Office break-in leads to data breach

August 10th, 2015 by admin No comments »

Dr. Olartino Dyoco sent data breach notification letters to patients after certain information was potentially exposed following an office break-in. According to a copy of the breach notification letter, physician office was burglarized and several computers were stolen. Affected information includes patient names, dates of birth, telephone numbers, insurance numbers, treatment codes, and billing information.

“The circumstances that resulted in this breach were unforeseeable, and Dr. Dyoco assures you that he has heightened procedures and safeguards to prevent a recurrence of this situation,” stated the letter, which was dated July 13, 2015. “He added levels of encryption to his computer systems, and advised his staff with regard to security training anything to avoid this situation in the future.”

The incident was reported to the Fresno, California police department. Individuals having questions are encouraged to contact the medical office’s attorney.

The data breach notification letter failed to specify number of patients affected. Also it was not clear whether computers were encrypted. However, the letter did say that patients’ “security, confidentiality, integrity and privacy of patient personal information are highly valued by Dr. Dyoco.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Office break-in leads to data breach

Office break-in leads to data breach

 

Medical records found in dumpster

August 7th, 2015 by admin No comments »

Personal documents including medical records were found in a dumpster in Taylorsville, Utah. The incident may cause potential data breach. According to the reports, the records appear to have come from Positive Adjustments, an out-of-business drug and alcohol rehabilitation clinic.

Dr. Scott Cold, DDS, mentioned that his contractor found the documents in a dumpster being used for construction waste.

“These documents for these records were complete with patients names, addresses, phone numbers, dates of birth, Social Security numbers

Medical records found in dumpster

Medical records found in dumpster

, court documents, treatment documents, all dumped in my dumpster illegally,” Cold said.

As per the other tenants in the building where Positive Adjustments was located, the clinic has been empty for about six months. Cold notified police after finding the documents, but law enforcement said that it would be difficult to pursue charges beyond illegal dumping.

It is essential that PHI security remain a top priority even when a facility changes location. While a specific disposal method is not outlined in the HIPAA Privacy and Security Rules, putting PHI – in any form – in easily accessible areas is not acceptable.

“Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal, and develop and implement policies and procedures to carry out those steps,” according to HHS. “In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the form, type, and amount of PHI to be disposed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Urology clinic suffers data breach

August 5th, 2015 by admin No comments »
Urology clinic suffers data breach

Urology clinic suffers data breach

A Montana urology clinic storage unit that housed patient records was broken into and patient data was possibly accessed. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) online breach reporting database shows that 6,500 patients were affected.

Practice manager Tanna Darling mentioned that Urology Associates have sent data breach notification letters to patients. Darling said that “over a few thousand” letters were sent out.

Urology Clinic officials reported that the break-in occurred at the clinic’s storage unit having gated facility. There is possibility that the unauthorized individual was renting a separate storage unit at the facility and therefore had access to the first gate.

“Everything was in disarray, but it honestly didn’t look like they took anything,” Darling said.

Kalispell Police Department Captain Scott Warnell said that the incident is part of a larger trend that is happening across the county, and that the department is making extra patrols on storage units to ensure that unauthorized individuals are not in the area. Patients whose information was possibly accessed will receive one free year of credit monitoring from Urology Associates.

Montana data breach notification law was updated last year.

“Upon discovery or notification of a breach of the security of a data system, a state agency that maintains computerized data containing personal information in the data system shall make reasonable efforts to notify any person whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person,” the law states.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Prima Care suffers data breach

August 3rd, 2015 by admin No comments »
Prima Care suffers data breach

Prima Care suffers data breach

Prima CARE, P.C. recovered a binder containing personal information from the bushes in a parking lot on May 25, 2015. The document contained information of 1,651 patients. Potentially breached information includes names, addresses, phone numbers, dates of birth, medical record numbers, hospital account numbers, insurance numbers, treatment date and certain clinical information. Patients who received care from Prima healthcare providers between 2007 and 2012 were affected.

“The binders were promptly returned after being discovered and are now safely in Prima CARE’s possession,” the statement read. “An investigation determined that the binders were created by a former Prima CARE employee who used the information to track work performance, but had failed to appropriately file or discard the documents following their use.”

Prima mentioned that the improper disposal was done without its knowledge or consent, and was in violation of its practices.

“We take the privacy and security of our patients’ information seriously and have taken steps to mitigate the potential for any harm to result from this incident and to prevent a similar event from occurring in the future,” Prima explained.

According to the statement, Prima Care will review its policies and procedures. It will also review its employee training programs to ensure that a similar incident does not happen again.

“We understand the concerns of patients involved in this incident,” Orlando Health reportedly said in its letter. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

OhioHealth’s flash drive goes missing

July 31st, 2015 by admin No comments »
OhioHealth’s flash drive goes missing

OhioHealth’s flash drive goes missing

OhioHealth has issued health data breach notification letters after misplacing an unencrypted flash drive. Flash drive has not yet been recovered and the OhioHealth mentioned that there is no reason to believe that the missing flash drive was stolen or has been misused.

The affected information includes patient names, medical record numbers, names of insurance companies, physician names, addresses, dates of birth, referral and treatment dates, the type of procedures conducted, and in a few cases, clinical information and Social Security numbers.

As per the OhioHealth statement, few numbers of patients are affected. Specifically, only patients who were to receive valve replacements or those who participated in valve replacement studies at Riverside Methodist Hospital between July 2010 and December 2014 may have been affected by the health data breach.

The OhioHealth statement did not mention the number of affected patients. According to an article by The Columbus Dispatch, there were 1,006 patients affected and potentially 30 Social Security numbers compromised.

OhioHealth believes the flash drive has simply been misplaced by an employee.  It has still decided to send out data breach notification to all those who may have potentially been affected.

“OhioHealth is deeply committed to the sacred trust that we hold in providing quality care to our patients and families, including as it relates to the protection of their confidentiality,” OhioHealth said in a statement. “We sincerely apologize and regret that this incident has occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Healthfirst suffers data breach due to cyber attack

July 29th, 2015 by admin No comments »

Healthfirst’s online portal was attacked by cyber criminals. The health insurance company is notifying approximately 5,300 individuals that their PHI may have been compromised.  No Social Security information was disclosed in the data breach.

Healthfirst was first informed that it was a victim of fraud by the US Department of Justice (DOJ) and from there prosecuted the perpetrator and continued a joint investigation with the DOJ. After the investigation, the two organizations discovered that the culprit who also gained access to Healthfirst records, and that a PHI data breach

Healthfirst suffers data breach due to cyber attack

Healthfirst suffers data breach due to cyber attack

had occurred.

Affected information includes patient names, dates of birth, addresses, health insurance plan information, description of missing services, physician numbers, Healthfirst member ID numbers, patient ID numbers, Medicare and Medicaid ID numbers, claim numbers, and diagnosis codes.

Healthfirst also notified the proper government channels such as the US Department of Health and Human Services (HHS).  Healthfirst is also taking preventative measures to keep this from happening in the future which includes revising its security policies and its online portal securities.

According to the statement:

“Healthfirst sincerely regrets that this incident occurred,” the company said in its statement. “Healthfirst takes the privacy and security of its members’ health information very seriously. Healthfirst values the trust its members have placed in it as their health plan and it is Healthfirst’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Georgia Divisions of Aging Services suffers data breach

July 27th, 2015 by admin No comments »

According to a statement by the Georgia Department of Human Services (DHS), the Georgia Divisions of Aging Services data breach affected approximately 3,000 clients. The breach, which affected individuals in the Community Care Services Program (CCS) has minimum impact and has been completely resolved.

Georgia Divisions of Aging Services suffers data breach

Georgia Divisions of Aging Services suffers data breach

The reason of the breach was an accidental email sent to one of the program’s contracted providers. According to the reports, email contained information regarding patient diagnoses. Sensitive data like contact information, Social Security numbers, or Medicaid numbers were not included in the email. All individuals affected have been notified in accordance with federal mandates.

Despite the small impact, the Department of Aging Services is still taking measures to improve its security systems. The Department has added new safeguards to their data systems, and also implemented new training practices for members of the department.

Officials from the Department expressed regret for the incident. They also emphasized that patient safety and security are of the utmost concern.

“While we are confident that this data breach was limited in nature and resolved almost immediately, we are obligated to ensure that our clients and the public can trust the integrity of our programs,” said Georgia’s Human Services Commissioner Robyn A. Crittenden. “We take client privacy very seriously, and it is important that the public is fully aware of this situation and aware of our efforts to prevent such an event in the future.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

UPMC suffers second data breach

July 25th, 2015 by admin No comments »

Recent data breach in University of Pittsburgh Medical Center (UPMC) Health Plan affected 722 patients. This is the second health data breach at a UPMC facility in just under two months. The incident involved emailing of a data file with certain PHI to the incorrect address.

The affected information includes patient names, member ID numbers, dates of birth, phone numbers, name of the primary care physician’s office, and insurance plan types. Social Security numbers or information about medical histories were not disclosed.

UPMC Health Plan Director of Public Relations Gina Pferdehirt mentioned in an email response that “in context the breach is very minor,” but added that the healthcare organization

UPMC suffers second data breach

UPMC suffers second data breach

was taking the incident seriously.

The data breach occurred when  a former MML employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

“MML takes this matter very seriously and terminated this employee after being informed of this criminal investigation,” according to a Medical Management statement. “MML is cooperating with federal law enforcement authorities in their criminal investigation.”

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause our members,” Chief Compliance Officer of the UPMC Insurance Services Division William Gedman said in a statement. “Based on our ongoing investigation, we will make all changes necessary to further enhance our already stringent privacy protections. UPMC Health Plan is committed to doing our utmost to minimize the chance that this type of issue will occur again.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach in Mayo Clinic Health

July 23rd, 2015 by admin No comments »

The Mayo Clinic Health System in Red Wing, Minnesota reported data breach when 601 patient records were inappropriately accessed by an employee. According to the Mayo Clinic Public Affairs Manager Asia Zmuda – “an employee accessed patient records beyond the scope of authorized access and assigned job responsibilities.” The employee is no longer employed at the health system, according to the emailed statement.

“An internal investigation was immediately launched and a detailed analy

Atrium inside Mayo Clinic Gonda Building, Roch...

Data breach in Mayo Clinic Health 

sis of the individual’s access yielded no evidence that financial information was accessed or that any health information was further disclosed,” Mayo Clinic explained. “Mayo Clinic will continue the proactive monitoring of patient records to prevent further incidents from occurring. Mayo Clinic takes this matter very seriously and is committed to maintaining the highest levels of integrity and trust for those it serves.”

Mayo Clinic is currently in the process of notifying patients who were affected by this incident, according to the organization’s statement. It was not specified what type of information was accessed, but Zmuda underlined the fact that financial information was not involved and that health information was not further disclosed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two computers stolen from Arkansas Blue Cross

July 21st, 2015 by admin No comments »

Arkansas Blue Cross Blue Shield members sent out potential data breach notification letters after its computers were stolen. Computers belonged to Treat Insurance Agency, which solicits applications from individuals for insurance coverage through multiple insurers which includes Arkansas Blue Cross.  ABCBS did not reveal the details of information present on the computers.

“Treat Insurance Agency very much regrets that theft from their offices has affected Arkansas Blue Cross members and applicants,” Arkansas Blue Cross Senior Vice President Ron DeBerry said in a statement.

“To reduce the risks that any similar thefts might affect our valuable customers, we will request independent insurance agents to protect their computer records by using encryption

Anthem Blue Cross-Blue Shield office in Denver.

Two computers stolen from Arkansas Blue Cross

technology on all computers storing any applications for Arkansas Blue Cross.”

The computers contained sensitive information of 560 Arkansas Blue Cross applicants. According to the reports, affected individuals by this incident will receive one year of complimentary identity protection services. The details of the theft are not known.

“The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation,” the legislation states. “Notification under this section is not required if after a reasonable investigation the person or business determines that there is no reasonable likelihood of harm to customers.”

As the device is stolen, ABCBS explained that there is no way to determine if an unauthorized person attempted to access the patient information. Also, it did not specify if the stolen computers were encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Howard University Hospital suffers data breach

July 18th, 2015 by admin No comments »

Howard University Hospital in Washington, D.C. suffered data breach when more than 1,400 patients received letters intended for other individuals. The letters included names, account numbers, and dates that other individuals visited Howard University doctors. Social Security numbers, dates of birth, and other personal information were not included

According to the reports, data error reportedly caused letters to go out to people with the right surnames, but the wrong addresses. Howard University explained that California Healthcare Medical Billing, Inc. and JP Recovery Services, Inc. had been hired to mail letters to patients who had not yet paid their bills.

University said that they become aware of the incident on May 11 and will notify affected individuals.

Similar incident includes the breach at Virginia Commonwealth University Health System. The incident involves employee taking CDs which were no longer needed for the organization’s services and donating them to assist with children’s art projects. The affected information includes names and one or more of the following for 1000 patients: home addresses, dates of birth, medical record numbers, clinical information and health insurance information.

“This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients,” said John Duval, CEO of MCV Hospitals and Clinics.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

English: Howard University Hospital located at...

Howard University Hospital suffers data breach 

Medical document found in confetti

July 15th, 2015 by admin No comments »

The incident involves confetti during the world cup victory parade of U.S. Women’s soccer team. According to the New York news station, some of the confetti used in the victory parade for the US Women’s soccer team contained medical information.

The incident came to notice when a reporter tweeted a photo with confetti strips which made up an entire prescription after pieced together. Affected information includes patient names and the doctor’s office address.

The incident could be a case of official confetti versus confetti made by local businesses and residents. In similar incident during year 2012 Thanksgiving Day, the official confetti supplied by Downtown Alliance was just colored paper while police department reports mention documents ended up as confetti containing information. Also, Downtown Alliance reported that it provided two tons of confetti in 2012, yet its cleaning crew picked up 34 tons of confetti.

In the current incident, news station also reported that Atlas Packaging Company provided two tons of strip cut, blank, news roll which can be considered as the official confetti for the victory parade. It seems that good intentions like victory parades potentially led to health data security issues, which is not entirely uncommon.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Français : Documentation photographique d'une ...

Medical document found in confetti 

Cyber War

July 9th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Cyber War 

Cyber war is soon becoming a reality. Recent attack on Sony is just the beginning. Security expert Bruce Schneier mentioned the possible destruction caused by cyber war in his address at the recent InfoSec Europe security conference in London.

“We are in the early years of a cyber war arms race,” he said. “We have seen China attack Github, we have seen countries attacking companies, and I think we are going to see much more of that in the future.”

He also mentioned that countries like North Korea have a natural advantage in this type of cyber warfare because of the basic level of technical infrastructure that they possess.

“North Korea has natural cyber-defenses in that it only has about 1,000 IP addresses, and it has only very few computers so its ‘terrain’ is very defensible. By contrast the U.S. is extremely vulnerable because it has lots of computers and Internet infrastructure.”

Also, some cyber warfare attacks may be carried out by groups (such as terrorist organizations) rather than countries.

“We are living in a world now where we can be attacked and not know if the attacker is a foreign government or just a couple of guys, and that is freaky,” Schneier said. “Technology is spreading capabilities, and the same weapons and tactics are available to everyone.”

In the real world scenario it is difficult to understand who is behind the attacks. Schneier mentioned one incident where Israeli war planes attacked and destroyed a nuclear facility in the Middle East 10 years ago.

“Four years later the Israelis and the U.S. attacked an Iranian uranium enrichment facility plant (at Natanz) using a cyber-weapon (Stuxnet). But the Iranians didn’t know that they had been attacked, let alone who did it,” he said. “Attribution can take weeks or months.”

Types of Cyber Attacks

  • Low focus, low skill attacks – Carried out by newbie
  • Low focus, high skill attacks – Involves identity theft and credit card breaches
  • Low skill, high focus attacks – It generally includes bypassing security measures
  • High focus, high skilled attacks- Most advanced

“To defend against low focus attacks you just need to be more secure than the guy next to you,” said Schneier. “With highly focused attacks this relative security is irrelevant; your security has to beat the attacker’s skill. With a high focus, high skill attack, a sufficiently skilled attacker will always get in. We are all vulnerable.”

Without the ability to attribute attacks, Schneier pointed out that it is also impossible to distinguish between computer network exploitation, a classic data breach where an attacker exploits vulnerabilities to steal things, and computer network attacks, where the attacker’s motivation is to cause damage. It’s the difference between copy *.* and delete *.*, in other words, he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Cloud more secure, says Amazon CTO

July 7th, 2015 by admin No comments »

With the rising cloud penetration in the IT world, there is more focus on the security

Cloud more secure, says Amazon CTO

Cloud more secure, says Amazon CTO

aspect because of its nature of shared environment usage.  Multiple organizations make virtual use of same physical infrastructure.  But Amazon CTO believes that Amazon Cloud is more secure than OnPrem.

During Amazon Web Services (AWS) Summit, Amazon CTO Werner Vogels mentioned – ‘But far from being insecure, the cloud will improve the security postures of most organizations’.

“You can actually move to the cloud to improve your security, compliance and governance,” he said.

There are various aspects in the statement by Vogels.

  • Increase in Amazon’s level of investment in and focus on security in AWS cloud security.
  • Investment in  intellectual property as well as human capital to make sure its infrastructure is secure for users

Amazon has achieved  “a very broad range of accreditation’s and certifications”  in its data centers.

  • The certifications include PCI-DSS and U.S federal government certifications like FedRAMP.
  • Amazon CTO is especially proud of Amazon’s certification for HIPAA (Health Insurance Portability and Accountability Act).

“HIPAA is a really important certification as it allows health care applications to be built on top of AWS,” he said.

Amazon has also built a whole range of tools for users to secure their applications and data including AWS’ own secure infrastructure. The tools help provide granular visibility into the usage and resources consumed by AWS cloud deployments.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

UC San Francisco suffers data breach due to stolen laptop

July 5th, 2015 by admin No comments »

UC San Francisco is alerting the individuals about the burglary which led to potential breach. Unencrypted laptop which belonged to a faculty member in the Cardiac Electrophysiology & Arrhythmia Service was stolen. UC San Francisco mentioned that it contained some sensitive information of about 435 patients.

After the theft, UCSF promptly began an extensive technical analysis to identify what information was on the laptop. The analysis revealed that the computers contained some personal, research and health information.

The affected information includes names, dates of birth, medical record numbers, and health insurance ID numbers. However, Social Security numbers were not included. The computer was taken from the employee’s office. UCSF police and UCSF officials were immediately notified after the incident.

“UCSF deeply regrets any inconvenience this incident may cause,” UCSF said in the statement. “The university is committed to maintaining the privacy of personal, research and health information, and has taken additional steps to secure that information, including strengthening administrative, technical and physical processes for information security.”

As per the UCSF statement, there is no evidence of attempted access or misuse of the information on the laptop. Individuals who are potentially affected are being notified and the California Department of Public Health has also been alerted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UCSF Medical Center and Sutro Tower behind it....

UC San Francisco suffers data breach due to stolen laptop 

Orlando Health suffers potential data breach

July 2nd, 2015 by admin No comments »
Winnie Palmer Hospital for Women & Babies

Orlando Health suffers potential data breach

Orlando Health employee accessed 3,200 patient medical records which were out of job responsibilities. The incident has caused a potential health data breach at Orlando Health. The breach was discovered during routine patient record access audit.

According to the company statement, nursing assistant had inappropriately accessed patient records which includes patient names, dates of birth, addresses, medications, medical tests and results, other clinical information, and the last four digits of Social Security Numbers.

There were also “a limited number of patients” who may have had their insurance information accessed as well, Orlando Health reported.

The employee has since been terminated along with revoking all the access.

“We are continually evaluating and modifying our practices and the practices of our employees to enhance the security and privacy of all confidential and protected health information entrusted to us,” the statement read. “We are also re-educating our workforce members and increasing our already vigilant program of auditing and monitoring of patient record access.”

Orlando Health mentioned that only certain patients treated at Winnie Palmer Hospital for Women & Babies, Dr. P. Phillips Hospital and a limited number of patients treated at Orlando Regional Medical Center, from January 2014 to May 2015, potentially had their information accessed.

“We take this incident very seriously, and we are committed to protecting patients’ health and personal information,” Orlando Health Corporate Director of Compliance and Information Security Steve Stallard said in a statement. “We deeply regret any concern or inconvenience this may cause our patients or their family members.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Software update leads to potential data breach

June 27th, 2015 by admin No comments »
Software update leads to potential data breach

Software update leads to potential data breach

Affected information includes first and last name, Social Security Number, Blue Shield identification number, date of birth, and home address. Financial information was not exposed, according to the letter, and users who had unauthorized access to PHI confirmed to Blue Shield that they did not keep copies. Moreover, those users said they deleted the information and returned any records to the company.

The website is used by authorized users but the software provided unintended result.  It was found out that three users, who logged into their own accounts at the exact same time as another user, were able to view member information associated with the other individual’s account.

According to the Blue Shield Statement:

This issue was reported to the Blue Shield Privacy Office on May 18. The Website was promptly taken off line to identify and correct the problem. The Website’s faulty code was identified and corrected and the Website was returned to service on May 19. Our investigation revealed that this was the result of human error on the part of Blue Shield staff members, and the matter was not reported to law enforcement authorities for further investigation.

The notification letter did not say how many individuals were affected, but Blue Shield added that those potentially affected will receive a free, one-year membership to identity protection services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Routine audit reveals data breach

June 25th, 2015 by admin No comments »
Routine audit reveals data breach

Routine audit reveals data breach

A Maryland medical center discovered that a PHI data breach had taken place, affecting approximately 1,000 patients during routine audit. Affected information includes patient names and demographic information, such as dates of birth, ages, gender, medical record numbers and health insurance information in a few cases. Clinical information, such as treatment and/or diagnosis information, may also have been included.

According to the reports, Meritus Health was running routine compliance and self-audit efforts. It found out that an employee at one of the company’s vendors may have accessed patient information outside of normal job functions.

The company added that few patients may have had their Social Security number accessed but believes that financial information, such as credit card or bank account numbers, was not affected.

“We deeply regret any concern this may cause you,” Meritus said. “To help prevent something like this from happening again, we are working to further strengthen controls related to vendor access to patient information and we are enhancing our existing system monitoring capabilities with regard to vendor access.”

Meritus Health spokeswoman Mary Rizk mentioned that there is no evidence of information misuse.

“The letters were prepared and sent as quickly as possible; as soon as the incident was discovered by our security/privacy audit and a thorough investigation conducted to determine any individuals who may have been affected,” Rizk said. “As soon as the investigation was complete, and the names of potentially affected individuals determined, the letters were prepared and sent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

 

Phishing Attack Top Data Security Motivator – HIMSS Survey

June 23rd, 2015 by admin No comments »
Phishing Attack Top Data Security Motivator – HIMSS Survey

Phishing Attack Top Data Security Motivator – HIMSS Survey

The key findings after interviewing 297 healthcare leaders and information security officers across the industry of the survey are –

  • Two-thirds of respondents experienced a significant security incident in this year
  • Healthcare organizations also reported using an average of eleven different technologies to secure their environments
  • More than half said that their facilities have hired a full-time professional to manage the information security functions.
  • Eighty Seven percent reported that their information security had increased as a business priority at their organizations over the past year.
  • Many believes that current security tools will not be sufficient to protect the industry against the types of security threats their organizations expect to face in the future

“The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cyber security threats,” HIMSS Vice President of Technology Solutions Lisa Gallagher said in a statement. “Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks. This means implementing threat data, incorporating new tools and sophisticated analysis into their security process.”

Other finding included –

  • 87 percent of those surveyed said antivirus/malware tools have been implemented to secure their healthcare organizations’ information security environment
  • 80 percent reported using network monitoring to detect and investigate information security incidents
  • 64 percent said that a lack of appropriate cyber security personnel is a barrier to mitigating cyber security events
  • Internal security teams identify more than 50 percent of information security threats

“Indeed, respondents were widely likely to indicate that more innovative and advanced tools are required to secure their environments in the future,” HIMSS stated. “Furthermore, they indicated that healthcare organizations must operate from a perspective which presumes their organization’s perimeter has already been breached.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Unencrypted Flash Drives goes Missing

June 20th, 2015 by admin No comments »

South Carolina EMS patients may suffer data breach after unencrypted flash drives and hard disk were discovered to be missing from the storage facility. The flash drive contains information which includes names, addresses, and Social Security numbers of patients who rode in an ambulance between 2004 and 2014. Medical details about each call were also included on the back-up drives.

According to the reports, Lancaster County employees found that a safe containing two flash drives and two hard drives were no longer in a storage room in the basement while cleaning out a storage facility.

“Of course, we hate that it happened,” Lancaster County Administrator Steve Willis told the news source. “We are taking steps to make sure that doesn’t ever happen again.”

The statement fails to mention number of individuals affected by this incident

English: Transcend USB flash drive

Unencrypted Flash Drives goes Missing

but WSOC reported that the country EMS ran approximately 13,000 transports in 2014. The news source concluded that potentially 100,000 records could have been exposed.

“I think it (the safe) was most likely just inadvertently discarded at that time,” Willis added. “We have no reason to believe anyone’s information was compromised.”

Lancaster County mentioned that the drives have not yet been discovered.

“We deeply regret any inconvenience this may cause,” read a statement on the Lancaster County website. “To help prevent something like this from happening again, we will be using encrypted devices for storing EMS information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Unauthorized access leads to data breach

June 18th, 2015 by admin No comments »
English: no original description

Unauthorized access leads to data breach 

UC Irvine Medical Center announced data breach when one of its employee viewed thousands of patient records over a four-year period which not included in the job-related purpose. The incident potentially compromised the information of 4,859 patients.

The affected information includes names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, medications, employment status, and the names of patient’s health plans and employers. However, Social Security numbers, driver’s licenses or state ID card numbers, and credit or debit card information were not accessed.

Hospital spokesperson John Murray mentioned that there is no evidence that the records were downloaded or distributed via e-mail. A copy of notification letters being sent to patients was posted on the California Office of Attorney General website. UC Irvine explained the reason behind the notification letters.

“Due to its on-going investigation, local law enforcement asked us not to notify patients right away, because sending out notifications could have interfered with its investigation. Local law enforcement has now informed us that we are free to notify patients.”

The notification letter also mentioned that the hospital has hired independent experts to conduct a thorough investigation. Also, affected patients will also be offered one year of free credit monitoring and identity theft protection.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

PHI exposed after cyber attack

June 16th, 2015 by admin No comments »
PHI exposed after cyber attack

PHI exposed after cyber attack

The breached information includes Indianapolis, Gynecology Center, Inc. Fort Wayne, and Rochester Medical Group. Patient names, mailing addresses, email addresses, and dates of birth. Some patients may have also had Social Security numbers, lab results, dictated reports, and medical conditions exposed. The company mentioned that it does not collect or store financial information or credit card information, so that data would not have been affected in the incident.

“Medical Informatics Engineering immediately began an investigation to identify and remediate any identified security vulnerability,” the statement explained. “Medical Informatics Engineering’s team, including independent third-party forensics experts, has been working continuously to investigate the attack and enhance data security and protection.”

MIE referred to the incident as a “sophisticated cyber attack”.

“On June 2, 2015, we began contacting and mailing notice letters disclosing this incident to affected NoMoreClipboard clients,” the company explained. “Affected individuals for whom we have a valid postal address will also be notified of this incident through U.S. mail. We will also be disclosing this incident to certain state and federal regulators.”

According to the statement, MIE will provide complimentary credit monitoring and identity protection services to affected individuals for two years.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records mistakenly posted online

June 13th, 2015 by admin No comments »
Medical Records mistakenly posted online

Medical Records mistakenly posted online

The breached information includes included names, residences, mailing addresses, dates of birth, Social Security and Medicaid numbers, and medical diagnoses or treatment information.

DADS came to know the incident on April 21, 2015 that the information was accessible through a web application meant for internal use only. The company added that it “immediately took down the website and launched an investigation, which is ongoing.”

“DADS has no reason to believe any of the information has been misused,” the statement explained. “DADS has strengthened its policies, procedures and web-application security in an effort to prevent such a breach from occurring again.”

Department spokeswoman Cecilia Cavuto mentioned that it is possible the data was posted when its handling was transferred to another department last fall.

“I don’t think we have the answer to what exactly caused this breach just yet,” Cavuto said. “It looks like the application was developed without the appropriate security. It was supposed to be an internal application, which points to human error.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Facility notifies data breach months later

June 11th, 2015 by admin No comments »

New York health system suffered data breach when Texas-based firm that had contracted to process and collect payments had five laptops stolen. Global Care Delivery (GCD), Inc. mentioned that laptops were unencrypted. According to the statement by New York Health System, GCD had been contracted with North Shore-LIJ Health System, but did not notify the health system of the incident until months after the breach.

The affected information for approximately 18,000 North Shore includes first and last names, dates of birth, internal account numbers, diagnosis and procedure codes, and insurance identification

Facility notifies data breach months later

Facility notifies data breach months later

numbers. Around 2000 patient’s social security were also included in the breach. However, financial information and credit card were not affected.

As per the reports, laptops have not been recovered, but both facilities said they are not aware of any misuse of the data. The affected individuals are asked to remain alert by obtaining a credit report from one of the major credit to minimize the risks of such incidents in the future, including the encryption of all laptops, reporting agencies and monitoring any accounts for unauthorized activity.

“We are taking all appropriate steps servers and electronic devices maintaining North Shore-LIJ patient information.” stated the notification letter sent to patients.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Email sent to wrong recipient

June 9th, 2015 by admin No comments »
English: Looking north from Jersey Avenue at J...

Email sent to wrong recipient 

Jersey City Medical Center employee accidentally emailed patient information to an unintended recipient. The email potentially exposed approximately 1,400 individuals. The affected information includes patient names, health insurance payors, dates of admission and discharge, a one-word description of the medical service department from which the patient received services, and patient Medical Center account number.

The email was intended for internal use which included attached spreadsheet with some patient information. The email did not include any patient social security numbers

, dates of birth, any credit card or banking information, health insurance identification numbers, or patient addresses.

According to the statement:

The unintended recipient informed the Medical Center of the mistake on the same day that the email was sent,” the medical center explained. “The Medical Center attempted to obtain official confirmation that the email was completely deleted and the information was not further disclosed. Unfortunately, such confirmation has not yet been received.

The Medical Center is currently reviewing its e-mailing policies and technological processes, and is retraining staff to minimize the chance of other such incidents. The Jersey City Medical Center sincerely regrets this unfortunate incident because we consider the security of patient information to be of the utmost importance. Patients with questions relating to this incident should contact representatives.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Laptop stolen from employee car

June 6th, 2015 by admin No comments »

Laptop was stolen from U.S. Healthworks employee car. According to the reports, the device was unencrypted but was password protected. Affected information includes employee names, addresses, dates of birth, job titles, and Social Security numbers.

The statement failed to mention the place of theft and the number of affected patients. U.S. Healthworks are offering one year membership of Experian’s ProtectMyID Alert. This product helps to detect possible misuse of personal information and provides superior identity protection services.

Data Breach

Laptop stolen from employee car

“We deeply regret any inconvenience this may cause you,” the statement read. “To help prevent something like this from happening again, we are enhancing our procedures related to deployment of laptops and full disk encryption.”

U.S. Healthworks mentioned that they are working with law enforcement to locate the laptop. Also, facility believes that they have no reason to believe that any of patients’ information has been accessed or used improperly.

Theft forms important factor in data breaches. So, for BYOD employee the use of encryption software is beneficial. Incident above leads to data breach which can be avoided using encryption software.

Encryption converts the original form of the information into encoded text which can be opened only using authorized codes. Unauthorized person will not be able to translate the data for their own.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unity Recovery Group suffers data breach

June 4th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Unity Recovery Group suffers data breach

Unity Recovery Group, Inc. announced the data breach but failed to specify the cause of breach. It just mentioned that it “involved the disclosure of [patients’] personal information to one or more unaffiliated recovery and/or rehabilitation service providers, without [their] prior written consent.” Affected information includes names, addresses, dates of birth, addresses, telephone numbers, Social Security numbers, email addresses, insurance information, and/or certain health-related information.

“To protect against future incidents, we have undertaken additional technological security measures and implemented additional training of our employees to ensure compliance with Unity’s Policies,” Unity said. “We have also hired outside legal counsel to assist us with our investigation and Forensic Data Services, Inc., a technology forensics firm, to enhance the security of our IT systems.”

The breach also affected affiliated companies which include Starting Point Detox, LLC, Lakeside Treatment Center, LLC, Changing Tides Transitional Living, LLC, and Unity Recovery Center, Inc.

According to the statement:

  • We are complying with our regulatory notice obligations and continue to investigate how this breach happened in light of our Privacy Policy, Client Confidentiality Policy, Conflict of Interest Policy, and IT security policies (together “Unity’s Policies”).
  • At Unity, we take patient privacy very seriously and it is important to us that you are made fully aware of a potential privacy issue that may affect you.
  • While we have not received any indication that the information disclosed has been accessed or used for any other purpose, we are required to obtain your prior written consent before disclosing your personal information, with limited exception.
  • In keeping with our commitment to patient privacy, we have arranged for a complimentary one year subscription for you to ID Experts®, a leading identity and credit protection service. Unity is not affiliated in any way with ID Experts, however, their services have come highly recommended. If you seek the benefits of their services, ID Experts will also assist you with placing a “Fraud Alert” on your credit reports.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Heart Group suffers computer breach

June 2nd, 2015 by admin No comments »

 

Laptop icon

Heart Group suffers computer breach

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Beacon Health attacked by phishing scam

May 30th, 2015 by admin No comments »
Downtown South Bend Indiana 02

Beacon Health attacked by phishing scam 

Beacon Health System in South Bend, Indiana suffered a data breach when it was attacked by sophisticated phishing attack and unauthorized individuals gained access to employee emails. The affected information includes patient names, doctor names, internal patient ID numbers, and patient status (either active or inactive).  According to the reports, Social Security numbers, dates of birth, driver’s license numbers, diagnoses, dates of service, and treatment and other medical record information could also have been accessed for some individuals.

“Beacon continued an extensive review to determine if sensitive information was affected,” Beacon explained in the statement. “On May 1, 2015, Beacon was advised that protected health information was contained in the affected emails. While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, Beacon confirmed that patient information was located within certain email boxes.”

Notification letters are sent to the affected individuals. According to beacon, there is no evidence of attempted or actual misuse of information. The statement fails to mention the number of people affected by the incident.

“Beacon is reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again,” the health system explained.

According to the statement:

Individuals are encouraged to regularly review any Explanation of Benefits statements received from insurers for suspicious activity. If an individual does not receive a regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report.Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

CareFirst database breached by cyber attackers

May 27th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

CareFirst database breached by cyber attackers 

The database which is used for members and other individuals to access CareFirst’s websites and online services was breached when cyber attackers gained access to it. The attack was discovered by the CareFirst IT security team. The company mentioned that it is working with Mandiant for IT examinations. The attack likely led to “limited unauthorized access to a database.

The affected information includes member-created user names created by individuals to access CareFirst’s website, members’ names, dates of birth, email addresses and subscriber identification numbers. Social Security Numbers, medical claims information and financial information were not affected.

“Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords,” the statement read.

Affected individuals will receive notification with an activation code to safeguard their accounts from further damage.

“We deeply regret the concern this attack may cause”, CareFirst President and CEO Chet Burrell said in a statement. “We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New York facility suffers data breach

May 22nd, 2015 by admin No comments »

A former employee at HHC Jacobi Medical Center in the Bronx improperly accessed and transmitted files containing PHI to her personal email account. According to the reports, the incident has put the PHI of 90,000 patients at risk.  Apart from that, the employee also sent the information to her email account at her new employer, New York City agency.

Affected information includes patient names, addresses, dates of birth, telephone numbers, medical record numbers, treatment dates and types of services, and limited sensitive health information. Information related to health insurance identification numbers, which may have included Social Security numbers

Laptop icon

New York facility suffers data breach 

, were also potentially exposed for some patients.

“The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization,” the statement read.

HHC believed that there is no evidence showing that the data was misused in any way, or that it was viewed or sent to anyone other than the former employee.

“HHC has taken immediate measures to prevent the recurrence of this incident, including the automatic blocking of communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network other than for legitimate business purposes,” the organization said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical billing company suffers data breach

May 20th, 2015 by admin No comments »
English: A wing of UPMC Shadyside, the co-flag...

Medical billing company suffers data breach

University of Pittsburgh Medical Center (UPMC) suffered a data breach when third party working with the facility reported that approximately 2,200 UPMC patients may have had their records exposed by an employee.

After the incident, a Medical Management LLC employee, no longer works for the company. It was found that the employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

Affected information includes names, dates of birth and Social Security numbers. Statement mentioned that there is no evidence that information about medical histories or treatments was disclosed.

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause for our patients,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners.”

“UPMC has been informed by law enforcement authorities based on their ongoing investigation that more employee information was stolen than they originally knew,” Gloria Kreps, a UPMC spokeswoman, wrote in an email to the Pittsburgh Post-Gazette. “This new information has indicated that employee names, Social Security numbers, addresses, salaries, bank account numbers and bank routing numbers may have been accessed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Computer infiltration by malware

May 18th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Computer infiltration by malware 

Cleveland’s MetroHealth System suffered a data breach when its computers were infiltrated by malware. According to the reports, 981 patients were notified that their PHI may have been compromised. The affected information includes patient names, dates of services, dates of birth, height, weight, medications administered during procedures, medical record numbers, case numbers (limited to only to that procedure), and cardiac catheterization raw data such as tracings of EKG and oxygen saturation.

Three computers in the facility’s Cardiac Cath Lab had malware, according to The Plain Dealer. The facility came to know about the breach on March 17, and patients who had procedures in the lab between July 14, 2014 to March 21, 2015 will potentially be affected. Financial information were not affected by the breach.

“MetroHealth has no evidence that the malware is used to obtain medical information,” MetroHealth said. “We sincerely apologize and regret that this situation has occurred.”

According to the statement:

In investigating the breach, the health system found that a business associate disabled antivirus software on the computers to facilitate a software update. There is no evidence that any health information was accessed.

The health system recommends that affected patients monitor account statements and any Explanation of Benefits statements related to the procedures.

In response to the breach, MetroHealth said it has strengthened procedures to protect patient privacy, including increased monitoring for malware and added antivirus update reviews, and revised software update procedures for the Cath Lab computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical records found in residential driveway

May 15th, 2015 by admin No comments »
A medical record folder being pulled from the ...

Medical records found in residential driveway 

An Orlando facility suffered a data breach after medical records were found in a residential driveway. According to the reports, Florida resident John Henderson received a letter from Orlando facility informing that a list of patients and their information was found in a neighborhood driveway. Henderson also mentioned that his son’s information was on the found patient list.

The affected information includes patient names, medical record numbers, account numbers and even diagnoses. The notification letter added that Social Security numbers and insurance information were not included on the papers. Facility mentions that one of its employees reportedly took the patient list home by mistake, and it is believed that it fell out of the employee’s car

“It just don’t make sense, it don’t make sense,” Henderson told the news source. “And I can’t believe Orlando Health is this irresponsible.”

Orlando Health said that notification letters were sent to 68 patients “out of an abundance of caution,” and that it does not believe that any harm will come from the incident.

“We understand the concerns of patients involved in this incident,” Orlando Health said in its letter, according to the news reports. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Improper disposal of paper documents leads to Lawsuit

May 12th, 2015 by admin No comments »
Laptop icon

Improper disposal of paper documents leads to Lawsuit

A lawsuit was filed against a Chicago area storage company, after it allegedly exposed sensitive patient information by dumping paper records in a public dumpster. Illinois Attorney General Lisa Madigan filed a lawsuit when improper disposal of paper records breached patient names, dates of birth, Social Security numbers and other sensitive personal information.

FileFax Inc. “failed to provide safe, secure and proper collection, retention, storage and destruction of Suburban Lung records, Madigan explained.

“This company brazenly violated the law and jeopardized the personal information and privacy of thousands of Illinois residents,” she said.

Earlier, Suburban Lung Associates had contracted with FileFax to maintain and destroy patient medical records. Affected individuals had been patients at Suburban Lung Associates. The facility operates in numerous north and northwest suburban Chicago locations.

According to Madigan, FileFax violated Illinois’ Personal Information Protection Act. The act was passed to ensure consumers’ personal information protection in the state. The lawsuit states that the company violated Illinois’ Consumer Fraud and Deceptive Business Practices Act. According to the lawsuit statement, in some instances, FileFax disposed of Suburban Lung records in an unlocked garbage dumpster outside of its facility that was accessible to the public.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Document goes missing in Florida

May 6th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Document goes missing in Florida

The Florida Department of Health allegedly suffered a data breach affecting five patients when sensitive document was stolen from the car. A department employee had documents in his car, which was broken into on March 31. According to the news source, the papers were in a secured briefcase.

One of the affected patient, Chris Kibodeaux claims that he was not notified until May 7. He said that his name, Social Security number, address, phone number and diagnosis were included in the stolen documents.

“Someone could’ve definitely had enough time to do what they were going to do, and if there is damage it’s already been done,” Kibodeaux said. “I’m going to have to pull my credit report and I’m going to have to try to figure out if someone has done something with my name.”

Chris does not want personal information of HIV Positive status in someone else’s hands.

“HIV is still a stigma,” said Kibodeaux. “It’s different me telling my status because it’s my personal tellings, but for someone to have that in the open, it’s not right.”

The facility mentioned that it is still in the process of notifying all affected patients, and that it will offer identity protection services to those individuals.

According to the reports, the letter Kibodeaux received said the employee was put on administrative leave while the incident is investigated, but the Department of Health said they could not comment on personnel issues.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Records accidentally sent to wrong recipient

May 5th, 2015 by admin No comments »
UT Southwestern

Records accidentally sent to wrong recipient 

Immunization records for approximately 1,000 patients at the UT Southwestern Medical Center were mistakenly sent to a confidential Texas registry.

“UT Southwestern notified us of the issue, and we deleted the records from the ImmTrac system,” department spokeswoman Christine Mann told the news source. “It appears it was an error and the issue has been resolved.”

The registry is used by physicians, health departments and school districts. The facility mentioned that the system is “subject to strict confidentiality requirements” and that all data transmitted is done with “high-strength encryption.”

Letter to patients, signed by Pamela Bennett, UTSW’s interim privacy officer mentioned that there is a very low probability that the information disclosed was compromised.

According to UTSW, the issue was due to a computer glitch that occurred during “a routine upgrade to the system”.

“We corrected the electronic issue in our system the same day it was discovered,” UTSW spokesman Russell Rian said in a statement, according to the news source. “And we worked diligently…to prevent any future occurrence.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Flash Drive and Data Exposure

May 4th, 2015 by admin No comments »
English: A Sandisk-brand USB thumb drive, SanD...

Flash Drive and Data Exposure 

According to the reports, a lost flash drive containing “limited patient information” rendered a hospital to send out notification letters. As per the statement, Roper St. Francis Hospital mentioned that the flash drive did not contain Social Security numbers, dates of birth or financial information. Affected information includes patients’ names, ages, diagnoses, and dates of procedures.

After conducting a thorough investigation, hospital spokesperson stated that Roper St. Francis does not believe that the information was inappropriately accessed or used in a malicious way.

The story was covered by South Carolina news station, WCSC. It did not state how the flash drive went missing, or if Roper St. Francis was making efforts to adjust its physical, technical, or administrative safeguards.

As per the mail to the security news website-

“A USB flash drive for a computer that contained some patient information was inadvertently misplaced.” The lost flash drive contained information for about 375 patients including name, age, diagnosis, date of service, length of stay, procedure, outcome and provider name, according to the spokesperson. However, it was reiterated that the flash drive did not contain Social Security numbers, financial information, dates of birth, addresses, or insurance information. 

“There is no evidence or reason to believe that the information has been improperly accessed, acquired, or misused in any way,” the spokesman wrote in the email. “We are notifying individuals affected to let them know what we are doing to protect their patient information.”

Phishing attack leads to data breach

May 2nd, 2015 by admin No comments »

Partners Health Care System, Inc. suffered data breach when it learned that employees had fallen victim to a phishing scheme, providing sensitive information to unauthorized individuals. Affected information includes names, addresses, dates of birth, telephone numbers, and Social Security numbers in a few cases. Moreover, patients’ clinical information, such as diagnoses, treatment received, medical record numbers, medical diagnosis codes, or health insurance information, could also have been exposed in a few cases.

“Responding to the ‘phishing’ emails created an opportunity for unauthorized access to the workforce members’ email accounts within the Partners HealthCare network,” the statement read. “When we learned of this, we took steps to secure the email accounts and contacted law enforcement.”

Partners’ affiliated hospitals and institutions are also potentially affected which includes Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital.

“We deeply regret any inconvenience this may have caused you,” Partners said in its statement. “To help prevent something like this from happening in the future, we have reinforced workforce member education regarding ‘phishing’ emails and are enhancing our existing technical safeguards to protect patient information.”

The hospital mentioned that notification letters are sent to the affected individuals. They believe that there is no indication of affected information being misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records exposure leads to data breach

April 29th, 2015 by admin No comments »
Los Angeles County-USC Medical Center (Emergen...

Medical Records exposure leads to data breach 

LAC+USC Medical Center (LAC+USC) – Augustus F. Hawkins (Hawkins) Mental Health Center mentioned  that patients’ records were found in the home of a facility employee, when a search warrant was being served at the residence. Authorities reportedly found confidential patient information for 900 Hawkins patients in the nurse’s home. The search was unrelated to County business.

“The incident has been reported to the Health Authority Law Enforcement Task Force (HALT), and we are also actively working with other law enforcement agencies,” the LAC+USC and Hawkins statement read. “We will notify the California Department of Public Health, the California Attorney General, and federal authorities in accordance with statutory requirements LAC+USC Medical Center is conducting a review of its privacy and security practices and will revise them as needed based on the findings.”

The affected information includes information such as names, medical record numbers, addresses, phone numbers, dates of birth, diagnoses, dates of admit, insurance carriers, insurance identification numbers, and Social Security numbers. Other personal data, including driver’s license information, may also have been compromised.

According to the reports, the nurse who allegedly took the documents has resigned and is no longer working at the hospital.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Maryland facility scam hit by Email Phishing scam

April 27th, 2015 by admin No comments »
Laptop icon

Maryland facility scam hit by Email Phishing scam 

Maryland-based St. Agnes Health Care, Inc. recently mentioned on its website that it suffered data breach when one of its employees was the victim of an email phishing scam. St. Agnes said that it sent data breach notification letters to approximately 25,000 patients. It included the warning as protected information was potentially exposed.

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” Saint Agnes Corporate Responsibility Officer Sharon McNamara said in a statement. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our email service provider and are evaluating additional ways to enhance our already robust security program.”

The affected information includes patient names, dates of birth, genders, medical record numbers, insurance information, and limited clinical information. There were four cases where Social Security numbers were exposed.

“Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account,” the statement read.

The statement failed to mention the date and time of breach incident.  Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ascension Health Facility hit by Email Phishing Scam

April 25th, 2015 by admin No comments »
English: email envelope

 Ascension Health Facility hit by Email Phishing Scam  

Ascension Health Facility suffered consecutive data breaches due to email phishing scam. It is not confirmed whether two incident were related to each other. Seton Family of Hospitals, a division of Seton Healthcare Family (“Seton”) announced the breach on the website. According to the reports, 39,000 patients’ got affected. Username and passwords was targeted by the scammers.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said in a statement.

The exposed information includes patient demographic information, such as names and dates of birth, medical record numbers, insurance information, limited clinical information, and Social Security numbers in a few cases. Medical records or billing records were not included in the breach.

“Seton launched an investigation into the matter, and the investigation has required electronic and manual review of affected emails to determine the scope of the incident,” Seton said in its statement. “Seton engaged computer forensics experts to assist with the investigation.”

The facility said that patients who had their Social Security numbers potentially exposed will receive free identity monitoring and protection services. Seton said that it is working with its email service provider “to evaluate ways to enhance its already robust security program,” and will provide more employee education on email phishing scams.

“We value the privacy and security of protected information, and we are committed to protecting the confidentiality and privacy of our patients and employees,” Garza said. “It is our priority to support those who have been affected.”

Washington’s attorney general and two lawmakers’ favors stronger data breach laws

April 22nd, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Washington’s attorney general and two lawmakers’ favors stronger data breach laws 

Washington’s attorney general and two lawmakers are calling for stronger data breach laws after the recent incidents of Premera Blue Cross and Anthem, Inc. data breaches. Attorney General Bob Ferguson, Sen. John Braun, and Rep. Zack Hudgins wrote an opinion piece in The Olympian this week.

As per the statement, current state data breach law is a decade old and obsolete and more meaningful and timely notification laws are necessary. They are trying to close current loopholes. The proposed legislation would require that individuals and the attorney general be notified within 45 days of a data breach occurring.

“In the present statute, there are too many loopholes about when notification must be provided, leaving consumer’s vulnerable to financial fraud and identity theft,” the opinion piece said. “The current law is alarmingly vague on the timeline to notify consumers when data has been compromised. And unlike other states, our current statute does not require notification to the Attorney General when a data breach puts state residents at risk.”

The proposed legislation states that HIPAA covered entities are “deemed to have complied with the notice requirements” if they have “complied completely with section 13402(f) of the federal health information technology for economic and clinical health act, Public Law 111-5.”

Murray discussed the data breach notification process as he was upset with the Premera data breach. He said that it was troubling that it took Premera so long to notify individuals, the media, and lawmakers that an incident took place.

“These failures are particularly troubling given the scope of the attack,” Murray wrote. “It is my hope that Premera can move with great speed and efficiency to ensure that my constituents receive prompt notice and information about the services that are being made available to them.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Email Phishing scam leads to data breach

April 20th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Email Phishing scam leads to data breach 

St. Vincent Medical Group, Inc. suffered data breach when approximately 760 patients’ PHI got exposed. Employee’s username and password was compromised because of an email phishing scam which resulted in to the incident. St. Vincent learned about the data breach on Dec. 3, 2014, and said that it “immediately shut down the username and password of the impacted account and launched an investigation into the matter.”

The affected information includes patient names, demographic information such as dates of birth and phone numbers, account numbers, and Social Security numbers in a few cases. Limited clinical information related to services patients received was also included.

“The investigation has required electronic and manual review of affected emails to determine the scope of the incident,” As per the statement.

As per the St.Vincent individual medical records and billing records were not accessed.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said.

St. Vincent mentioned that complimentary identity monitoring and protection services will be offered to patients whose Social Security number was exposed. It will also be providing further employee education on how to avoid phishing scams.

This is not the first time St.Vincent suffered data breach. Earlier, St. Vincent Breast Center mistakenly sent letters with patient information to the wrong addresses.

As per the previous statement:

“Please be assured that the Center is taking steps to mitigate this incident by notifying affected individuals through this substitute notice, media notice, and destroying all letters that have been returned,” St. Vincent said on its website. “The Center is also evaluating and making changes to its patient mailing processes internally and with external vendors to avoid an incident of this nature in the future.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malicious Software

April 17th, 2015 by admin No comments »

Malicious Software

Malicious Software is a kind of software which gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc.

What is the purpose of Malicious Software?

Malware may be intended to steal personal information or spy on computer users without their knowledge or it may be designed to cause harm, often as sabotage or to extort payment.

Types of Malware

Viruses

A computer program usually hidden within another seemingly useful program that duplicates itself to inserts them into other programs or files and destroys the data or performs intended action.

Trojan Horses

Trojan Horses is computer program that asks users to install it under the pretext of description which appears useful. It is the way to fool users by providing fake information for malware.

Rootkits

Malicious Software which conceals their identity by modifying the host’s operating system to hide from the user.

Backdoor Access

A backdoor is the method by which normal authentication procedures are bypassed, usually over a network connection such as internet.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Common sense can stop phishing attack

April 15th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Common sense can stop phishing attack 

What is phishing attack?

Phishing emails, websites and phone calls are designed to steal money. It can be also be done by installing malicious software. Cybercriminals asks you to install malware under pretext of useful software.

How to stop phishing attack?

Spelling & Grammar – Cybercriminals are not that good at spellings and grammar. Professional organizations have dedicated writers for drafting emails. So, the possibility of error in the phishing write up is more.

Fake Alerts – You may get the update from the company you know. Please check for the authenticity of the email and then take any action.

Website Links – Do not click the links from the email. They may also include direct download .exe file which installs malicious software on your computer.

Threats – One of the popular ways to steal the user is by threatening email which states that your account will get closed if you didn’t respond to the said email. Ignore such emails or mark them as spam.

Report Phishing Attack

Company Pretension – Verify the information with the official company helpdesk before taking action for the email, phone etc.

Phone Calls – Report to your local authorities if you receive any phishing phone call.

Emails – Report it to your email service provider like Google, Yahoo etc. if you receive phishing emails.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

IT security Professional Survey about Insider threat

April 12th, 2015 by admin No comments »
A percent sign.

IT security Professional Survey about Insider threat 

The SANS 2015 Survey on Insider Threats provided below results:

  • 74 percent of the IT security professionals said they’re worried about insider threats from negligent or malicious employees
  • 32 percent said they have no capacity to prevent an insider breach
  • 28 percent said insider threat detection and prevention isn’t a priority in their organizations
  • 44 percent of respondents said they don’t know how much they currently spend on solutions to mitigate insider threats
  • 45 percent said they don’t know how much they plan to spend on such solutions in the next 12 months
  • 69 percent of respondents said they currently have an incident response plan in place
  • More than 52 percent of survey respondents said they didn’t know what their losses might amount to in the case of an insider breach.

“While it’s good to see that a strong majority of security professionals are concerned about the dangers posed by insider threats, I was struck by the fact that investment in solutions that can help does not appear to be keeping pace with that concern,” SpectorSoft COO Mike Tierney said in a statement. “I believe a key action item called out by the survey data is that increased focus on, and investment in, addressing the concerns is required.”

According to the  2015 Vormetric Insider Threat Report:

  • 92 percent U.S.-based healthcare IT decision makers said their organizations are vulnerable to insider threats
  • 49 percent felt “very” or “extremely” vulnerable to insider threats.

According to the Harris Poll Survey-

  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.
  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.

“Healthcare data has become one of the most desirable commodities for sale on black market sites, yet U.S. healthcare organizations are failing to secure that data,” Vormetric CEO Alan Kessler said in a statement. “An overreliance on compliance requirements and a cursory nod to data protection point to systemic failures that are putting patient data at risk.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Skill gap widens for information security professionals

April 9th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Skill gap widens for information security professionals 

Today, organizations are finding it difficult to manage IT security threats and avoid error. They also face challenges to recover after cyber attack. According to the survey, by 2020 there will be shortfall of 1.5 million information security professionals.

The IT security of companies is being threatened by understaffed workforce and the high level of complexities. (ISC)2 conducted survey polled 3,000 information security professionals and practitioners worldwide.

“Our first workforce study was conducted in 2004 to illuminate critical concerns within the information and cyber security that were struggling for attention,” said Adrian Davis, managing director, Emea, at (ISC)2.

“The 2015 report shows that many of these issues are finally getting much-needed budget and priority, but we are facing new challenges and our skills and staffing challenge is growing,” he added.

Davis mentions that the findings are more or less similar to US and Europe.

“There are some small differences from country to country, but at a higher level, as information security environments become increasingly homogeneous, there is not much variance,” he told Computer Weekly.

“This is likely to be due to the fact that the legal and privacy environment in Germany may make companies more sensitive to protecting information,” he said.

The study also shows that security spending is increasing across the companies.

“We are playing catch-up in an environment where information security has never really made its case as being an interesting and exciting career, and where security professionals are retiring faster than they are being replaced,” said Davis.

Sony like attack possible

April 6th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Sony like attack possible 

According to the security researchers, many hackers across the globe can launch Sony like attack. Around 90% of the companies can suffer possibilities of hacking considering their current security standards.

There is no shortage of technically proficient people willing to launch such an attack, said Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker.

“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller tells “60 Minutes”‘ Steve Croft in an interview airing Sunday evening on CBS television stations.

Complicating things for companies is the sheer number of computers that must be protected, usually from the employees operating them, said Kevin Mandia, chief operating officer of FireEye, the anti-malware company that worked with Sony to mitigate the effects of the hack.

“The advantage goes to the offense in cyber,” Mandia says. The defense must defend every computer, thousands in some cases, but “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”

The Sony security breach was more serious that it was perceived. Hackers leaked the personal information which includes Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. They also leaked movies which were not released, as well as embarrassing emails between Sony Pictures executives, among other internal documents.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cloud Security Adoption

April 4th, 2015 by admin No comments »

 

 

English: Icon from Nuvola icon theme for KDE 3...

Cloud Security Adoption 

 

Cloud security is given more and more importance by the health care and pharmaceutical industries. These two represent about 38% from the sample survey for cloud security adoption. Privacy regulations and the related laws require the Protected Health Information (PHI) to be secured.

 

“While these regulations vary by region and local governments, the common theme is to ensure both the data at rest within the cloud application and associated data workflows are protected, which enables these organizations to launch new service portals and provide improved methods for sharing information,” the authors explained.

 

The survey also states that there is rising trend in adoption of data encryption software.

 

“While data encryption is considered the primary method for protecting data in the cloud, additional requirements include the organization’s ability to control access to the encryption keys and preserve search, sort and filtering functions,” the report stated. “Successful cloud security deployments also require workflows and interoperability with both enterprises on-premises applications as well as external cloud-based applications.”

 

Healthcare organization needs to adopt stringent security measures due to HIPAA Omnibus Rule, which also makes third party companies liable for data breach.

 

“For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis,” the Rule states. “Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Missing documents lead to data breach

April 2nd, 2015 by admin No comments »
English: MA Route 152 northbound in Attleboro ...

Missing documents lead to data breach

Life Care Center of Attleboro in Massachusetts suffered a data breach when the company that stores its patient records could not find certain documents. Iron Mountain which stores records for Life Care Center could not find certain documents which contained patients’ information. The breach came to notice during the audit. The affected patients involved those who received medical care in Life Care Center between 1992 and 2004. Employees who worked at Life Care between 1992 and 1999 may also suffer a data breach.

The compromised information includes patient names, addresses, Social Security numbers, dates of birth, diagnoses, and other medical status and assessment information. The missing box of documents may also contain financial information. It is not clear how the incident occurred.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.

According to Iron Mountain, records were inadvertently destroyed during a planned consolidation of storage facilities by a predecessor company.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.”

Iron Mountain mentioned that it will continue the search.

“Until Iron Mountain completes a full audit of its records, they will not be able to ascertain whether the stored boxes are located, missing, misplaced, or destroyed,” according to Life Care. “This audit is expected to be completed by December 2015.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Potential PHI exposure due to phishing scam

March 29th, 2015 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

Potential PHI exposure due to phishing scam

Children National Health System (Children’s National) employees fell victim to phishing scam which led to potential PHI breach for some patients. According to the reports, hackers could have gained access to PHI from the employee’s email account. The affected information includes names, addresses, dates of birth, and telephone numbers. Moreover, clinical information such as diagnoses, treatment received, medical record numbers, medical service codes or health insurance information, were also potentially accessed. Few records also included Social Security Numbers.

“We reported the phishing attack to federal law enforcement and continue to work with them in their investigation,” the statement read. “Importantly, neither patient charts nor our electronic medical records system were compromised. Only the discrete information contained in the email accounts was potentially affected.”

After the incident, the company is training the employees to handle the suspicious emails. The facility has enhanced its existing technical safeguards and a review of systems is underway.

According to the statement:

We have no evidence that this information in the emails has been misused or even accessed. However, in an abundance of caution, we began sending letters to affected patients on February 24, 2015, and have established a dedicated call center to answer questions patients may have.

We recommend that affected patients regularly review the explanation of benefits statement that they receive from their health insurer. If you identify services listed on your explanation of benefits that you did not receive, please immediately contact your insurer.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

HIPAA Compliance and the Cloud

March 26th, 2015 by admin No comments »

HIPAA compliance is becoming an important topic with the rise of Cloud usage. It is important to secure the patients’ data because there are vulnerabilities in cloud storage. The HIPAA Omnibus Rule had made several changes in terms of handling patient’s data. Now, cloud service providers are considered as business associates and remain accountable in case of breach.

According to the HIPAA rule, patients’ privacy is protected, regardless of where it is being stored which includes cloud storage option.

“For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”

The Center for Democracy and Technology (CDT) has published Frequently Asked Questions (FAQs) about the Omnibus Rule.

“The obligations of a business associate depend on the extent of services and functions it is performing with PHI on behalf of a covered entity,” the CDT paper states. “A CSP that has no capability to access PHI, that provides storage functionality only, and that adheres to HHS standards with respect to encryption should have little liability risk as a business associate (except to ensure that it properly manages encryption).”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare Data Breaches and Patients

March 23rd, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Healthcare Data Breaches and Patients 

Healthcare breaches affect hospitals and patients alike, says survey by TransUnion. The organization can face huge penalties from the Department of Health and Human Services (HHS) due to data breach. The lost personal information takes time to recover and leads to loss of trust.

According to the recent survey, healthcare data breaches can also push patients away from the affected organization. TransUnion conducted an online survey of around 1200 US adults who received medical care.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” TransUnion Healthcare President Gerry McCarthy said in a statement. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

According to the survey-

  • Sixty-five percent of surveyed adults said that they would avoid providers that experience a healthcare data breach
  • Forty-six percent of those surveyed said they expect a notification within one day of the breach
  • Thirty-one percent said that they expect to receive a response or notification within one to three days
  • Seventy-three percent of patients ages 18 to 34 said they were likely to switch healthcare providers after a data breach

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new health care provider following a data breach,” McCarthy said. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Florida Hospital Employees compromise Patient PHI

March 21st, 2015 by admin No comments »
English: Florida Hospital Celebration Health -...

Florida Hospital Employees compromise Patient PHI

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sacred Heart Health Systems suffers billing data breach

March 19th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Sacred Heart Health Systems suffers billing data breach

Florida facility of Sacred Heart Health Systems suffered data breach when its third party vendor experienced email hack. The affected information includes patient names, dates of service, dates of birth, diagnoses and procedures, billing account numbers, total charges, and physician names. Along with above information, 40 patients’ Social Security numbers were also compromised.

“Upon notice of the incident, Sacred Heart, in cooperation with our billing vendor, immediately launched a thorough investigation into the matter,” according to the company statement. “Sacred Heart engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.”

According to the reports, third party billing vendor employee’s e-mail username and password were compromised because of this incident. The Facility is trying to solve the loopholes in the email system to avoid such incidents in the future. It is working with email service provider to evaluate how to enhance its “already robust security program.”

According to the statement, Sacred Heart said that it will offer complimentary identity monitoring and protection services for patients whose Social Security number was affected. As soon as the incident came to notice, the access of employee username and password were immediately shut down.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Missing encrypted devices leads to data breach

March 17th, 2015 by admin No comments »
Laptop icon

Missing encrypted devices leads to data breach 

Home health and hospice company Amedisys suffered data breach when its encrypted devices which consisted of computers and laptops went missing. Amedisys failed to find near about 142 devices. The incident came to notice when risk management process was conducted. The devices were assigned to Amedisys clinicians and other team members who left the company between 2011 and 2014.

The compromised information includes names, addresses, Social Security numbers, dates of birth, insurance ID numbers, medical records and other personally identifiable data.

“The confidentiality and security of patient information has been and will remain a top priority for Amedisys,” Chief Compliance Officer at Amedisys Chief Compliance Officer Jeffrey Jeter explained. “We have worked actively with leading risk management and technology experts to inventory and assess devices that may contain personal or health information and ensure the integrity of our information security systems.”

Amedisys explained the situation on its website statement.

“All of the computers were encrypted, and the vast majority of them were used by licensed Amedisys clinicians to provide care for patients in their homes,” Amedisys stated, adding that it has not been able to rule out “unauthorized access to patient data.”

According to the statement:

We have received no reports of any hacking, fraud, or identity theft. However, as required by law and out of an abundance of caution for our patients, we are providing notice to all patients whose information was on devices because we cannot rule out unauthorized access to patient data on the devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malware hits Advantage dental database

March 13th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Malware hits Advantage dental database

Oregon based Advantage Dental suffered data breach when its internal database was attacked by malware. The unauthorized access affected 151,626 Advantage patients. The compromised information includes names, dates of birth, phone numbers, Social Security numbers, and home addresses. According to the reports, treatment, payment, and other financial data were not accessed.

“Since terminating the illegal access, Advantage has been reviewing and improving its safeguards, implemented mitigation steps to prevent further access and has been working with law enforcement to properly determine the scope of the incident and any additional steps that might be required,” the statement read. “At this time, Advantage has no indication that the stolen information has been used for criminal activity, to include identity theft.”

Advantage Compliance Manager Jeff Dover told that the theft happened after the malware accessed an Advantage employee’s computer. Username and password that allows access to the membership database was stolen from there. This is a separate database from the one that contains financial and treatment information.

“Unfortunately this happened,” Dover said, adding that Advantage computers are equipped with anti-virus software, but sometimes new variations of a virus are not detected. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.”

After this incident, Advantage is no longer allowing access to its internal patient database from computers that are not within company clinics or its Redmond headquarters.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

11M affected by Premera Health data breach

March 11th, 2015 by admin No comments »
English: Blue Cross Blue Shield Tower under co...

11M affected by Premera Health data breach 

Sophisticated cyber attack on Premera Blue Cross leads to health data breach affecting 11 million individuals. Company discovered data breach on Jan 29, 2015. Affected entities involve Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Also, members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska were also affected by the cyber attack.

The breached information includes Applicants and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information.

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected,” according to the Premera statement. “The investigation has not determined that any such data was removed from our systems.  We also have no evidence to date that such data has been used inappropriately.”

According to the statement, letters will be sent to affected individuals, and two years of free credit monitoring and identity protection services will also be offered to those applicants and members.

“As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” Roe said. “All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI breach due to break in

March 9th, 2015 by admin No comments »
English: Acer Aspire 8920 (with 18.4 inch scre...

PHI breach due to break in

Mosaic Medical may have suffered data breach when PHI got exposed due to break-in. The incident took place at a temporary office location for the facility’s Bend, Oregon location. Mosaic is not sure whether the medical record got accessed or not because at prima facie nothing appears to be stolen.

“The personal information that was possibly accessed was on paper documents within the office and included health information, medical insurance information, phone number, and e-mail addresses,” Mosaic said in a statement, according to local news station KTVZ. “A report was filed with the Bend Police Department and they have investigated the break-in.”

Mosiac Medical discovered that a break-in happened at night. According to the reports, the facility has taken steps like moving its HIT office to secure more information. Also, affected patients have been notified via letters.

“We understand the importance of safeguarding our patients’ personal information and take that responsibility very seriously,” Mosaic Medical Chief Operating Officer Allison McCormick said in the statement. “We will do all we can to work with our patients whose personal information may have been compromised.  We regret that this incident occurred, and we are committed to preventing future occurrences.”

Mosaic Medical is a local nonprofit community health center system with primary care clinics in Prineville, Bend, Madras and Redmond.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Online application glitch may lead to data breach

March 7th, 2015 by admin No comments »
Laptop icon

Online application glitch may lead to data breach 

A nonprofit organization, Painted Turtle based in California which runs a camp for children with life-threatening diseases and their families free of charge suffered data breach when some personal information may have been exposed because of online application glitch.

The affected information includes names, addresses, Social Security numbers, driver’s license numbers, personal medical information, and employment information.An error in the database of the painted Turtle’s online application server for campers and volunteers caused the data breach. Bank account and credit card information were not present on the server.

“We immediately brought the database offline to prevent anyone from being able to access your records,” Maher wrote. “Also, in an effort to prevent similar data breaches in the future, before bringing the system back online we updated our database’s code to prevent the issue from occurring again.”

According to the statement on the website:

Your information would not have been viewable unless a specific chain of events occurred.

Specifically: (1) you would have had to identify someone as a Reference in your application in 2013–2014, and (2) that person would have had to begin filling out an application as well, and (3) while that person’s application (and your application) was still pending, (4) they would have had to access their pending application and click “show related profiles” and your name. Again, your information would not have been accessible to anyone outside of the persons you listed as References in your application.

We became aware of this issue on January 12, 2015. As soon as this error was brought to our attention, we began taking steps to address and mitigate the risk to you. We immediately brought the database offline to prevent anyone from being able to access your records.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Texas warehouse vandalized

March 4th, 2015 by admin No comments »

A warehouse in Texas which stores patients’ records was vandalized leading to the data breach. The affected entity involves Westlake Medical Centre patients as intruders gained access to that particular section. The affected information includes patient addresses, health information, and Social Security numbers. The affected numbers of patients is not known.

According to the statement on website:

Warehouse Roof

Texas warehouse vandalized

Having recently purchased the practice formerly known as Westlake Medical Center, Hunt Regional Medical Partners Family Practice at Westlake is taking full responsibility for the potential breach.

The protection of private information is something we take very seriously. After being informed of the incident, Hunt Regional Medical Partners and the local Sherriff’s department began an immediate investigation and are in the process of notifying the affected patients. We have relocated the records and are reviewing internal procedures to determine added safeguards for the future.

As a precaution, Hunt Regional Medical Partners will also cover the cost for one year for you to receive credit monitoring from AllClear ID Alert Network.

We are committed to protecting the privacy of our patients. Please do not hesitate to contact us with any questions at our toll-free telephone number

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop stolen from Doctor’s Car

March 2nd, 2015 by admin No comments »
English: Laptop

Laptop stolen from Doctor’s Car 

Heath information was potentially compromised when laptop was stolen from doctor’s car. Around 400 patients are notified about the recent data breach. The incident took place at the Medical College of Wisconsin. According to the Medical College spokesperson, that a document with private information on about 400 patients was stolen from the vehicle, while a laptop with data on one patient was also taken.

“Firm policies are in place prohibiting the downloading of patient information to portable media, as well as the secured transport of documents containing patient information,” read a Medical College statement obtained by WDJT. “We sincerely regret that this unfortunate event occurred.

According to the statement, the affected patients are contacted and steps are taken to prevent this type of event. Institutional policy is revisited to safe guard the sensitive information. Excerpts from the statement on website -

The purpose of this policy is to address the appropriate protection and encryption of all MCW Electronic Protected Information (EPI) when it is stored, transferred or accessed on any mobile device.  Full mobile device encryption and related controls are required to access MCW’s electronic network or information through another means.

All Workforce members must protect MCW EPI. Workforce members using a Mobile Device owned by a workforce member, an external entity or one provided by MCW, to access or store EPI must have encryption using an institution-approved tool.

On personally owned devices (i.e. BYOD), should a workforce member choose not to permit MCW’s MDM tools and supporting processes on their personal device, access to MCW’s secured resources will be limited as outlined in procedure below.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

File Sharing and Security

February 28th, 2015 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

File Sharing and Security 

In recent times, file sharing is done frequently on the internal servers, websites or through Instant Messaging service. Due to availability of various services on personal devices like smart phones it has become challenging for the organization to secure the sensitive information. Even unprotected Windows networking shares can be exploited by intruders in an automated way. Companies can follow below guidelines to protect themselves from data breach:

  • Protecting your computer against malicious file sharing tools and websites
  • Domain checking of the website for authenticity and then allowing permission to transfer data
  • Downloading data from trusted sites
  • Save downloads instead of running them from pop up window
  • Checking license agreement and privacy statement before installing any software
  • Avoiding illegal downloads
  • Don’t open mail from unknown sources
  • Don’t share your computer access
  • Regularly update your security software with the patches
  • Check your security on regular basis
  • Don’t open your IM on public list
  • Never send sensitive information or files like credit card numbers, SSN’s etc on IM
  • Secure your IM by contacting security admin regularly
  • Highly social nature of IM helps imposters to get information
  • Beware of sharing your personal as well as company information with strangers

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Information Technology, PHI security and Access to records

February 26th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Information Technology, PHI security and Access to records 

In today’s demanding world, it is important to provide speedy access to clinician, staffs etc. to treat their patients. But Protected Health Information (PHI) security should also remain top most priority. The data breach not only puts patients at risk but also tarnishes the image of the institution. It’s better to follow below guidelines:

  • Protection of clinician workstations using  IT security measures
  • Restricting unauthorized access to PHI
  • Follow real world examples of most secured facilities
  • Use encryption software like Alertsec to protect your devices
  • Avoiding the pitfalls of online access
  • Recognizing malware by installing genuine anti virus
  • Preventing and responding to identity theft
  • Recovering from computer viruses
  • Understanding your computer and their use like email accounts, sharing, chats etc for sensitive information
  • Using secure connections
  • Use of desktop firewalls
  • Backing up data and refreshing affected systems
  • Work with people to understand importance of security
  • Thinking like an attacker and implementing security measures
  • Be wary of how much authority you give to a consultant
  • Record as much activity you can
  • Destroy discarded documents efficiently
  • Destroy and recycle electronics correctly

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Protected Health Information documents in Dumpster

February 24th, 2015 by admin No comments »

Suburban Lung Associates in Illinois may face a protected health information (PHI) breach after its medical record was found in the dumpster. Local CBS affiliate news station reported the incident. It found out that number of patient charts was thrown in the trash that contained PHI such as patients’ medical histories, Social Security numbers and driver’s licenses.

According to the reports, CBS affiliate discovered that the dumpster belonged to Filefax, a company that stores and transports medical records. The news station broadcasted news with inputs from dumpster driver. The women driver explained that Filefax had allowed her to take the papers a week prior and she had made ten trips with 1,000 pounds of Suburan’s medical records.

Filefax avoided news reporter after the incident. News station has alerted Northbrook police of the unsecure medical information, and police then ordered Filefax to secure the dumpster in their facility.

Hospital mentioned that its security policy mandates that the vendor destroy all medical files. They also said that they believe in protecting patient’s information at priority and this breach is isolated incident. The Illinois Attorney General and US Department of Health and Human Services are now investigating the breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

8.8 To 18.8M Individuals affected by data breach

February 22nd, 2015 by admin No comments »
Anthem Blue Cross-Blue Shield office in Denver.

8.8 To 18.8M Individuals affected by data breach 

The recent revelation by Anthem was the continuation of previous data breach which was caused by hacking incident. Anthem, Inc spokesperson stated that anywhere from 8.8 million to 18.8 million non-customers could be impacted. The affected information included names, birthdates, Social Security numbers, addresses, phone numbers, email addresses and employment data that may have included income information.

Credit card information, bank account numbers or other financial data were not affected. Anthem is a member of an independently run Blue Cross Blue Shield (BCBS) national network and runs the BCBS healthcare plans in 14 states. Other states’ plans are independently run. Approximately 105 million individuals have coverage under the BCBS license in 37 different companies.

The Anthem spokesperson said that the facility’s investigation is in process, but it estimated that tens of millions of personal records were stolen during the breach. Federal and State investigations are also conducted along with internal investigation. Anthem will start sending notification to the affected individuals. As per the report, the Anthem’s drive was not encrypted which aggregated the breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Sensitive information posted on Lone Star’s website

February 21st, 2015 by admin No comments »

Lone Star suffered data breach when sensitive data was posted on its website by the third party company working for them. According to the reports, exposed information included names, addresses, phone numbers and some dates of birth.

Lone Star CEO Rhonda Mudhenk told Roser that no financial information was compromised, and that the company at fault no longer works on Lone Star’s website.

English: A candidate icon for Portal:Computer ...

Sensitive information posted on Lone Star’s website 

Lone hired security expert to determine the parameters of breach. It is observed that many unauthorized individuals accessed the information. The clinic is offering one year credit monitoring services to the affected patients.

Mudhenk told Roser that Lone Star was taking the breach seriously, that the organization wanted to assure patients that no financial information was impacted, and that only five individuals had their full or partial Social Security number exposed.

Previous Lone Star breaches includes below incidents:

  • Lone Star suffered a data breach in May 2013 after an employee’s laptop was stolen affecting Protected Health Information (PHI)
  • The online exposure of information happened to the District Medical Group (DMG) affecting an unknown number of patient’s protected health information (PHI)

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen server leads to data breach

February 18th, 2015 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Stolen server leads to data breach 

Three notices were sent to patients informing them about the data breach which was caused by burglary in California dentist Dr. Cathrine Steinborn’s office. Apparently, first notice didn’t contain enough information, as two more notices were sent.

“Your dental records and radiographs were fully backed up, so there will be no loss of continuity of care,” Steinborn wrote in the first data security notice. “However, your personal identity and insurance information is on the server and could be compromised.”

The first notification failed to notify patient’s the details of information may have been compromised by the data breach. Dr. Catherine explained that a door was forced open and the server containing patients’ electronic records was stolen.

A police report was filed and the dentist’s office is working with its property manager “to enhance the physical security of the building,” Steinborn explained.

Second letter mentioned that the dentist’s office does not store patients’ financial information, such as credit cards, or driver’s license numbers but keeps names, addresses, phone numbers, insurance information, dates of birth and group numbers on file. Also, patients’ Social Security numbers, as well as all patients’ health history and dental records are kept in office.

“Our server had two levels of password protection, but was not encrypted,” Steinborn said in the second letter. “Currently, our files are in the cloud, in an encrypted form. I will be having the new server encrypted. An IT specializing in HIPAA will complete a thorough risk evaluation and we will be implementing robust physical and IT security going forward.”

Final letter was about security aspects.

“We previously provided notice of this incident to you, and are providing you additional information about the incident and helpful information on protecting against identity theft and fraud.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach due to device theft

February 15th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Data breach due to device theft 

A medical facility in Tennessee suffered data breach when external hard drive was stolen from employee’s home. Along with hard drive, personal electronics were also stolen. The affected information includes patient demographic information, dates of birth, Social Security numbers, phone numbers, and first and last dates of clinic visits. In terms of employee data, the hard drive contained titles, office location, Social Security numbers, dates of birth, pay rates, hire dates, and termination dates (if applicable).

According to the Boston Baskin Cancer Foundation statement:

  • The employee was properly authorized to work on the data at home as part of his job.
  • The hard-drive was not encrypted
  • Patients and employees may wish to place a fraud alert on their credit reports. Questions may be directed to a toll-free helpline

Organization can consider below precaution to avoid data breach due to stolen devices:

  • Encryption of all the work devices – Smart phones, Tablets, Laptops and desktops
  • Passcode protection
  • IT security training for employees
  • Implementation of administrative, technical, and physical safeguards

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A box of documents spilled off of a courier truck

February 13th, 2015 by admin No comments »
Kaiser Permanente office building in the Lloyd...

A box of documents spilled off of a courier truck

Kaiser Permanente suffered possible data breach when a box of documents spilled off of a courier truck. Incident took place during transit of box from Kaiser Permanente’s Kona Medical Office to storage. The company is notifying about 6,600 patients which includes – 4,000 patients who has their prescriptions electronically filled and the information may have been printed and included in the box of documents. The other 2,600 patients had their prescription paperwork in the box.

“Swift action by Kaiser Permanente employees allowed the retrieval of many of the documents, but unfortunately, not all were recovered,” the statement explained.

The documents were expired prescriptions. Affected information includes names, addresses, dates of birth, and medical record numbers. Moreover, the type and amount of specific medications were on the papers.

“You may get a letter and still not be affected,” Kaiser spokesperson Laura Lott told the news source. “But, we’re being very cautious because it’s the right thing to do.”

According to Kaiser Permanente statement:

Organization will offer credit monitoring to members whose Social Security numbers or driver’s license numbers was potentially exposed.

We are taking this matter very seriously and will inform each of the individuals whose information may have been involved in the incident,” Kaiser Permanente said. “As part of our outreach we are advising affected individuals to contact one of the national credit reporting agencies (Equifax, Experian, or TransUnion) to place a fraud alert on their file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hard Drive Stolen from Employee’s home

February 10th, 2015 by admin No comments »
Inner view of a Seagate 3.5 inches hard disk d...

Hard Drive Stolen from Employee’s home  

A medical facility in Tennessee suffered data breach when employee was burglarized and the hard drive was stolen. Reportedly, the personal electronics was also stolen from employee’s home. According to the Baskin Cancer Foundation statement, the device contained patient demographic information, dates of birth, Social Security numbers, phone numbers, and first and last dates of clinic visits. In terms of employee data, the hard drive contained titles, office location, Social Security numbers, dates of birth, pay rates, hire dates, and termination dates (if applicable).

Highlights of the data breach and statement:

  • The employee was properly authorized to work on the data at home as part of his job.
  • The hard-drive was not encrypted
  • The affected individuals are patients who were seen at each of Boston Baskin’s office locations between 2008 and July 2014.
  • All affected individuals are being notified by mail.
  • Patients and employees may wish to place a fraud alert on their credit reports. Questions may be directed to a toll-free helpline

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen laptop may lead to data breach

February 7th, 2015 by admin No comments »
Laptop icon

Stolen laptop may lead to data breach 

Private behavioral and mental health non-profit organization may suffer data breach after it found out that several laptops were stolen from its Noblesville location, Indiana. Organization believed that laptops were not stolen for the information. The stolen laptops “may have resulted in the limited disclosure of personal information” for both employees and patients.

Affected information includes names, addresses, and Social Security numbers for employees and a few clients. Moreover, some clients’ medical record numbers and personal health information may have been on the devices. However, electronic medical records were not on the laptops. Aspire mailed notifications to approximately 45,000 individuals which included 1,500 Social Security number.

Aspire added that it is offering identity protection services to members whose information was potentially exposed.

“Our organization is committed to maintaining the privacy and security of the personal information in our control, and we sincerely regret this incident occurred,” Aspire President and CEO Rich DeHaven said. “We have taken steps to enhance our security, including upgrading our alarm and security systems. We remain committed to continually improving our IT and physical security to further protect our data and our clients.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Emergency bill by Maryland General Assembly

February 5th, 2015 by admin No comments »
Maryland legislative districts

Emergency bill by Maryland General Assembly

The Maryland General Assembly passed an emergency bill which is designed to highlight and implement certain aspects of HIPAA and patient privacy. According to the new bill, forms will be made available to patients allowing them to request confidential communications with their health insurer or provider. The new bill also allows patients to send their medical information to a different address other than residence.

“The bill also specifies that certain written notices from an insurer to a claimant regarding denial of a claim made on an individual health insurance policy and certain annual summary explanations of benefits provided to an insured are subject to confidential communications requirements under HIPAA privacy rule,” stated the bill.

Simply put, HIPAA Privacy Rule explains that individual can request sending of medical information to another location if he or she is endangered because of the disclosure of certain information.

“Privacy concerns may encourage an individual to delay or avoid seeking services or to pay out-of-pocket despite insurance coverage,” the bill stated.

 “This may present a barrier to care for sensitive services such as reproductive care, substance abuse, or mental health. While confidential communication protections are already required under the HIPAA privacy rule, they are not well known.”

“It is important for patients to have confidence in how clinicians and others use their sensitive health information,” Lucia Savage, chief privacy officer of the Office of the National Coordinator for Health Information Technology, told Clemson University, which helped conduct the study.

 “Patient-centered decision making in electronic health information exchange can inspire trust in health IT and the papers in the journal, along with this study, give us new insights on these issues.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hackers potentially compromise data of 80 million individuals

February 2nd, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Hackers potentially compromise data of 80 million individuals

Anthem, Inc.’s database was attacked by hackers potentially compromising the personal information of approximately 80 million former and current customers, as well as employees. The affected information includes  names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

According to a statement from Anthem president and CEO Joseph Swedish posted on the company website:

“Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”

Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach using “very sophisticated external cyber attack”.

“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he said.

Anthem will notify the affected individuals.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish said. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”

The HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) has been collaborating with Anthem since it discovered the breach.

“As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Security Breach due to stolen device

January 30th, 2015 by admin No comments »
See related blog post

Security Breach due to stolen device

Premier Home Health (Premier) may likely suffer data breach due to stolen laptop and cell phone from a nurse’s apartment. The incident puts PHI at risks for 2,700 patients.  Premier is an Senior Health Partners (SHP) business associate. According to SHP, laptop was password protected and encrypted.

An SHP press release mentioned that a laptop bag that contained both the laptop and the cellular device was stolen. The cell phone was not password protected or encrypted and  the encryption key for laptop was stolen with the laptop bag

According to the forensic expert hired by SHP, it was unclear if the laptop was inappropriately accessed. Affected information includes names, addresses, Social Security numbers, Medicaid ID numbers, dates of birth, phone numbers, type of medical services provided, diagnoses and health insurance claim numbers.

According to the statement:

 Senior Health Partners sincerely regrets that this incident occurred.  It takes the privacy and security of members’ health information very seriously and expects its vendors to do the same. SHP values the trust its members have placed in it as their health plan, and it is SHP’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.

Although there is no report of any attempted or actual misuse of member information, SHP has retained AllClear ID to protect its members’ identities. SHP members who have been affected by this incident will receive access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring. SHP has advised its members to contact the confidential assistance line or their Care Manager for more information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Possible data breach in UMASS

January 27th, 2015 by admin No comments »
University of Massachusetts Amherst

 Possible data breach in UMASS

The University of Massachusetts (UMASS) Memorial Medical Group (UMMMG) found out that an employee allegedly accessed patient billing information outside their normal job functions. UMMMG started investigating in depth for  breach issue and and notified local law enforcement.

UMMMG mentioned that this employee no longer works for the company. According to the reports,local law enforcement also discovered an unauthorized individual in possession of copies of patient billing information. Affected information includes patient’s names, addresses, dates of birth, medical record numbers, and Social Security numbers. Other information which may get affected includes phone numbers, email addresses and credit or debit card information used for payments to UMMMG.

According to the UMMMG statement:

We deeply regret this incident and any inconvenience it may cause our patients. To help prevent this type of situation from happening again, UMMMG is further strengthening its privacy and information security program, including identifying additional measures and enhancements to existing safeguards to protect patient information. UMMMG is also re-enforcing staff education regarding our policies and procedures to safeguard patient information.

UMMMG is committed to the security of patient information and we are taking this matter very seriously. We began sending letters to potentially affected patients on January 30, 2015, and have established a dedicated call center to assist patients with any questions.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Ophthalmology and Dermatology patients affected by data breach

January 25th, 2015 by admin No comments »
English: Acer Aspire 8920 (with 18.4 inch scre...

Ophthalmology and Dermatology patients affected by data breach

Laptop has been reported missing from Riverside County Regional Medical Center (RCRMC) in California which led to the data breach. The affected individuals include approximately 7,900 ophthalmology and dermatology patients. The organization’s chief compliance officer, Jan Remm, said that the hospital wasted no time in informing local law enforcement.

“We are taking significant measures to safeguard patient privacy and to restrict unauthorized access to computers and devices that potentially contain patient data,” Remm said in a statement. “The privacy of our patients is a fundamental priority in our organization and part of our commitment to quality healthcare.”

The laptop was unencrypted. Remm stated that there will be in depth investigation of the problem. Notification letters are being mailed to potentially impacted patients. Affected information includes names, addresses, dates of birth, Social Security numbers and health plan policy numbers.

Remm believes that laptop was not stolen for the information it contained.  According to the press release:

Remm said the hospital has significantly strengthened its inventory controls to prevent future loss of electronic devices, while cyber-security experts are currently encrypting all the organization’s computers and laptops to safeguard patient data.

Patients concerned about whether their information was stored on the laptop are encouraged to contact the RCRMC confidential assistance line staffed with professionals familiar with this incident.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Security Breach in California

January 20th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Security Breach in California

California Pacific Medical Center (CPMC) mentioned in recent press release that one of its pharmacist employees possibly accessed patient records with no apparent business or treatment reason. There is possibility of data breach due to this incident. As per the policy, CMPC terminated its relationship with the pharmacist employee when the incident was discovered. CPMC audit of its electronic medical record (EMR) system revealed the probable data breach.

Affected information includes the last four digits of patient Social Security numbers, clinical information, and prescription information. CPMC notified affected 844 patients about the incident. According to the press release:

 The type of information varied for each patient. While the employee potentially viewed the last four digits of some social security numbers, the employee did not have access to full Social Security numbers, driver’s license numbers, California identification numbers, credit card numbers or financial account information. CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity.

No action is required by the patients in response to CMPC’s notice.

CPMC takes patient privacy very seriously. CPMC has also reiterated to all staff that policy allows them to access patient information only when necessary to perform job duties and that violating this policy may result in loss of employment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Stolen cellphone causes data breach

January 18th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Stolen cellphone causes data breach 

 

Albany, New York-based St. Peter’s Health Partners revealed that its manager cellphone got stolen and may lead to potential healthcare data breach.  The affected entity involved emails from the cellphone. After the investigation by St. Peter’s officials, it was determined that the cellphone was not encrypted.

 

According to the reports, the stolen cellphone may have contained emails that included patient appointment scheduling information for St. Peter’s.  Emails within the stolen device did not include any health record information or information on inpatient hospital treatment or emergency care.

 

Officials at the healthcare facility said there is no indication that emails have been accessed or viewed at this time. According to the news source, they believed the theft was random. After the incident, St. Peter’s reviewed all mobile devices networked to its corporate email system to ensure security compliance in response to this incident.

 

Steps to prevent data breach – cellphones:

 

  • Proper antivirus should be installed on cellphones
  • Periodically change the password to the corporate accounts
  • Encryption of the cellphone
  • Don’t install malicious software
  • Visual notifications for abnormal activity
  • Biometric identification
  • Using secured network access
  • Conducting security audit
  • User awareness about the proper usage

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

HIPAA violation by County employee

January 15th, 2015 by admin No comments »
English: St. Louis County Courthouse in Duluth...

HIPAA violation by County employee 

The recent incident involved sending of personal information of inmates at a county jail to a personal email address. The Saint Louis County Department of Health is investigating a potential HIPAA violation. The affected data includes names and Social Security numbers of several inmates. The information is related to the inmates who are imprisoned at St. Louis County’s Buzz Westfall Justice Center from 2008 to 2014.

The number of affected individuals is not known. As per the county department, there is no indication that anyone other than the employee accessed the information.

“St. Louis County is strongly committed to patient privacy,” the statement said. “It is something we take very seriously. Even though there is no indication that there was any intent to use the information to commit fraud, it is important to make sure that those potentially affected are fully aware of the violation that occurred and fully aware of the steps they are advised to take at this point.”

Information related to free credit monitoring is not confirmed but the County Health Department explained that if an individual believed that their information was potentially included in the email, he or she should check with any of the three major credit bureaus.

The employee who sent the information currently does not work with County who earlier resigned after completing 25 years of services.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop theft leads to data breach

January 12th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Laptop theft leads to data breach

Sunglo Home Health Services patients were affected by the recent breach as laptop containing sensitive data was stolen from the Harlingen, Texas-based facility. According to the reports, the burglar broke into a van in the Sunglo parking lot and drove away after filling the vehicle with various tools and gear.

It happened that he returned and broke into the Sunglo building by breaking a window with a fire extinguisher and stole computer that held patients’ Social Security numbers and personal information, including PHI.

The numbers of affected patients are not known which also include elderly and disabled persons. Sunglo drives patients across the Valley in the vans, which are kept in a parking lot at the Harlingen corporate office.

“We’re just worried about the safety of the patients themselves because of the information. We had to contact local police to see what we could do,” Means told.

The potential suspect is behind the bar. Harlingen police arrested Matthew de la Cruz based on surveillance camera footage. The security aspect of the laptop was not known including the status of encryption.

“It leaves you uneasy, just something that was there that you can’t recover, it’s an uneasy feeling,” Means told Action 4. “We don’t really want this to happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unencrypted computer stolen from IEHP

January 9th, 2015 by admin No comments »
Desk full of laptop computers

Desk full of laptop computers (Photo credit: Wikipedia)

Inland Empire Health Plan (IEHP) revealed that an unencrypted desktop computer was stolen from its Rancho Cucamonga facility. The affected information includes names, IEHP member ID numbers, dates of birth, addresses, phone numbers and dates of past or future appointments.

Children’s Eyewear Sight was the owner of the machine, which is a participating provider with IEHP that provides vision services. Social Security numbers were not present on the stolen computer.

“Rancho Cucamonga police were notified of the incident and subsequently apprehended a suspect,” IEHP stated on its website. “At this time, there is no evidence that the information has been accessed. The desktop computer was password protected, but the data was not encrypted.”

According to the statement:

The Compliance Department at IEHP has taken appropriate steps to report this incident to the Department of Health Care Services (DHCS), the Department of Health and Human Services (DHHS), the California Office of Attorney General (OAG) and to local media.

While there is no indication that your information will be used for fraudulent activities,IEHP would like to offer you the option of applying a confidentiality alert to the electronic record maintained by IEHP.

IEHP takes its duty to secure the personal information of our Members very seriously, and we appreciate the trust you have placed in us by choosing us as your health plan,” the letter stated. “We apologize for any inconvenience this may cause you.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Settlement of $12,000

January 6th, 2015 by admin No comments »
English: Indiana Attorney General Greg Zoeller

Settlement of $12,000

Indiana’s Attorney General finalized a settlement with Dr. Joseph Beck. Earlier 60 boxes of Beck’s patient records were found in a dumpster. Beck agreed to pay a $12,000 penalty in a consent agreement with the state. Dr. Joseph Beck works as a dentist who was accused of mishandling 5,600 patients’ medical records.

“In an era when online data breaches are top of mind, we may forget that hard-copy paper files, especially in a medical context, can contain highly sensitive information that is ripe for identity theft or other crimes,” Attorney General Greg Zoeller told. “This file dump was an egregious violation of patient privacy and safety.”

There are series of charges against beck which includes fraudulent billing and negligence. The affected information includes Patient names, medical records, phone numbers, dates of birth, Social Security numbers, insurance cards, insurance information and state ID numbers. The incident happened when Beck hired the third-party company.

“The amount of sensitive, personal data that is stored online is growing every day, and the risks are obvious as more people are impacted by massive corporate data breaches or individual identity theft that can imperil a consumer’s good name and credit rating,” Zoeller said, according to the Indiana Attorney General website. “Our existing laws are proving inadequate to address this global crime, and we must sharpen our legal tools and take action to keep Indiana on the forefront of protecting consumers.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Discharge Paper work causes data breach

January 4th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Discharge Paper work causes data breach 

Around 20 patients suffered data breach when their medical information was passed to other patient along with her discharge papers. The breach in Medical Center of Aurora apparently gave Karen Billings seven pages of operating room records after her hospital release.

The information contained Protected Health Information (PHI) for other patients. The data also included patient names, dates of birth, the doctor’s name, the procedure done, and the prescribed medication.

“I was shocked. I was mad. I was hurt that I had somebody else’s information,” Billings said.  “I wouldn’t want my stuff out there.”

In a statement, the healthcare organization said that it takes the protection of patients’ private information very seriously.

“We were made aware that one day’s surgery schedule was mistakenly given to a patient on November 22nd and, per policy, our Facility Privacy Official immediately began an internal investigation and we are notifying the affected patients,” the statement read. “We are committed to protecting the privacy of our patients and are reviewing internal procedures to determine additional safeguards we should implement.”

The affected individuals were shocked to get the data breach information from media rather than Medical Center of Aurora itself.

“If the doctor knew about it, the administrators knew about it, the hospital knew about it, then they should’ve been proactive instead of waiting, trying to hide it,” Scott Anderson told the news station.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Cyber Security breach affects 485K USPS Workers

January 2nd, 2015 by admin No comments »
English: United States Postal Service headquar...

Cyber Security breach affects 485K USPS Workers 

The breach in United States Postal Service (USPS) has affected around 750, 000 employees, as well as the data of 2.9 million customers. According to the reports, breach also potentially compromised 485,000 employees’ health information. Injury diagnoses, procedure codes, and the physical location of bodily harm were possibly exposed in the breach.

The affected information also includes names, dates of birth and Social Security numbers. The affected individuals include employees, former employees, and retirees who filed for workers compensation.

“The Postal Service took steps to obtain current addresses for as many affected employees as possible through private contractors who used, among other sources, the Postal Service’s own National Change of Address database,” USPS spokesman David Partenheimer said in a statement.

Partenheimer also told that all employees, former employees and retirees whose medical information may have been exposed received a notification letter last month.

According to the statement:

“The privacy and security of employee and customer data is of the utmost importance to us. Despite devoting a lot of time and attention to the security of our information systems, the Postal Service joins the list of major companies and government agencies that have had similar cyber intrusions,” the company said in its November statement. “The remediation efforts we took to address the cyber breach have resulted in an even stronger system to protect our data.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Reachout Home Care Services suffered data breach

December 30th, 2014 by admin No comments »
English: Laptop

Reachout Home Care Services suffered data breach

Theft of stolen laptop caused data security breach for the Reachout customers who live in the Dallas/Fort Worth area. According to the Reachout Home Care Services, their stolen laptop was unencrypted and contained protected health information (PHI).

According to the statement, 5,000 individuals had their information potentially exposed. The incident of theft occurred at the offices of ReachOut Home Care in Richardson, Texas. The computer contained names and claims data for patients. In some cases, Medicare identification numbers were included.

According to the statement:

At this time, ReachOut Home Care has no reason to believe the information has been used inappropriately. ReachOut Home Care is in the process of notifying all of its customers whose information was on the computer and will provide individuals whose Medicare identification number was included free access to a credit-monitoring service that can help them protect against potential misuse of their information.  We are strongly encouraging these ReachOut Home Care customers to enroll for the free service.

While ReachOut Home Care has policies and procedures in place to maintain the security of its members’ information, we are taking additional steps as a result of this incident. These steps include a comprehensive review of our technical security procedures with ReachOut Home Care and an inventory and review of all ReachOut Home Care equipment that maintains protected health information to ensure that all equipment has been encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop stolen from Car

December 25th, 2014 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Laptop stolen from Car 

According to the company statement, DJO Global employee’s laptop was stolen from a locked car in Roseville, Minnesota. While the laptop was password protected but it contained personal patient’s information. According to the company, apart from password protection, the laptop had firewalls, anti-virus software, logical access control and tracking/remote management software.

The affected information includes patient names, phone numbers, diagnosis codes, DJO products received by patients and the dates that products were ordered or shipped. According to the reports, information about doctors that tended to patients may have been included in the laptop.

“Since learning about this incident, we have been working very closely with data privacy experts,” the statement read. “As of today, we have conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.”

The affected numbers of patients is not disclosed by the DJO but all the affected are informed about the breach. No credit card information was included but a small number of Social Security numbers were present on the laptop.

“Please be assured that we also are taking reasonable steps to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again,” DJO said.

According to the statement:

  • Since learning about this incident, DJO have been working very closely with data privacy experts.
  • DJO has conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data breach involves Veterans

December 23rd, 2014 by admin No comments »
VA Medical Center in Long Beach, California

Data breach involves Veterans

Contractor’s flaw lead to the data breach which exposed sensitive information of around 7000 Veterans. The department of Veterans Affairs (VA) notified the incident and also told to the press that the vendor was providing home telehealth services to veterans. The breach was caused because of potential flaw in a vendor’s system.

“An investigation was immediately initiated and security scans were conducted by VA, which confirmed the concern,” the spokesman said. “The contracted vendor has assured VA that only vendor staff and VA staff had accessed this information. The security flaw in the vendor database was immediately corrected and VA continues to closely monitor the application.”

The affected information includes names, addresses, dates of birth, phone numbers and VA patient identification numbers.  Veterans are offered complementary credit protection services.

The VA didn’t disclose the name of the vendor but according to the reports, this particular data leak till now has not caused security problems. The information was potentially seen after a database was inadvertently exposed online.

The latest data breach has raised yet another concern in VA’s data security aspects. Earlier, the agency has also failed its annual cybersecurity audit. VA Chief Information Officer Stephen Warren presented the audit results at a House Veterans Affairs Committee hearing.

“Specifically, by not keeping sufficient records of its incident response activities, VA lacks assurance that incidents have been effectively addressed and may be less able to effectively respond to future incidents,” the GAO report stated. “In addition, without fully addressing an underlying vulnerability that allowed a serious intrusion to occur, increased risk exists that such an incident could recur.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data accessible on third party website

December 21st, 2014 by admin No comments »
English: Mercy North Medical Center

Data accessible on third party website

Redding, Calif.-based Mercy Medical Center found out that physician progress notes were publically accessible on a third-party website. Potentially affected patients took the treatment at Mercy Medical. Data breach doesn’t include Social Security numbers and other financial information.

The affected information includes patient names, medical record numbers, dates of birth, ages, dates of service, diagnoses, medications, review of systems, current therapies, and treatment plans.

“We sincerely regret this incident occurred and are taking appropriate measures to prevent any similar incident in the future, including continuing efforts to educate staff and physicians on securing medical information,” Michelle Kirby, Dignity Health Service Area Compliance Director mentioned on the letter which was posted on the California Attorney General’s website.

According to the reports, patients’ information is not believed to have been accessed inappropriately. Kirby suggested that patients can contact one of the three major credit bureaus and place a fraud alert on their credit file.

According to the statement, Mercy Medical simply explained that “Upon discovery the third party removed the link from their website rendering the information no longer accessible.”

Points to be considered:

  • Facilities should be active in implementation of security measures
  • All aspects of security should be considered instead of focusing on one
  • Proper training of the staff

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Northwestern Memorial laptop stolen

December 19th, 2014 by admin No comments »

 

 

English: Acer Aspire 8920 (with 18.4 inch scre...

Northwestern Memorial laptop stolen

 

Data breach occurred when Northwestern Memorial password protected, unencrypted laptop containing patient information was stolen from inside of employee’s vehicle. The affected information includes patients’ names, addresses, dates of birth, health insurance information, billing codes, date of services, physician’s name, medical record numbers, diagnosis, and treatment information. In a few cases, Social Security numbers might have also been compromised.

According to the statement on the website:

“We deeply regret any inconvenience this may cause you,” the statement read. “NMHC has a robust privacy and security program, including encryption of laptop computers. To help prevent something like this from happening again, NMHC is confirming and ensuring encryption of all laptop computers and reinforcing education with our staff on the importance of handling patients’ information securely.”

Northwestern Memorial has notified around 3,000 patients that their PHI was potentially compromised. According the reports, there is no malicious use of data. However, notification letters were sent to potentially affected patients and individuals are urged to reach out to a dedicated call center if they have any questions or concerns.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach may affect 200,000 individuals

December 17th, 2014 by admin No comments »
MSI laptop computer

Data breach may affect 200,000 individuals  

Belle Glade office of Family Central, Inc. in Florida suffered data breach when former employee accessed the electronic database inappropriately. The said database manages the personal information of individuals applying for or receiving services from the coalition.

“The security breach compromised the personal information of individuals whose data is contained in the system, including parents and children residing in Palm Beach County who have received school readiness services or participated in the Voluntary Prekindergarten Education Program,” the statement read.

According to the reports, federal officials are investigating the incident. Individuals who have received services from the organization are encouraged to carefully monitor their credit history and enroll for free fraud alerts with one of the three major credit agencies.

“Family Central has implemented additional security measures including expanded security training for all employees, further restricting access to the information system and revising data security policies,” the statement said.

Currently, 177 individuals are affected but the number can grow.

According to the statement published on company’s website –

Individuals who have received services from the coalition and Family Central, Inc., may wish to review their credit history for any potential fraudulent or suspicious activities they have not authorized.  To protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files.  A fraud alert notifies creditors to contact individuals before opening new accounts in their name.  

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Children Art Project and Data Breach

December 12th, 2014 by admin No comments »
English: Compact Disc Nederlands: Compact Disc

Children Art Project and Data Breach

A healthcare data breach was caused by what started as goodwill attempt when a health system employee mistakenly donated CDs having patients’ protected health information (PHI) for children’s projects.

According to the reports, Virginia Commonwealth University Health System (VCUHS) employee took CDs that were no longer needed for the organization’s services and gave it to Children as a reference for art project.  The affected information includes patients’ full name, and one or more of the following: home addresses, dates of birth, medical record numbers, clinical information and health insurance information. A few of the CDs also contained Social Security numbers.

The website statement didn’t mention about the number of individuals affected but likely more than 1,000 medical information records were involved.

“What began as a well-intentioned philanthropic effort by a staff member wanting to help turned into a serious mistake that we are working very hard to remedy,” John Duval, CEO of MCV Hospitals and Clinics, said in a statement. “This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients.”

VCUHS has revised its protocols regarding media destruction and will intensify its efforts to protect all sensitive information, Duval added. VCUHS said that it also re-collected most of donated CDs.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Subcontractor mishandled sensitive information

December 10th, 2014 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Subcontractor mishandled sensitive information

A potential data breach was caused because of information mishandling by  a health insurance subcontractor. According to the reports, WellCare Health Plans notified 47 Medicare subscribers at the end of November that their protected health information (PHI) was breached. Around 500 people were affected by this incident.

Social security numbers and other financial information were not exposed. Also, information regarding specific diagnosis was not revealed. A total of 47 people were notified in Monroe County along with more than 500 people in New York.

“When the error was discovered, WellCare sent postage-paid envelopes to the members who were believed to have received the inadvertent mailings,” the Democrat & Chronicle stated.

According to the reports,

The insurer said it was not aware of misuse of anyone’s information. Nevertheless, it urged the 47 individuals to review their credit card bills and other financial statements. The insurer is providing one-year credit protection.

The breach was a violation of the Health Insurance Portability and Accountability Act. Crystal Walker, director of public relations, said WellCare learned on Nov. 3 that a vendor had a computer coding error, which caused denial letters to be sent to the wrong members. The information included the person’s name, address, member ID number and general descriptions of the procedure, such as evaluation, radiology or administrative. No specific diagnoses were revealed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Series of lawsuits against Good Samaritan

December 7th, 2014 by admin No comments »
Legacy Good Samaritan Hospital & Medical Cente...

Series of lawsuits against Good Samaritan

Troy, NY-based Good Samaritan Hospital breach has various pending lawsuits from seven parties which include four current or former correction officers, a jail employee, the family of a correction officer on behalf of a minor child, and a private individual who sued the county.

“Rensselaer County has paid $25,000 in a court award and set aside $90,000 for expected legal fees in a flurry of lawsuits brought by jail officers and others whose medical information was viewed for years by employees using a computer in the jail nurses’ office,” the article stated.

Good Samaritan has earlier notified 23 people about data breach which resulted from stolen data from Rensselaer County Jail’s nurse’s station. The recent example involved inappropriate access to girl’s record. Case was resolved by parents agreeing for $25,000 settlement. Incident involved next door neighbor who is Rensselaer County Jail officer reportedly gaining access to the girl’s data.

To safeguard information companies should follow below steps:

  • Keep all HIPAA safeguards up-to-date
  • Training employees for importance of securing the data
  • Staff members must understand what type of medical access is appropriate
  • Proper HIPAA technical safeguards can monitor when employees log in, and whether that access is necessary

One should understand importance of technical safeguards whose definition goes by:

The technology and policies meant to protect electronic health information is safe. There used to be two divisions for this safeguard called “technical security and mechanisms” and “technical security services.” Covered entities are not forced to choose a specific type of technical safeguard as long as what they choose permits them to remain HIPAA certified and compliant.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Second Data Breach in one Month

December 4th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Second Data Breach in one Month 

Visionworks suffered two incident of data breach in span of two months which involved compromised protected health information (PHI). According to the reports, individuals who received services at Visionworks’ Jacksonville, Fl. are notified about the incident. During computer upgrade, a database server was lost which resulted in breach.

“The server potentially held partially unencrypted protected health information belonging to approximately 48,000 of the store’s customers,” the statement read. “All credit card information housed on the server was encrypted, and therefore should not be at risk. Customers’ exam information was not stored on the lost server.”

Visionworks also added that there is no potential reason for any misuse of the data on the server.

“Nevertheless, in an abundance of caution, Visionworks is notifying the customers potentially affected by the incident and informing them of the associated personal risks,” according to the statement. “In addition, Visionworks will provide those customers with free credit monitoring for one year.”

First data breach in Visionworks also involved a missing computer server that was lost during scheduled upgrades. As per the reports, around 75000 Visionworks customers were affected in that incident. The Visionworks stated that it was believed that the server was sent to one of the landfills along with other “miscellaneous refuse.”

According to the company’s statement:

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Dumpster Case Settled

December 2nd, 2014 by admin No comments »
English: Midwest Genealogy Center, Independenc...

More than 1,500 women in Missouri got affected by data breach

More than 1,500 women in Missouri got affected by data breach when their protected health information (PHI) was compromised after their personal records blew out of a dumpster on a windy day. According to the reports, Midwest Women’s Healthcare Specialists have decided to settle the case by paying amount of $400,000 to compensate the patients for the PHI exposure. All the affected patients will get the share from the victim’s fund.

“Both sides worked very hard to get this resolved quickly, and to seek justice for all of those involved,” plaintiff attorney Maureen Brady told the news source.

The affected records include patients’ names, Social Security numbers, addresses, procedures and tests performed. Papers were scattered up to several blocks away by the wind.

“At Midwest Women’s Healthcare we take patient privacy very seriously,” a spokesperson said in an email to the news station back in May. “We continue to thoroughly investigate this issue and will take appropriate action based on our findings. Midwest Women’s Healthcare is in the process of determining which patients may have been affected and intends to notify them as soon as possible.”

After the judge’s approval, the letters will be sent to patients explaining process to receive funds. The decision and status to implicate Midwest Women’s Healthcare for HIPAA violations by Department of Health and Human Services (HHS) is not known. Civil penalties from HIPAA violations, added to any compensation sought by potential victims could add up to amounts.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Former employee’s unauthorized access causes data breach

November 30th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Former employee’s unauthorized access causes data breach

Health care security breach was caused due to theft of 35 computers and 34 scanners by former IT contractor of Franciscan Health Systems. Three affected Washington hospitals are working to solve the lapses. According to the reports, the former employee Justin Page accessed one hospital six times, an administrative office 24 times, and an education and support facility eight times.

“We’re going to find the discrepancies in our system and make sure it doesn’t happen again,” Scott Thompson of Franciscan Health Systems told the news source. “We’re right now taking some internal review of all those policies and procedures, to make sure we’ve figured out why this happened and make sure it doesn’t happen again.”

Justin Page kept his active security pass months even after he had completed his work for the company. He is charged with stealing $100,000 in computers, scanners and other equipment from three Franciscan facilities. Court documents indicate Page attempted to sell the hardware to help pay for an expensive pill addiction. A man identifying himself as the suspect’s grandfather said Page was feeling sorry.

According to the preliminary reports, Patients’ Protected Health Information (PHI) might not have been affected. Organizations need more stringent administrative and technical safeguards to prevent such incidents. It is always advisable to keep track of individual’s activities having sensitive data access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Detroit hospitals hit by Medical Identity Theft

November 27th, 2014 by admin No comments »
English: Harper Hospital, Detroit, Michigan

Detroit hospitals hit by Medical Identity Theft

According to the reports, two hospitals in Detroit were affected when two thieves stole Protected Health Information (PHI) of around 1,400 people. The purpose of the thieves was revealed when phony tax refunds were filed for around $500,000 using the stolen data.

A search warrant was issued and the investigation led to confiscation of stolen information, which included bank records, credit cards, “stacks of hospital patient records” and hand written notes that included individuals’ names, dates of birth, and Social Security numbers. The accused Markitta Washington, 29, and Martez Lear, 29 allegedly took patient records to file false tax returns in other people’s names. Washington is a former employee of Henry Ford West Bloomfield Hospital and DMC Harper Hospital.

“Criminals should know that while technology has made it easier than ever for them to commit identify fraud, technology is also making it easier for law enforcement to catch them,” U.S. Attorney Barbara McQuade said in a statement. “We are making enforcement of identity theft a high priority because this crime has become so pervasive and can be so damaging to victims.”

Henry Ford spokesman David Olejarz told that the hospital takes the misuse of patients’ information very seriously and that the conduct of a former worker does not represent the entire hospital staff.

Approximately 1,000 patients’ PHI from DMC Harper was found in the home of the two suspects. After the investigation, Washington’s access to the computer systems was revoked.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Brigham and Woman’s Hospital suffered data breach

November 24th, 2014 by admin No comments »
MSI laptop computer

Brigham and Woman’s Hospital suffered data breach 

Brigham and Woman’s Hospital (BWH) laptop was stolen which may have exposed Protected Health Information (PHI) of certain individuals. An armed robbery off hospital ground led to stealing of BWH physician’s laptop and cell phone. According to the reports, physician was forced by the robbers to reveal pass codes and encryption keys.

“Possession of the pass codes/encryption keys along with the devices themselves could provide an individual the ability to view information stored on the laptop or cell phone,” BWH said. “The theft was immediately reported to the Boston Police Department.”

The hospital is unaware of the devices and the status of information access by the robbers is unknown. The devices include information about patients receiving treatment at BWH’s Neurology and Neurosurgery programs. The affected patients count stands at 999 for breached information which includes Patient names, medical record number, age, medications, and information about diagnosis and treatment. Social Security numbers or other financial information was not present on the devices.

“Upon learning of this theft, BWH initiated a thorough investigation, including the creation of a multidisciplinary workgroup to respond to this incident,” the statement said. “BWH is currently reviewing related policies and procedures in an effort to determine if there are steps that BWH can take that may decrease the likelihood of reoccurrence of this type of incident in the future.”

The hospital started sending letters to potentially affected patients asking them to report any illegal activity.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI exposed on emails

November 22nd, 2014 by admin No comments »
Anthem Blue Cross-Blue Shield office in Denver.

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line.

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line. It is not known whether the act of sending PHI in email is considered as data breach. The email was related to routine checkups and preventative screenings with their doctors. But the email also included information like age range and language along with possible medical screening tests – marked “Y” for recommended tests and “N” for tests not listed in the email.

This information is certainly sensitive, as you can imagine, because a call for certain tests, and frequency, could indicate a health problem,” wrote one female Anthem patient who received the email.

The woman said she received the following subject line from her health insurer:

Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N

“We know that patient privacy and security is just as important as having the most comprehensive medical records,” Mark Morgan, president of Anthem Blue Cross, told a reporter at the time of the HIE announcement. The incident occurred when the Anthem Blue Cross is working to further expand in the health IT world.

Blue Shield of California and Anthem Blue Cross has combined strength of 9 million customers in a new comprehensive network, Cal INDEX.

“Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider,” said Jonathan Mayer, a computer scientist and lawyer at Stanford who specializes in data security and privacy.

He added, “It’s especially bad when the information is in the subject line because who knows where that could pop up — on a desktop, a phone.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Computer server goes missing

November 20th, 2014 by admin No comments »
Headquarters of the insurance company in Pitts...

Headquarters of the insurance company in Pittsburgh, , . Address 120 Fifth Ave., Downtown. (Photo credit: Wikipedia)

A subsidiary of Pennsylvania-based health insurer Highmark Inc., Visionworks is facing potential data breach when its computer server went missing from Annapolis store.  Though safeguards and measures exist, incident like this happens when there is negligence in handling computers and data storage devices.

According to the reports, server consisted of partially encrypted Protected Health Information (PHI) which doesn’t includes Social Security numbers. The total of the affected patients stands at 75,000 customers. According to the Visionworks, Customer credit card numbers were encrypted.

Lisa Martinelli, the chief privacy officer for Highmark Health told that company is currently in the process of notifying affected patients. She also told that customers are offered free credit monitoring for one year.

According to the Statement:

An investigation is currently underway to locate a missing database server, which was replaced on June 2, 2014 during scheduled upgrades.

While the location of the server has yet to be determined, it is believed to have been sent to one of the store’s local landfills along with other miscellaneous refuse. At this time, there is no reason to believe that any of the information residing on the server has been accessed or used inappropriately.

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Bon Secours suffers data breach due to former employee

November 17th, 2014 by admin No comments »
Français : Rue Bon Secours, à Nantes

Bon Secours suffers data breach due to former employee.

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Medical records in Dumpster

November 15th, 2014 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

Medical records in Dumpster

Another case of improper disposal came to notice in Texas when medical documents containing “sensitive personal information” were spotted in a dumpster outside of a church in Alamo Heights. Affected information includes patients’ medical records and PHI from the offices of Dr. Huyen Nguyen and Dr. Orlando Kypuros. Affected information includes Patients’ medical conditions, Social Security numbers and driver’s license numbers.

“We were shocked that such information was found unsecure and outside our office,” Nguyen and Kypuros said in a statement to the news station. “Upon discovery of the breach, we immediately investigated the incident to determine how it occurred. Our investigation revealed that some of our employees were not following our office policy, which required protected health information to be shredded. Instead, they were placing the documents in a recycling container.”

After the breach, doctors ‘until further notice’ terminated the recycling program, counseled and retrained all employees, and revised their policies and procedures to ensure that such situation never happens again.

“We are in the process of identifying all affected patients and providing written notification in compliance with state and federal law, which will provide notification of the breach and directions for placing a fraud alert on a credit report,” the statement read.

Affected patients with most sensitive information were contacted personally by the doctor’s office and free credit monitoring services for one year has been setup. Number of affected patients is not known but all the records are under lock and key while the search for an explanation begins.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Community Center ID Theft

November 12th, 2014 by admin No comments »

 

http://openclipart.org/clipart/people/magnifyi...

Community Center ID Theft

A nonprofit system of health clinics in Florida suffered data breach due to identity theft criminal operation. The affected clinic Jessie Trice Community Health Center said that patient’s information was targeted. According to the reports, personal information that was stolen includes Patients’ names, dates of birth and Social Security numbers.

 

“The leadership of Jessie Trice Community Health Center, Inc. deeply regrets this incident and is working vigorously and diligently assessing how to mitigate future risks to all patients and has implemented new procedures and protocols to protect patient information so that this type of theft cannot reoccur,” Jessie Trice president and CEO Annie Neasman explained in the statement.

 

The incident is under investigation by FBI and IRS. Total count of affected patients stands at 7,888 and are notified about the breach. The organization has retained a leading data breach response vendor to work with patients through the process.

 

For additional information about the JTCHC data breach, statement asks to contact their corporate office. According to the statement, no medical records were obtained or have been compromised. The mode and how the theft occurred are not clear. But the statement mentions that immediate action steps are underway to ensure clients protection.

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

No Heath Data Encryption in Federal Sites

November 9th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

No Heath Data Encryption in Federal Sites 

Individuals used AIDS-related medical services information on government health websites which lacked health data encryption. In the recent times health care security is on high priority agenda and lapses like federal websites demands for change.  According to the reports, government is taking initiatives to secure the data. The sites have possible risk of exposing the identities of visitors as private information, like the actual latitude and longitude location of visitors.

“The sites and apps did not themselves track visitors, but their data was handled in ways that could have enabled monitoring by employers, universities or others with access to the data flowing between individual devices – such as computers and smartphones – and the Internet.,” the news source reported.

Steve Roosa, a partner at law firm Holland & Knight, first made the health data encryption discovery. Roosa explained that as part of HIPAA, the Department of Health and Human Services (HHS) enforces federal healthcare privacy rules when personal medical information is handled by private entities.

“It is somewhat shocking, and more than a little ironic, that HHS has opted not to adhere to its own standards here, when the failure to do so puts sensitive health information at risk,” Roosa said in the report.

Aids.gov was one of the website and its Director Miguel Gomez said they started automatically using encryption for all of its users. Since 2010, the website transmitted unencrypted location information of users searching for healthcare providers online. However, the site started offering encryption services – for those who knew how to use it – since last year.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Barriers for big data, mobility, and cloud technology in heath sector

November 6th, 2014 by admin No comments »
Computer-blue

Barriers for big data, mobility, and cloud technology in heath sector

With the evolving technology, the healthcare security is major issue which needs due attention. Many healthcare organizations are wary of using services like big data, mobility and cloud technology mainly because of security concerns. Dell recently surveyed around 2,000 global organizations which confirm that numerous industries are not using evolving technologies because of security consideration. According to the survey:

  • 44 percent of IT decision makers consider security the biggest barrier for expanding mobility technologies
  • 52 percent of respondents said it was a hindrance to using cloud computing
  • 35 percent of surveyed IT decision makers said that security was a barrier for leveraging big data
  • 30 percent of respondents said they have the right information available to make risk-based decisions.
  • One in four organizations said they have a plan in place for all types of security breaches
  • 43 percent of respondents said that security resources are primarily spent on protecting against hackers
  • 37 percent reported that adhering to compliance regulations were the primary security expenditure

“Despite mounting security risks and increased reliance on the Internet and technology to run their businesses, many small and midsize organizations are underprepared to deal with today’s security threats, let alone those of the future,” SMB Group Partner Laurie McCabe said in a statement. “These companies know that disruptive technologies like cloud, mobility and big data can drive innovation and create competitive advantage. But it’s often difficult for them to take a strategic approach and overcome security concerns in order to fully harness the potential.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New Healthcare Apps possess security threat?

November 4th, 2014 by admin No comments »
English: Texas Children's Hospital Complex in ...

With the growth in technology, healthcare organizations are implementing policies to secure data.

With the growth in technology, healthcare organizations are implementing policies to secure data. But there are few application loopholes which may lead to severe data breach.

Founder and Chief Medical officer Dr. Joshua La told that the application has more than 150,000 users in six countries including the US, Canada, UK and Australia.

“In Australia, a customized consent form can be signed by patient or representative before images can be taken,” Landy said. “After that images are reviewed by privacy moderators to make sure they have educational value. [They are] being taken respectfully, there’s no sensationalistic images.”

Bryan Vartabedian, a pediatric gastroenterologist at Texas Children’s Hospital wrote in his blog post that the overall concept makes sense as images in medicine are a good way to teach. He is also wary of Figure 1 and what it could mean to patient privacy.

“There’s a difference between de-identification of images on a level that’s compliant with health privacy law and de-identification that respects a patient’s wishes,” Vartabedian wrote. “I operate within the understanding that if a patient can individually identify their own leg, finger, laceration within an image, they should understand very clearly that the image is headed for the very public domain.”

Healthcare professionals must follow rules to keep patients’ protected health information (PHI) secure, even if they are working to improve a patient’s health.

“In the old days medical images never left the medical library or the glossy paper on which they were printed,” he said. “But times have changed, technology is advancing faster than the discussion surrounding its use, and we have to think carefully about how we repurpose and share the images of those under our care.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Doctors Can Be Sued

November 2nd, 2014 by admin No comments »
Connecticut Supreme Court

According to the Connecticut Supreme Court ruling, doctors can be sued for HIPAA Negligence.

According to the Connecticut Supreme Court ruling, doctors can be sued for HIPAA Negligence.  Recent case involves Emily Byrne who claimed that Avery Center for Obstetrics and Gynecology in Westport violated her right to privacy. According to the reports, she didn’t want to share information about her pregnancy with the father of the child, with whom she was no longer in relationship.

The suit mentioned that the organization failed to make any communication with Byrne for his consent before releasing her medical file.

“Before this ruling, individuals could not file a lawsuit claiming violation of their privacy under the (Health Insurance Portability and Accountability Act of 1996) regulations,” Trumbull lawyer Bruce Elstein told the news source. “It was for that reason that we filed a negligence claim, claiming the medical office was negligent when it released confidential medical records contrary to the requirements set forth in the regulations.”

According to Byrne, she suffered agony when the father of her child used her personal information for “a campaign of harm, ridicule, embarrassment and extortion.”

The Connecticut Supreme Court agreed that a violation of HIPAA regulations may result in a violation of commonly accepted standards of care. This is the first instance that Connecticut’s Supreme Court has ruled regarding HIPAA negligence. The state now joins Missouri, West Virginia and North Carolina in similar rulings.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Moving into new location aggravate reasoning for two data breaches

October 29th, 2014 by admin No comments »
English: Tennessee State Capitol in Nashville,...

Moving into new location aggravate reasoning for two data breaches.

The Metro Public Health Department in Nashville, Tennessee is facing its second data breach when a file cabinet containing files of HIV patients was accidentally sent to a Metro school instead of surplus warehouse. The files were decade old and Health department is monitoring its process of how files are handled during a move to avoid such incident.

The first breach involved missing 1,700 index cards with names, dates of birth, Social Security numbers, addresses and medical coding after the department moved to its new building. The information affected patients in the Children Special Services (CSS) program.

“We are letting them know we started an investigation immediately and we do not believe, according to our investigation, that any of their information was accessed,” health department spokesman Brian Todd told an ABC affiliate at the time. “We believe those index cards probably ended up in a landfill.”

The health department is taking extra efforts to train staff for process and information related to HIPAA laws, patient identification and security.

Todd added that when the department realized those files were missing, it did a “thorough review of all files that were moved from the old building to the new building.” No other files were found to be missing, so if an individual came for any other service, were not impacted, Todd said.

Health department announced it was offering all the impacted people one year of free identity protection through AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Record stolen from doctor’s storage shed

October 25th, 2014 by admin No comments »

Dr. Nisar A. Quraishi came to know that both latches on the shed door of his office’s storage facility had been cut and medical records of patients he had treated was stolen. According to the reports, approximately 40,000 patient records containing protected health information (PHI) were missing. The records reportedly included patients’ Social Security numbers, dates of birth, home addresses and medical histories.

Quraishi said he had “no idea” who broke into the shed and that he had not been to the property since Aug. 10, at which point the shed was still secure, the news source reported. Quraishi became aware of the issue when he was contacted by a neighborhood resident that the lock was broken. Quraishi also told police he was unable to immediately provide any of the names of the patients whose records were stolen from the shed.

While conducting investigation, police said there were no security cameras or witnesses in the area or at the scene. According to the Journal, neighbors weren’t even aware that a break-in had occurred in the first place. It was also reported that the first floor of Quraishi’s office “is a gutted, empty space with exposed beams and no carpet.

A spokeswoman for NYU Langone Medical Center, where Quraishi has been employed since January, said the stolen records were not of NYU Langone patients.

“The patient records involved were from Dr. Quraishi’s private practice … and therefore do not include any treatments provided by him since his employment with NYU Langone as of January 2014,” said Lisa Greiner, senior director of institutional communications at NYU Langone Medical Center. “The medical records of patients who were treated at NYU Langone by Dr. Quraishi are not part of the breach in question.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

X-Ray films and data exposure

October 23rd, 2014 by admin No comments »

California healthcare facility suffered data breach when improper disposal of information affected PHI. Graybill Medical Group notified patients of a potential data breach after X-ray films were accidentally taken out with the regular trash. It was meant to be sent to a waste disposal company.

According to the reports, the films set for disposal were placed in a trash liner bag but the employee who was supposed to take them to the disposal company was ill.

“Later that evening or early the next morning, our janitorial service gathered the films, believing they were to be disposed of as ordinary trash,” Arena said in the release. “That bag was then taken to a dumpster and collected by the waste disposal company. When this was discovered the following day, we attempted to locate the films in the dumpster but it had already been emptied.”

Graybill tried to possess the information by reaching to trash company but was informed that they had already been taken to a landfill and were irretrievable.

“Of the total group of X-ray films that were taken during that period, only a small percentage were to be destroyed,” Arena explained. “Unfortunately, because we do not know which films were in the group set for destruction, we are taking the extra precaution of notifying all patients who had X-rays taken during that time.”

According to the reports, films did not contain Social Security numbers or any other medical information. However, they did contain patient names, addresses, phone numbers, dates of birth and medical provider identification.

“It is our sincere belief that the trash bag of X-ray films is now buried in an unknown location in the landfill, and we have no reason to believe that any of demographic information they contain will be accessed or used in an adverse way in the future,” Arena said. “Protecting the privacy of our patients is of the highest priority in our organization and we deeply regret this incident occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptops with PHI missing

October 21st, 2014 by admin No comments »
MSI laptop computer

Laptops with PHI missing

In the unprecedented event, few laptops went missing in the period of three years from ambulances in the Dallas area. According to the reports, laptops contained patient information. Dallas City Hall stated that Dallas Fire-Rescue (DFR) Emergency Medical Services (EMS) laptop computers in DFR ambulances “became unaccounted for” in the three-year period.

“If the EMS laptop used during a patient’s treatment was one of those unaccounted for, and if the paramedics performed an electrocardiogram (EKG) on the patient, that EKG and possibly the patient’s name, age and gender, may have become accessible to an unauthorized person(s),” explained a press release from the city of Dallas.

Incident was reported to US Department of Health and Human Services (HHS) and according to the process affected patients were notified.

“The City has formed a breach assessment team, which is working with an outside consulting firm to assess potential security risks related to the EMS laptops,” the statement read. “Once the risks have been identified, actions will be implemented to prevent such events from recurring.”

Reports failed to mention number of laptops that went missing. According to the release, Patients who have been contacted and who have questions related to this matter can call the Dallas Fire-Rescue EMS staff.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A Pennsylvania healthcare service suffers data breach

October 19th, 2014 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

A Pennsylvania healthcare service suffers data breach.

A Pennsylvania healthcare service suffered data breach incident which may led to personal health information (PHI) misuse. According to the reports, computer server containing patient information for Dr. Barry Snyder was breached after a third party element accessed information wrongly.

“Our forensics experts cannot verify with 100 percent certainty that the data security event occurred, but Penn Highlands Brookville is providing notice to affected patients so that they may take steps to protect their identity if they feel it is necessary,” the release said.

The affected information includes patients’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, phone numbers, insurance information, medical information and gender.

Healthcare swung into action and hired national security and computer forensics experts to thoroughly investigate the incident. It also provided toll free number for patients to call for more information.

According to the press release:

Penn Highlands Brookville encourages its patients to remain vigilant by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. 

At no charge, you can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Please note, however, that because it tells creditors to follow certain procedures to protect the individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

18th Breach for Oregon Health Insurance Exchange

October 17th, 2014 by admin No comments »

In the successive events, Oregon Health Insurance Exchange suffered 18

Library at Oregon Health & Science University,...

Library at Oregon Health & Science University, in Portland, Oregon. (Photo credit: Wikipedia)

security breaches in past six months. The recent incident involved documents with PHI being sent to wrong patient. Cover Oregon spokeswoman Ariane Holm said the breach is under investigation. The exchange’s security team with a return envelope was immediately sent to Migliaccio who got the other patients information.

“We take the security and privacy or our customers very seriously and have policies and trainings in place to protect personally identifiable information of our consumers,” Holm told the news source, adding Cover Oregon regularly improves procedures.

According to the Associated Press, Ann Migliaccio applied for health coverage through Cover Oregon and then received documents in the mail containing the names and birth dates of two other applicants. However, Migliaccio told the news source that the documents did not include Social Security number. Affected information included addresses, names, dates of birth and internal Cover Oregon IDs.

“It was pretty shocking,” Migliaccio said. “But with Cover Oregon nothing is shocking anymore. They should be very thankful I’m an honest person and I will not try to use this information.”

When applicants need to update their applications, the exchange no longer mails the completed documents that include Social Security numbers and other information. Earlier, Cover Oregon was working with Oracle Corp. to create an HIE for the state but it missed the deadlines and individuals were required to use a hybrid paper-online application process.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UC Davis Health suffers data breach

October 15th, 2014 by admin No comments »
English: UC Davis Medical Center, Sacramento.

UC Davis Health suffers data breach

UC Davis Health suffered data breach when a provider’s email was compromised by an unknown source. According to the reports, 1,326 patients’ data suffered breach. A member of the UC Davis IT team detected unusual activity in the email account and came to conclusion that the provider’s email was compromised by the unknown source. The source is not confirmed till date.

The event did not involve access to patient EHRs, Social Security numbers or other personal financial information. UC Davis Health System said that it has notified or is in the process of notifying several government agencies regarding the breach.

According to the statement:

UC Davis Health System’s email program is encrypted, and there are measures in place to prevent intrusions like this one including email filtering and cyber surveillance from occurring. Immediate actions to protect patient privacy — including blocking access by the unauthorized user and changing the account credentials – were taken when it was discovered that the email account had been compromised.

Since we are unable to determine the exact nature of the access by this unauthorized third-party, we are sending a letter to all patients who had information about them included in this email account.

UC Davis Health System is improving lives and transforming health care by providing excellent patient care, conducting groundbreaking research, fostering innovative, inter professional education, and creating dynamic, productive partnerships with the community. The academic health system includes one of the country’s best medical schools, a 619-bed acute-care teaching hospital, a 1000-member physician’s practice group and the new Betty Irene Moore School of Nursing. It is home to a National Cancer Institute-designated comprehensive cancer center, an international neuro developmental institute, a stem cell institute and a comprehensive children’s hospital. Other nationally prominent centers focus on advancing telemedicine, improving vascular care, eliminating health disparities and translating research findings into new treatments for patients. Together, they make UC Davis a hub of innovation that is transforming health for all.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cone Health Mailing Error

October 12th, 2014 by admin No comments »
English: Torbay Hospital In-patient wards and ...

Cone Health Mailing Error

Cone Health of Greensboro, N.C. has notified 2,076 Southeastern Heart and Vascular Center patients about the data breach which was caused due to mailing error. According to the reports, a courier mistake which led to letters being sent to wrong patients having other patient names, their doctors and names of the practices.

According to the statement on the Cone Health website, social security numbers, dates of birth or insurance information was not compromised in the breach. Cone Health has individually notified all the patients affected by the breach. Cone Health regrets any confusion resulting from the incorrect mailing.

According to the information available on the website of Cone Health one can get the overview of this organization:

Cone Health is a not-for-profit network of healthcare providers serving people in Guilford, Forsyth, Rockingham, Alamance, Randolph, Caswell and surrounding counties. Our tagline – “The Network for Exceptional Care” – highlights our commitment to excellence, which is shared by our more than 10,000 professionals, 1,300 physicians and 1,200 volunteers.

As one of the region’s largest and most comprehensive health networks, Cone Health has more than 100 locations, including six hospitals, 3 medical centers, four urgent care centers, 95 physician practice sites and multiple centers of excellence.

It includes:

The Moses H. Cone Memorial Hospital

Alamance Regional Medical Center

Wesley Long Hospital

Women’s Hospital

Annie Penn Hospital

The Behavioral Health Hospital

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Touchstone Medical folder exposed on Internet

October 10th, 2014 by admin No comments »
Laptop icon

Touchstone Medical folder exposed on Internet

Touchstone Medical Imaging, LLC has suffered data breach as sensitive data was exposed on the internet. It posted notice on the website stating that they didn’t think data was accessible on the internet.

Organization conducted internal investigation which revealed the breach. According to the reports, medical records weren’t included but patient names,dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and some Social Security numbers may have been readable from the exposed folder.

According to the statement:

Touchstone Medical Imaging, LLC is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

We have no knowledge and there is no indication that any patient information has been used improperly. However, in an abundance of caution, we began sending letters to affected patients on October 3, 2014, and have established a dedicated call center to answer questions you may have.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Tampa General hospital data breach

October 7th, 2014 by admin No comments »
English: Tampa General Hospital

Tampa General hospital

Employee access is another major area to work upon, as the new data breach in Tampa General proved the limits of data security. Tampa notified 675 patients that their data had been compromised as a result of a former employee’s inappropriate access.

According to the hospital investigation data compromised includes patient names, addresses, dates of birth, admitting diagnoses, names of insurance payers and in some instances, Social Security numbers. But medical records weren’t compromised. The employee had the records with him during Tampa Police Department traffic stop that led to his arrest. Tampa immediately ordered termination of the employee.

According to the Tampa General hospital statement:

Tampa General Hospital (TGH) is committed to maintaining the privacy and confidentiality of our

patients’ information. Regrettably, this notice concerns an incident involving some of that information.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we continually communicate to and educate our staff on the importance of protecting and securing patient information; emphasizing the importance of reporting any unusual staff behavior as we enhance procedures to prevent and detect misuse of patient information. We have also implemented technology that blocks patient information based on an employee’s job description, including limiting access to patients’ Social Security numbers.

We want to assure our patients that we are taking this matter very seriously and are actively cooperating with law enforcement in their investigation.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

‘Shellshock’ Bug

October 4th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

‘Shellshock’ Bug

What is Shellshock Bug?

Attackers are exploiting critical, newly-disclosed security weakness present in countless networks and Websites that depends on Unix and Linux operating systems. According to the Experts, “Shellshock Bug,” is so tangled with the modern Internet that it could prove puzzling to find solution.

If the threat remains unchecked then in the short run it is likely to put millions of networks and countless consumer records at risk of exposure. There are lot of similarities between recent Heartbleed vulnerability because of its omnipresence and sheer potential for causing havoc on Internet-connected systems mainly websites. According to the reports, the issue lies in the GNU Bourne Again Shell (Bash), the text-based, command-line utility on multiple Linux and Unix operating systems.

Jaime Blasco, labs director at AlienVault, has been running a honeypot on the vulnerability since yesterday to emulate a vulnerable system.

“With the honeypot, we found several machines trying to exploit the Bash vulnerability,” Blasco said. “The majority of them are only probing to check if systems are vulnerable. On the other hand, we found two worms that are actively exploiting the vulnerability and installing a piece of malware on the system. This malware turns the systems into bots that connect to a C&C server where the attackers can send commands, and we have seen the main purpose of the bots is to perform distributed denial of service attacks.”

The OS vulnerability table can be given as:

Microsoft Windows users: No Impact

Linux and UNIX systems: Patches are available

Mac users: Vulnerable

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

JPMorgan Chase attacked by the hackers

October 2nd, 2014 by admin No comments »
JPMorgan Chase Tower (Dallas)

JPMorgan Chase attacked by the hackers.

An overwhelming attack on JPMorgan Chase by the hackers has compromised the accounts of 76 million households and seven million small businesses. It’s one of the largest ever intrusion which has overcame the previous estimates of the bank.

Earlier Target, home depot and a number of other retailers has suffered major data breaches.  The recent incident is blow to already shaken confidence in the digital operations. Below are the details of last year breaches for above mentioned companies –

Target: 40 million cardholders and 70 million others were compromised

Home depot: 56 million cards

Breaches in largest banks like JPMorgan can lead to exposure of more sensitive data.

“We’ve migrated so much of our economy to computer networks because they are faster and more efficient, but there are side effects,” said Dan Kaminsky, a researcher who works as chief scientist at White Ops, a security company.

Bank believes that no money has moved out of the accounts and till today customers are safe. According to the reports, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. It is believed that account information, including passwords or social security numbers are safe.

Jamie Dimon, JPMorgan’s chairman and chief executive, has recognized the growing digital threat. In his annual letter to shareholders, Mr Dimon said, “We’re making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe.”

Due to rising threat of online crime, JPMorgan has said it plans to spend $250 million on digital security annually.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Technologies for Healthcare security and efficiency

September 27th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Technologies for Healthcare security and efficiency

Technologies have been upgraded to accommodate more users and extra efforts are done to safe guard the data. Organizations are demanding software to process larger amount of workload with reduced hardware infrastructure. But they are equally concerned about the data security and multiple products and process are used to implement same. Large amount of investment is done on data loss prevention techniques within and outside of a healthcare IT network.

With the acceptance and growth of Cloud Computing and virtualization technologies, there is also advancement in the security technologies. Below are the linked technologies for Healthcare security efficiency.

Software-defined technologies: Technology is designed specifically to simply networking and security process using new type of software based engines taking security to complete different level.

Virtualization: Virtual firewalls or virtual security appliances are making their way into many large health care environments. To deal with internal traffic security, more virtual applications are used.

Scanning and control engines: With the advancement of the technology new type of scanning and control engines are deployed to detect the threat as early as possible. Features like data-loss prevention (DLP), intrusion detection/prevention services (IPS/IDS), and even disaster recovery load-balancing, are all become more standard.

Controlling end-user devices and BYOD: This is about controlling access to the end user device which employees bring according to the company BYOD policy.

Cloud security:  Due to Cloud, more devices are equipped with scanning more types of traffic coming into a healthcare infrastructure. Specific attention is given to the access control for the users and efforts are made only to provide authorized access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Owensboro Medical Practice suffers data breach

September 24th, 2014 by admin No comments »
Daviess County Courthouse, at Owensboro, Kentu...

Owensboro Medical Practice suffers data breach

Medical Practice has notified 3000 patients who have suffered data breach due to employees who tried to contact them with intention of starting own business. Still there are conflicting reports about the involvement of a business associate (BA) and the dates of breaches. Information which was affected included patient names, addresses, telephone numbers, dates of birth, Social Security numbers, and health conditions.

According to the reports, Medical Practice, located in Owensboro, KY, the breach occurred three years ago and Director of Research for Owensboro Medical Practice, Timothy Hillard said he knew of the incident.”Even if it was one patient, that one patient’s information is highly important to us and not the entire medical records were taken but demographics such as name, date of birth, age, social security number, which is, you know, very concerning to us.”

According to the statement:

On or about July 24, 2014, Owensboro Medical Practice, PLLC, and its business associate, Research Integrity, LLC, learned that a spreadsheet containing protected health information