise huge numbers of people and get away quickly,” said Kashyap. “Attackers can potentially infect millions of people by randomly placing a few malicious ads.”

The Bromium research details a malvertising attack on YouTube that involved kits which enable attackers to test their malware to see if it will be detected by antivirus products.

In a blog post about the YouTube attack, Bromium’s McEnroe Navaraj said Bromium was working with the Google security team to analyze the attack. “Google has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again,” he wrote. Also, he noted, “We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures.”

While disabling ads with an ad blocker is a near-term option for enterprises worried about these kinds of malvertising attacks, Kashyap said it is not a practical long-term solution. “You want to leverage the kinds of technologies which do not depend on signatures or other known techniques to block threats on the network,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

What is Whitelisting?

September 21st, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Whitelisting

A whitelist is a list of those that are being provided a particular privilege, service, mobility, access or recognition depending upon the user’s use. Whitelisting is the reverse of blacklisting.With the process of whitelisting you are relatively safer in the online world. With a relatively small number of malware items, it made sense to compile known virus signatures to detect and prevent infection.

Traditional antivirus is based on blacklisting which helps to block known malware,” said Simone Spencer, endpoint product sxpert,McAfee. “Whitelisting limits use with a ‘deny by default’ approach so that only approved files or applications can be installed.

“Whitelisting is more necessary than ever because viruses and other malware are morphing,” said Rob Cheng, CEO of PC Pitstop.”This means that one virus looks like hundreds or thousands of different viruses to traditional AV products.”

“The stakes have gotten higher because of ransomware viruses, which encrypt your hard drive and demand a ransom in BitCoins for all your files back,” said Cheng. “It encrypts photos, videos, Excel files, PowerPoint presentations and so on, so all your most personal documents are lost.”

Ways of whitelisting: Smaller organization can compile their own list of allowed application. But most enterprises are advised to install whitelisting software preconfigured with known good executables and domains.

Another way of doing whitelisting is application control where you decide which application can run or denied. As virus and malware signatures are becoming increasingly ineffective, this approach of whitelisting is relatively positive. Gartner surveys show that 25 percent of enterprises are already deploying some form of application control.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Six CHSI hospitals face lawsuit for data breach damages

September 20th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Six CHSI hospitals face lawsuit for data breach damages.

According to the reports, six patients who allege their protected health information (PHI) had been exposed to CHSI’s Chinese hackers incident are suing the group. Currently six Mississippi hospitals and their parent company Community Health Systems, Inc. (CHSI) are facing the probe.

The list of hospitals affected by lawsuit is –

  • Central Mississippi Medical Center in Jackson
  • River Region Medical Center in Vicksburg
  • Madison River Oaks Hospital in Canton
  • Crossgates River Oaks Hospital in Brandon
  • River Oaks Hospital in Flowood
  • Natchez Community Hospital.

Community Health Systems, Inc. is conglomerate consisting of 206 hospitals operating in 29 states. CHSI has earlier acquired Health Management Associates (HMA) in January for $7.6 billion and six hospitals had been owned and operated by HMA. The data breach affected 4.5 million patients’ data and some think that it was a result of the OpenSSL Heartbleed vulnerability infiltrating CHSI’s network.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Aventura Hospital suffers third data breach in two years

September 17th, 2014 by admin No comments »
Laptop icon

Aventura Hospital suffers third data breach in two years.

The data breach at Aventura Hospital has exposed 82,601 patients’ data from Sept. 13, 2012 to June 9, 2014. It occurred due to vendor’s employee stealing the sensitive information during that span. It is third breach for Aventura in the span of two years. Valesco Ventures, Aventura’s HIPAA business associate (BA) sent out alert notices to the affected patients.

The affected information included patient names, dates of birth and Social Security numbers, but the organization said that no financial or health information was breached. Incident occurred when Valesco employee inappropriately accessed patient’s information.

According to the Aventura, it will begin assessing how to mitigate patient risks going forward while organization is working with local and federal authorities on breach investigation.

According to the statement:

Valesco Ventures, which provides hospital physician staffing and related services to patients in hospitals, was recently made aware of a situation involving the possible theft of personal patient information from Aventura Hospital and Medical Center. We are committed to the security of patient information, and we apologize for this incident.

On May 28, 2014, Valesco Ventures was notified that an employee may have improperly accessed the personal identifying information of a number of patients of Aventura Hospital and law enforcement was contacted. On June, 10, 2014, law enforcement concluded that this employee had improperly accessed this patient information.

Shortly after law enforcement was notified, Valesco Ventures and Aventura Hospital suspended the individual’s computer and physical access to patient data, and began assessing how to mitigate risks to all patients. Valesco Ventures and Aventura Hospital continue to work with law enforcement to preserve the information that is important to their investigation. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Temple University laptop stolen

September 15th, 2014 by admin No comments »
Temple University logo ("T" logo wit...

Temple University laptop stolen

A Temple University physicians’ office alerted 3,780 patients about data breach caused due to laptop theft from its surgery department. The Temple University physicians’ office laptop included patient names, ages, billing codes, and, in some cases, the names of the referring physicians. Local authorities and the Department of Health and Human Services (HHS) were notified by the Temple.

“To help monitor the potential misuse of the stolen information, Temple has offered identity-monitoring services within the United States to all affected patients for 12 months, at no cost to them,” the statement said. “We deeply regret this incident and the inconvenience this may have caused our patients.”

After the breach, Temple office said it will reinforce employee training, boost physical security and improve technical security measures on desktop computers. The laptop was not encrypted as per the Temple. They also said that hospital staff has been re-trained in computer security and steps have been taken to improve physical surveillance. The theft comes in the month involving 4.5 million medical records stolen from Community Health Services, by computer hackers allegedly from China.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Incorrect mailing leads to data breach

September 12th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Incorrect mailing leads to data breach

Lowa hospital confirmed data breach when human error along with technical issues led to patients’ information being sent to the wrong recipient. Monte Goodyk received his medical bill with the billing information of 11 other Pella Regional Health Center patients.

“Well, you freak out initially, because your first thought is if I have their information, they may have my information,” Goodyk told the news source. “You can almost tell what’s wrong with this patient and what they’re going to the hospital for. I should not know this information about this patient.”

According to the reports, the name and billing information of 11 patients was incorrectly included on a statement to one patient.

“We determined that a number was incorrectly entered into our computer system when an individual checked into one of our clinics,” the spokesperson said in an email. “Our systems failed to identify the human error had happened. Pella Regional Health Center reached out on Friday to all 11 patients involved by phone and connected with 8 of the 11 patients affected. A follow-up letter was sent to each individual with information and our apologies.

Pella Regional’s privacy officer and senior administration is reviewing how they can prevent this type of mistake from happening again, the spokesperson said.

“Today it was discovered that information including your name and Pella Regional Health Center billing information was included on a statement to another patient,” read a letter sent to the 11 patients. “While no diagnosis information was included, we apologize for this breach of information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Dorn VA medical center may have suffered data breach

September 9th, 2014 by admin No comments »
VA Medical Center in Long Beach, California

Dorn VA medical center may have suffered data breach

The Dorn Veterans Administration Hospital may have suffered data breach after officials recently came to know that several boxes with patients’ information had gone missing. According to the reports, four boxes of pathology reports that were stored in a locked area are not present in the desired place.

“We are contacting our Veterans who may have been impacted,” Medical Center Director Timothy McMurry said in a statement. “For we take the loss of personal information very seriously.”

Details of the boxes are –

  • Records in question are only from the years 1999, 2000, and 2002
  • Patients’ names, Social Security numbers (SSNs) and pathology reports are included in the missing files
  • 2,000 patients may have had their personal information compromised

Dorn officials came to know about the missing boxes when they planned moving them in long term storage facility. Officials believe that till date no information is being misused however they mentioned that one year of free credit monitoring is available to veterans who are notified in writing. This is not the first time that Dorn found itself face-to-face with a security issues, earlier unprotected laptop was stolen. According to the reports, patient names, birth dates, weight, race, respiratory test results and partial Social Security numbers (last four digits) were all included on the pulmonary testing lab laptop. Till date, laptop is not recovered.

Central Utah Clinic 31,677 patients suffers data breach

September 6th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Central Utah Clinic 31,677 patients suffers data breach

Central Utah Clinic notified all the patients affected by the data breach caused by the unauthorized entity access of its server. The letter by the clinic stated that the server held only a “limited subset of written imaging and radiology reports dated 2010 and earlier” and not a full set of patient data. But the server did contain patient names, dates of birth, Social Security numbers, addresses and phone numbers.

Central Utah Clinic said that it has alerted regulatory authorities regarding the breach and beefed up the security by hiring security services firm to help with internal access monitoring.

“Protecting our patients’ information from exposure of any kind beyond what is needed for treatment, and particularly from cybercriminal activity, is a key focus at Central Utah Clinic, and we take full responsibility for this incident,” said Scott Barlow, Central Utah Clinic CEO. “These attacks are an unfortunate aspect of information technology and modern healthcare is not immune from this. It is important to understand there is no indication that any of our patients’ personal information was viewed or copied. Regardless, we are committed to transparency and working with our patients to mitigate possible effects of this occurrence.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Duke University Health System breached due to stolen thumb drive

September 4th, 2014 by admin No comments »
Duke Chapel, a frequent icon for the universit...

Duke University Health System breached due to stolen thumb drive

Duke University Health System suffered data breach when thumb drive was stolen from an administrative building by an unauthorized person. According to the reports, an unknown number of patients treated in the Duke Children’s Health Center and Lenox Baker Children’s were affected by the breach.

After the incident, Duke conducted investigation which revealed that thumb drive held spreadsheets with patient names, medical record numbers, physicians’ names, and some Duke University Hospital locations visited. No Social Security numbers, clinical data or financial data were involved.

According to the Duke University Health System website statement:

We have no reason to believe that the information on the thumb drive has been used in any way.  However, out of an abundance of caution, we began notifying patients on August 29, 2014 and have established a dedicated call center to answer any questions that potentially affected patients may have.

We deeply regret any inconvenience this may cause our patients.  To help prevent something like this from happening in the future, we are enhancing our encryption processes and re-enforcing staff education on the use of encryption and the importance of handling patient information secure.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

AltaMed Health Services suffers data breach

September 2nd, 2014 by admin No comments »
Folder, blue

AltaMed Health Services suffers data breach

Sensitive data was potentially breached when an employee stole patient records in an apparent identity theft ring from AltaMed Health Services. According to the reports, 2,995 patients’ were affected by this breach. AltaMed offers a variety of healthcare services and temporary employee should not be given access to patient medical records.

Law enforcement, which was conducting an investigation of the breach informed AltaMed about the breach. Agency has a hard drive that’s believed to hold patient records. Temporary employee working with AltaMed has accessed electronic and paper records and affected patients include those who attended one of its community events in Orange and Los Angeles Counties.

The date breached includes patient names, email addresses, telephone numbers, Social Security numbers, provider information, insurance information, dates of birth, and addresses. “The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again,” The statement said.

AltaMed notified patients, California Department of Public Health, the California Attorney General’s office, and the Department of Health and Human Services (HHS).

Excerpts from the AltaMed Website Statement:

As part of its ongoing commitment to privacy and data security, AltaMed Health Services is issuing this updated website statement notifying affected individuals of a recent incident that may affect the security of their personal and protected health information. The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again. 

The organization launched an internal investigation into the matter to determine what AltaMed records this individual may have accessed during her employment.  The organization retained information privacy and data security legal counsel to assist with its investigation. This investigation is ongoing.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Possible Credit Card breach in Dairy Queen

August 30th, 2014 by admin No comments »
2007–present, notice that the curved lines are...

Possible Credit Card breach in Dairy Queen

U.S. Secret Service had earlier alerted Dairy Queen for a possible data breach related to the Backoff point-of-sale malware. According to the reports, Dairy Queen acknowledges that “customer data at a limited number of stores may be at risk.”

“We are gathering information from a number of sources, including law enforcement, credit card companies and processors,” the company told as they don’t know the affected number of locations.

At one credit union in the Midwest, more than 50 customers suffered with credit card fraud soon after using their credit and debit cards at Dairy Queen locations.

Dairy Queen spokesman Dean Peters  that the company has no policy in place requiring that franchisees notify Dairy Queen in the case of a security breach. “At this time, there is no such policy,” Peters said. “We would assist them if [any franchisees] reached out to us about a breach, but so far we have not heard from any of our franchisees that they have had any kind of breach.”

“Franchise owners and operators will have a harder time locating malicious software — those equipped to detect, contain, and eradicate miscreants from their systems are the exception, not the rule,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Memorial Hermann Health System reports data breach

August 28th, 2014 by admin No comments »
MSI laptop computer

Memorial Hermann Health System reports data breach

Memorial Hermann Health System has hit by internal data breach caused by employee who gained unauthorized access to the organization’s electronic health record (EHR) system over a six and half year. Employee gained access to patients’ names, addresses, medical record numbers, dates of birth, health insurance information, and, in some instances, Social Security numbers.

According to the reports, financial data such as credit card or bank information wasn’t involved in the breach.  Memorial Hermann Health System brought in outside forensics experts and suspended the employee’s access to patient records.

According to the Memorial Hermann Health System notification:

We value patient privacy and deeply regret any inconvenience this may have caused our patients.  Although privacy training is in place for all employees, Memorial Hermann continues to investigate and to review its privacy policies and practices in an effort to prevent something like this from happening in the future.

Organization has notified the affected patients and working on the process. To stop such kind of breach access controls should be monitored properly and only authorized employees should be able to view the Protected Health Information (PHI).

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Get it right, Encryption for your Organization

August 26th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Get it right, Encryption for your Organization

Recent incident of whistle-blower Edward Snowden’s revelations creates confusion over authenticity and workability of many encryption products. Choosing right encryption software provider is the key for data security for your organization. Below are some tips and techniques to choose right encryption software:

  • Random number generators are important. They play a role in the creation of digital certificates.
  • If numbers are predictable then it causes breaches due to easy access to secure codes.

Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says organizations should stop using older encryption algorithms like the deprecated DES (Data Encryption Standard), and even its relative Triple DES, which is simply DES applied three times to each data block.

“In the last 30 years, no one can prove that the NSA did more than influence minor changes in their development. The bottom line is that in most cases the NSA appears to have actually improved the math.”

Longest Encryption Keys

“Today AES 128 is strong, but I say go to 512 or the highest key strength you can implement using what you have today,” he says.

Encrypt in Layers

“I say if there is a way to encrypt, then encrypt. That means in your database encrypt each field, each table, then the whole database. You have to make it so hard for an attacker that it is not worth the effort,” he advises.

Secure Encryption Keys

“If you can implement an encryption system where you control the keys to the data stored in the cloud, then that is going to be much more secure,” says Dave Frymier, chief security officer at IT services company Unisys. Devices such as cloud encryption gateways that handle the encryption to and from the cloud automatically can help companies achieve this sort of security.

Encryption Implementation

“In practice it is very hard to implement an encryption system as it has many moving parts, any one of which can be a weak point,” says Ramon Krikken, an analyst at Gartner. “You have to do a great deal of due diligence to make sure that your encryption implementation is done right.”

External Factors

External factors over which companies have very little control can compromise the security of encryption systems and needs to secured.

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Advanced Evasion Techniques

August 24th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Advanced Evasion Techniques

What is Advanced Evasion Techniques?

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won’t be recognized by an intrusion detection system.

Advanced Evasion threat can cause severe damage even to the secured organization:

  • It can breach many firewalls and avoids detection
  • It inserts malicious code by slicing and dicing it into bits and pieces that arrive by different paths
  • It re-assembles on an endpoint to gain access
  • AETs are quite successful for the most part, evading the technologies deployed by next generation firewalls (NGFWs)
  • Targets intellectual property and financial resources
  • Goes unnoticed until long until the damage is done
  • Mcfee claims that most firewalls are only capable of blocking less than 10 percent of known AETs and the majority of malicious code delivered using AETs slips by unnoticed.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Unencrypted laptop theft in Cedars-Sinai

August 22nd, 2014 by admin No comments »
English: View of North and South Towers of the...

Cedars-Sinai Medical Center in Los Angeles suffered data breach

Cedars-Sinai Medical Center in Los Angeles suffered data breach when an unencrypted laptop was stolen. According to the reports, incident has compromised more than 500 patients’ data. Laptop contained information which included protected health information (PHI) such as medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as some patient social security numbers.

Laptop was stolen from employee’s home and the whereabouts are still unknown. Cedars-Sinai removed remote access to its network from the laptop and is notifying affected patients via letter. Medical center has organization-wide device encryption policy in place.

“Cedars-Sinai retained independent experts in computer forensics to manually and electronically review the files that may have been on the laptop at the time of the theft and to identify any Cedars-Sinai patients whose information may have been stored on the stolen device,” the statement read. “This investigation is ongoing.”

Earlier, encryption software was not installed when laptop’s operating system was updated and thus resulted in policy violation.

“Cedars-Sinai takes the security of our patients’ health information very seriously, and has multiple security safeguards in place to protect health information,” said David Blake, Cedars-Sinai’s chief privacy officer. “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Major US banks suffered data breach due to Russian hackers

August 20th, 2014 by admin No comments »
Laptop icon

Major US banks suffered data breach due to Russian hackers

JPMorgan Chase and other bank were breached by Russian hackers who stole gigabytes of sensitive data which includes savings and checking account information as well as information on bank employees.

Highlights of the incident:

The FBI is investigating whether the attacks may have been launched in retaliation for U.S. government sanctions

“Russia has a policy of reactionary attacks in relation to political contexts,” iSight Partners manager John Hultquist told Bloomberg. “When it comes to countries outside their sphere of influence, those attacks would be more surreptitious.”

At least five banks were hit

“Companies of our size unfortunately experience cyber attacks nearly every day,” JPMorgan spokesperson Patricia Wexler told the Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

Breach was accomplished either via a zero day exploit or via the exploitation of an unsecured employee to access

“At the end of the day, serious attackers, not just cyber punks who try to steal credit card information, will go to great lengths and spend immense amounts of money in order to reach their target, employing not only lessons learned from online criminals over the last 20 years but also decades worth of espionage and social engineering tactics,” Kujawa head of malware intelligence at Malwarebytes Labs said. “The best defense against these attackers is to fortify cyber defenses on every front, the education and access control of any users and finally an awareness and preparedness for any and all attacks that might be encountered.”

Very few enterprises are sufficiently equipped to defend themselves

“In fact, I would say that more than 90 percent of all organizations are completely vulnerable; they simply do not have the tools or the staff to deal with this kind of attack,” Triumfant CEO John Prisco said.

War-game’ on an ongoing basis to make sure new vulnerabilities aren’t missed

“The next stage in the arms race, for both attackers and defenders, is automation — not just searching for gaps, but figuring out the consequences of those gaps, in much the same way that generals study a battlefield before the battle starts,” RedSeal Networks CTO Mike Lloyd said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Lawsuit filed against Xerox

August 17th, 2014 by admin No comments »
English: Brown Heatly Building in Austin - Has...

The Texas Health and Human Services Commission (HHSC) recently filed a lawsuit against Xerox

The Texas Health and Human Services Commission (HHSC) recently filed a lawsuit against Xerox. The action was taken because Xerox hold back patient documents while working as a state’s former primary Medicaid claims administrator. Xerox motioned for a protection order, arguing that it needed the records for its defense.

“There is a legal process for the company to get any records it needs for the lawsuit, but instead Xerox has chosen to put information of Medicaid clients at risk and force the state to take court action to protect those records,” said Texas Health and Human Services Executive Commissioner Kyle Janek.

HHSC recently terminated the Xerox contract. HHSC said documents included client names, photographs, birth dates and medical and billing records. Texas had previously requested that Xerox turn over the Medicaid patient documents. HHSC also has concern over storage or security of the data, other than what the company has admitted in court.

“Xerox has admitted that it has the information and it’s being stored by its lawyers and at least one other company,” Janek said. “They have refused to tell us exactly what information they have, who has access to the information and what’s being done to protect it. We don’t know anything about the security of the servers now housing the information, staff training, background checks, nothing.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare sub contractor fails to secure server

August 13th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Healthcare subcontractor may have compromised up to 570 patients’ data

Healthcare subcontractor may have compromised up to 570 patients’ data due to recent data breach. At this point name of the sub contractor is not known. According to the reports, sub contractor inadvertently failed to secure a computer server containing patient account information.

Breached information includes patient invoice numbers, charge amounts, balance due, policy numbers and billing-related status comments. It was noticed that Social Security numbers and medical records were not part of the breach.

Free patient identity protection services for affected patients are offered by the physicians. According to the HIPAA Omnibus Rule more responsibility falls on sub contractor to help out with breach notification and other breach-related activities. Terms and status of HIPAA business associate agreement (BAA) is not known.

“There is no indication that personal information has been acquired or used,” the company said. It is not known whether any people in or around Guilford County were affected. A company spokeswoman did not immediately return a request for comment.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

- See more at: http://blog.alertsec.com/#sthash.GEAE5nsG.dpuf

Data breach in Children’s Mercy Hospital

August 10th, 2014 by admin No comments »
English: Picture taken from the Liberty Memori...

Children’s Mercy Hospital of Kansas City, Mo. suffered data breach due to inaccuracy in online scheduling application.

Children’s Mercy Hospital of Kansas City, Mo. suffered data breach due to inaccuracy in online scheduling application. Mercy has informed around 4,076 employees’ about the breach. Application was used by the Mercy two years ago to enroll employees and spouses onto its wellness program through StayWell Health Management.

Affected data includes employee names, home and email addresses, phone numbers and dates of birth. No Social Security numbers or financial data were included. It’s unknown at this time how the data was breached.

“We do not believe that affected individuals are at risk for identity theft, and we do not believe individuals need to take action due to the non-sensitive nature of the information,” Melissa Gilkerson, a StayWell spokeswoman said.

StayWell has provided them with the number to a telephone helpline. So far, the helpline has received about 23 calls. The data was stored by a vendor used by StayWell. When company became aware of the breach, it immediately removed data from the affected system, StayWell said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Chinese hackers use malware to access data

August 6th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Community Health Systems, Inc. reported data breach

Community Health Systems, Inc. reported data breach which affected 4.5 million patients which was cause by Chinese hacking into the computer network using malware. Patient data includes names, addresses, birth dates, telephone numbers and Social Security numbers, but no credit card or medical data were involved. Community Health Systems manages 206 hospitals across 29 states and is among the largest publicly-traded hospital companies in the U.S.

Highlights of the data breach –

  • It was HIPAA violation so organization is alerting all 4.5 million affected patients.
  • Organization is providing free identity-theft protection services.
  • Chinese “Advanced Persistent Threat” group was the culprit.
  • The group was able get through Community Health’s network security with advanced malware.
  • Organization will update its network security to avoid future attacks.

According to the statement:

Since first learning of this attack, the Company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack. The Company also engaged Mandiant, who has conducted a thorough investigation of this incident and is advising the Company regarding remediation efforts.

The Company carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature. While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time, the Company does not believe this incident will have a material adverse effect on its business or financial results.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Onsite Health Diagnostics suffers data breach

August 4th, 2014 by admin No comments »

Onsite Health Diagnostics (OHD), a Tennessee government subcontractor, suffered data breach when its scheduler was accessed inappropriately. OHD has notified the affected local government employees about the breach. According to the reports, online scheduler was accessed by unknown entity.

Around 60,582 employees’ data, such as name, date of birth, address, email address, phone number and gender was accessed. Information related to financial information, Social Security numbers or medical data was not included in the breach.

According to the OHD statements:

OHD and investigating authorities are unaware of any identity theft related to this incident, but out of an abundance of caution, OHD has mailed letters to the affected health plan members to ensure that they are aware of the incident and can take steps to protect their information. OHD will provide one free year of identity theft protection to affected group health plan members.

While this information did not contain any diagnosis or medical information, the state has determined that, because it is related to our members’ health benefits, the disclosure of name, address, email address, phone number and gender does fall under the HIPAA definition of a breach of protected health information. The state has notified the Secretary of HHS of a Breach of Unsecured PHI.

After the breach, OHD has collaborated with experts to determine the flaws in the system. It was also observed that OHD had implemented new procedures and systems for more secure operations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

CD containing sensitive information goes missing

August 2nd, 2014 by admin No comments »
English: Looking north from Jersey Avenue at J...

CD containing sensitive information goes missing

Jersey City Medical Center recently notified a Medicaid patient data breach that occurred as United Parcel Service (UPS) failed to deliver an unencrypted CD with patient data on it. The CD contained unknown number of Medicaid patients’ names and some Social Security numbers.

For some patients information like date of birth, medical record number, gender, and information on visits to the Medical Center: admission and discharge dates, inpatient or outpatient status, number of days care was received, dollar amount of Medical Center charges incurred for care, name of health insurance payer(s), amounts paid by patient or insurers, and/or general type of claim and/or revenue code was present on the CD.

CD was supposed to be couriered at Jersey City Medical Center. The location of the CD remains mystery as no one knows where it is currently. According to the reports, Barnabas Health system will be offering one year credit monitoring.

“While UPS has no evidence that personal information has been made available to any unauthorized parties, or misused in any way, patients are being advised to be aware of any suspicious activity and to monitor their credit reports and financial accounts.” The notification letter, signed by Shani Newell, Privacy Officer says.

Facts related to this incident are –

  • There was a breakdown in protocols to locate and find lost packages.
  • Medical Center reviewed its incident prevention technology to avoid future instances of breaches.
  • Medical Center will attempt to encrypt patient data henceforth
  • Medical Center has since changed its policies to no longer send unencrypted CDs with patient information

“We have followed up extensively with UPS regarding this incident, attempting to ensure that UPS has followed all of its internal procedures designed to locate missing packages.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Riverside Health System suffers identity fraud

July 30th, 2014 by admin No comments »
http://openclipart.org/clipart/people/magnifyi...

Riverside Health System suffers identity fraud

A non-profit healthcare organization, Riverside Health System has declared identity fraud which happened back in 2012. According to the reports, former Riverside Health employee, T’sha Riddick, was involved in a medical identity fraud scheme. She stole credit card information from 13 cancer patients from Cancer Specialists of Tidewater, Virginia.

Information was not available about the way she got the information but it is observed that she has medical fraud history. She was convicted on two counts for identity theft 9 years back in North Carolina.

“Keeping patient information protected is vital at Riverside,” Riverside spokesman Peter Glagola said in a release. “We are looking at ways to improve our monitoring program with more automatic flags to protect our patients.”

Information which caused the breach includes cancer patient’s credit card data and Social Security numbers.

Riverside runs following facilities –

  • Five Hospitals – Facilities in Newport News, Riverside Regional Medical Center.
  • Three specialty hospitals – medical group, surgery centers, retirement communities and home-care services.

Riverside has to do following work for better security –

  • Investigate the way of accessing the information by Riddick
  • Review employee policy
  • Update technology to allow specific access to authorized personals.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Marketing firm acquires patient names and address

July 28th, 2014 by admin No comments »
A portion of downtown Fargo, North Dakota as v...

Marketing firm acquires patient names and address

In an unprecedented event, Essentia Health of Fargo, North Dakota, has suffered data breach due to educational event. A marketing firm was able to access 430 patient names and addresses without their consent. Incident occurred when someone from the Essentia gave portable device containing patient data to the firm, Get Marketing. Essentia chief compliance and privacy officer Vicki Clevenger maintained that no patient medical data had been compromised.

“We have also taken the appropriate actions according to our policies and have provided additional education to the staff members involved to prevent future occurrences,” Clevenger said to inforum.com. “There was no additional information shared, including no medical and clinical information,” Clevenger added.

When Essentia was sending patients information to a free educational event that offered new procedures for those dealing with lower back pain, the breach occurred. In all 70 patients attended the event, but Essentia did recognize that a breach had occurred when the event was being promoted. Jodine Wien, a Moorhead patient, complained to Essentia when she found that her name and address had been given to Get Marketing that was involved in sending out the invitations.

“I’m a little angry at Essentia,” Wien said Monday, adding that she was displeased with the health provider’s initial responses to her complaint. “I was treated completely rudely and nobody wanted to say anything.”

Essentia determined that patients’ names and mailing addresses were “erroneously” released to Get Marketing, which was “engaged and paid by a medical device manufacturer, not Essentia Health,” Clevenger wrote Wien.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Indian Health Services folder causes data breach

July 27th, 2014 by admin No comments »
English: Indian Health Service logo (made by m...

Indian Health Services folder causes data breach

Indian Health Services (IHS) suffered data breach when an employee mistakenly left a folder out in a public area. According to the reports, the incident related information can be provided as –

  • All together 620 patients were affected by the incident.
  • Folder contained information which includes patient names, Social Security numbers and enrollment information.
  • Indian Health Service Rosebud Service Unit sent out breach notification letters to the affected clients.
  • Information was not for the reason behind the presence of folder in Rapid City.
  • According to the IHS, information is not misused or accessed inappropriately.
  • IHS has agreed to improve its HIPAA privacy and security training among employees.

The most common question heard and the one that need to be answered is: “Why was that information in Rapid City to begin with?

William Bear Shield, the chairman of the Rosebud Sioux Tribal Health board and a veteran of Desert Storm said, “I represent a community in Gregory County, 90 miles east of Rosebud, so what was my information doing up there?” He said. “Why was it in possession of an individual in Rapid City?”

Bear Shield said he asked employees at the Rosebud Service Unit why information was in Rapid City, but he said no one would give him a straight answer.

“How can I know if someone didn’t find that information and write down my Social Security number and just wait a year before using it?” he asked.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Browsers under attack

July 26th, 2014 by admin No comments »

Hackers have focused their attacks on browsers which ultimately has common theme for benefiting from the end users. As old versions of the Java Runtime Environment (JRE) are typically now blocked in the browser by default, Java applets require explicit activation from users.

Bromium Labs researchers said, “so this attack vector becomes harder and harder to leverage” and “It’s evident that attackers continue to shift focus in between ubiquitous internet facing applications, but there’s a common theme throughout – attacking the end users.” It leaves hackers looking to other popular applications to exploit.

According to the reports by the lab, Microsoft’s IE was one of the most patched and one of the most exploited applications in 2014′s first half, targeted more often than Mozilla’s Firefox, Google Chrome, Java, Adobe Flash, Adobe Reader or Microsoft Office.

The lab also mentioned different techniques used in the attacks which are given below –

  • Zero day techniques in which attackers used Adobe Flash to launch action script virtual machine (ASVM) attacks.
  • Action script spray facilitates the use of return-oriented programming (ROP), which allows attackers to execute malicious code in the presence of security defenses

“This technique leverages the way dense arrays are allocated in memory,” wrote Bromium researchers. “If a vulnerability allows an attacker to control the size of a vector, they could make it as big as the whole memory space and then search for the necessary API calls and ROP gadgets.”

“Traditional heap spray was supposed to deal with early address randomization techniques implemented in various operating systems. Nowadays defenses are much more sophisticated. Malicious code must ‘know’ addresses of crucial libraries and API functions in order to execute,” said Vadim Kotov, Bromium’s senior security researcher. “Actionscript spray provides this ‘knowledge,’ while its ancestor doesn’t even address this issue.”

“Action heap spray — as well as traditional heap spray — is merely an instrument to exploit security vulnerabilities,” Kotov said. “If you want to reduce the probability of being compromised, you need to have reasonable patching policy and invest in protection software.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two men stole an unencrypted laptop

July 25th, 2014 by admin No comments »
MSI laptop computer

Two men stole an unencrypted laptop

Self Regional Healthcare of Greenwood, S.C. is affected by data breach when two men stole laptop during memorial weekend. It was not clear how many patients were affected by this incident. As per the data, Self regional Healthcare serves around 250,000 patients.

Self regional has notified South Carolina Department of Health. According to reports the patients affected stands around 500 and the records included patients’ names, Social Security numbers, driver’s license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information, and possibly addresses.

Self Regional posted a notice on its website, with comment from President and CEO Jim Pfeiffer

Self Regional takes the security of our patients’ personal information very seriously . . . We retained third-party computer forensic experts to assist with the investigation of this incident, even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop. Because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients’ protected health information.

The two thieves were caught later and one told to the police during the briefing that laptop was thrown in the lake which authorities failed to trace. The act of thief appears to be general theft and not targeted attack for information contained on the laptop. Laptop was unencrypted and pose a threat for the patient’s whose information was present on the laptop.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

- See more at: http://blog.alertsec.com/#sthash.EXcVYngp.dpuf

What is Use-After-Free Memory Risk?

July 19th, 2014 by admin No comments »
Laptop icon

What is Use-After-Free Memory Risk?

Recent updates from the Microsoft, Google or Mozilla shows use-after-free memory errors. Attackers take advantage of vulnerabilities in allocated memory and inject virus or arbitrary code to extract information.

“It does take a lot of knowledge and sophistication,” Karl Sigler, manager, SpiderLabs Threat Intelligence at Trustwave said. “But of course it only takes one researcher to make the discovery, and then everyone else can just copy the research. We’re seeing more use-after-free memory attacks than we ever have before,”

Evolution of attacker methods

It’s not that easy to hack free memory space and install arbitrary software. It requires certain level of sophistication.

“It can take some ninja-fu, it’s not brain dead easy,” Sigler said.

As said earlier, one research to exploit leads to many attacks using same techniques. Researchers make vulnerability exploitable using a technique known as return-oriented programming (ROP).

“ROP has become the method of getting executable code onto the stack,” Stigler said. “ROP chains hop through memory looking for executable pieces of code they can chain through and eventually find a method of getting to run.”

How to reduce the risk

There are ways suggested to stop the attacks as given below –

  •  A Web application firewall (WAF) can be used in some cases to provide a network-layer protection.
  • Microsoft recommends the use of its Enhanced Mitigation Experience Toolkit (EMET) as a technology.
  • Application developers should strive to build better security into their apps.

“Developers should understand what their code is actually using in memory,” Sigler said. “If the program is freeing memory and still flagging it as being able to be used, the program should be able to control what the memory is used for. That would eliminate a lot of the vulnerabilities that attackers have.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Unresolved Network Events

July 12th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Unresolved Network Events

Survey was conducted for security issues by Emulex and the result shows that 73 percent of IT staff has unresolved network events.

“An unresolved network event is one in which the root cause has not been established and therefore the risk of reoccurrence has not been mediated,” Matt Walmsley, senior marketing manager at Emulex division Endace, told SC Magazine. “These events are still unresolved because these IT pros do not have access to the right post-event forensics tools.”

Key highlights of survey are given as below –

  • Eighty-seven percent of respondents mentioned that they had reported the root cause of a network or security issue to their management but didn’t have the necessary information required to be completely accurate in their assessment.
  • Thirty nine percent mentioned that it occurred at least a few times.
  • Forty five percent of IT staff mentioned that they monitor network and application performance manually instead of using network monitoring tools
  • Eighty three percent said there has been an increase in the number of security events they’ve investigated in the past year
  • Eight one percent of security operations role mentioned their organization has experienced a