Data breach may affect 200,000 individuals

December 17th, 2014 by admin No comments »
MSI laptop computer

Data breach may affect 200,000 individuals  

Belle Glade office of Family Central, Inc. in Florida suffered data breach when former employee accessed the electronic database inappropriately. The said database manages the personal information of individuals applying for or receiving services from the coalition.

“The security breach compromised the personal information of individuals whose data is contained in the system, including parents and children residing in Palm Beach County who have received school readiness services or participated in the Voluntary Prekindergarten Education Program,” the statement read.

According to the reports, federal officials are investigating the incident. Individuals who have received services from the organization are encouraged to carefully monitor their credit history and enroll for free fraud alerts with one of the three major credit agencies.

“Family Central has implemented additional security measures including expanded security training for all employees, further restricting access to the information system and revising data security policies,” the statement said.

Currently, 177 individuals are affected but the number can grow.

According to the statement published on company’s website –

Individuals who have received services from the coalition and Family Central, Inc., may wish to review their credit history for any potential fraudulent or suspicious activities they have not authorized.  To protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files.  A fraud alert notifies creditors to contact individuals before opening new accounts in their name.  

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Children Art Project and Data Breach

December 12th, 2014 by admin No comments »
English: Compact Disc Nederlands: Compact Disc

Children Art Project and Data Breach

A healthcare data breach was caused by what started as goodwill attempt when a health system employee mistakenly donated CDs having patients’ protected health information (PHI) for children’s projects.

According to the reports, Virginia Commonwealth University Health System (VCUHS) employee took CDs that were no longer needed for the organization’s services and gave it to Children as a reference for art project.  The affected information includes patients’ full name, and one or more of the following: home addresses, dates of birth, medical record numbers, clinical information and health insurance information. A few of the CDs also contained Social Security numbers.

The website statement didn’t mention about the number of individuals affected but likely more than 1,000 medical information records were involved.

“What began as a well-intentioned philanthropic effort by a staff member wanting to help turned into a serious mistake that we are working very hard to remedy,” John Duval, CEO of MCV Hospitals and Clinics, said in a statement. “This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients.”

VCUHS has revised its protocols regarding media destruction and will intensify its efforts to protect all sensitive information, Duval added. VCUHS said that it also re-collected most of donated CDs.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Subcontractor mishandled sensitive information

December 10th, 2014 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Subcontractor mishandled sensitive information

A potential data breach was caused because of information mishandling by  a health insurance subcontractor. According to the reports, WellCare Health Plans notified 47 Medicare subscribers at the end of November that their protected health information (PHI) was breached. Around 500 people were affected by this incident.

Social security numbers and other financial information were not exposed. Also, information regarding specific diagnosis was not revealed. A total of 47 people were notified in Monroe County along with more than 500 people in New York.

“When the error was discovered, WellCare sent postage-paid envelopes to the members who were believed to have received the inadvertent mailings,” the Democrat & Chronicle stated.

According to the reports,

The insurer said it was not aware of misuse of anyone’s information. Nevertheless, it urged the 47 individuals to review their credit card bills and other financial statements. The insurer is providing one-year credit protection.

The breach was a violation of the Health Insurance Portability and Accountability Act. Crystal Walker, director of public relations, said WellCare learned on Nov. 3 that a vendor had a computer coding error, which caused denial letters to be sent to the wrong members. The information included the person’s name, address, member ID number and general descriptions of the procedure, such as evaluation, radiology or administrative. No specific diagnoses were revealed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Series of lawsuits against Good Samaritan

December 7th, 2014 by admin No comments »
Legacy Good Samaritan Hospital & Medical Cente...

Series of lawsuits against Good Samaritan

Troy, NY-based Good Samaritan Hospital breach has various pending lawsuits from seven parties which include four current or former correction officers, a jail employee, the family of a correction officer on behalf of a minor child, and a private individual who sued the county.

“Rensselaer County has paid $25,000 in a court award and set aside $90,000 for expected legal fees in a flurry of lawsuits brought by jail officers and others whose medical information was viewed for years by employees using a computer in the jail nurses’ office,” the article stated.

Good Samaritan has earlier notified 23 people about data breach which resulted from stolen data from Rensselaer County Jail’s nurse’s station. The recent example involved inappropriate access to girl’s record. Case was resolved by parents agreeing for $25,000 settlement. Incident involved next door neighbor who is Rensselaer County Jail officer reportedly gaining access to the girl’s data.

To safeguard information companies should follow below steps:

  • Keep all HIPAA safeguards up-to-date
  • Training employees for importance of securing the data
  • Staff members must understand what type of medical access is appropriate
  • Proper HIPAA technical safeguards can monitor when employees log in, and whether that access is necessary

One should understand importance of technical safeguards whose definition goes by:

The technology and policies meant to protect electronic health information is safe. There used to be two divisions for this safeguard called “technical security and mechanisms” and “technical security services.” Covered entities are not forced to choose a specific type of technical safeguard as long as what they choose permits them to remain HIPAA certified and compliant.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Second Data Breach in one Month

December 4th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Second Data Breach in one Month 

Visionworks suffered two incident of data breach in span of two months which involved compromised protected health information (PHI). According to the reports, individuals who received services at Visionworks’ Jacksonville, Fl. are notified about the incident. During computer upgrade, a database server was lost which resulted in breach.

“The server potentially held partially unencrypted protected health information belonging to approximately 48,000 of the store’s customers,” the statement read. “All credit card information housed on the server was encrypted, and therefore should not be at risk. Customers’ exam information was not stored on the lost server.”

Visionworks also added that there is no potential reason for any misuse of the data on the server.

“Nevertheless, in an abundance of caution, Visionworks is notifying the customers potentially affected by the incident and informing them of the associated personal risks,” according to the statement. “In addition, Visionworks will provide those customers with free credit monitoring for one year.”

First data breach in Visionworks also involved a missing computer server that was lost during scheduled upgrades. As per the reports, around 75000 Visionworks customers were affected in that incident. The Visionworks stated that it was believed that the server was sent to one of the landfills along with other “miscellaneous refuse.”

According to the company’s statement:

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Dumpster Case Settled

December 2nd, 2014 by admin No comments »
English: Midwest Genealogy Center, Independenc...

More than 1,500 women in Missouri got affected by data breach

More than 1,500 women in Missouri got affected by data breach when their protected health information (PHI) was compromised after their personal records blew out of a dumpster on a windy day. According to the reports, Midwest Women’s Healthcare Specialists have decided to settle the case by paying amount of $400,000 to compensate the patients for the PHI exposure. All the affected patients will get the share from the victim’s fund.

“Both sides worked very hard to get this resolved quickly, and to seek justice for all of those involved,” plaintiff attorney Maureen Brady told the news source.

The affected records include patients’ names, Social Security numbers, addresses, procedures and tests performed. Papers were scattered up to several blocks away by the wind.

“At Midwest Women’s Healthcare we take patient privacy very seriously,” a spokesperson said in an email to the news station back in May. “We continue to thoroughly investigate this issue and will take appropriate action based on our findings. Midwest Women’s Healthcare is in the process of determining which patients may have been affected and intends to notify them as soon as possible.”

After the judge’s approval, the letters will be sent to patients explaining process to receive funds. The decision and status to implicate Midwest Women’s Healthcare for HIPAA violations by Department of Health and Human Services (HHS) is not known. Civil penalties from HIPAA violations, added to any compensation sought by potential victims could add up to amounts.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Former employee’s unauthorized access causes data breach

November 30th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Former employee’s unauthorized access causes data breach

Health care security breach was caused due to theft of 35 computers and 34 scanners by former IT contractor of Franciscan Health Systems. Three affected Washington hospitals are working to solve the lapses. According to the reports, the former employee Justin Page accessed one hospital six times, an administrative office 24 times, and an education and support facility eight times.

“We’re going to find the discrepancies in our system and make sure it doesn’t happen again,” Scott Thompson of Franciscan Health Systems told the news source. “We’re right now taking some internal review of all those policies and procedures, to make sure we’ve figured out why this happened and make sure it doesn’t happen again.”

Justin Page kept his active security pass months even after he had completed his work for the company. He is charged with stealing $100,000 in computers, scanners and other equipment from three Franciscan facilities. Court documents indicate Page attempted to sell the hardware to help pay for an expensive pill addiction. A man identifying himself as the suspect’s grandfather said Page was feeling sorry.

According to the preliminary reports, Patients’ Protected Health Information (PHI) might not have been affected. Organizations need more stringent administrative and technical safeguards to prevent such incidents. It is always advisable to keep track of individual’s activities having sensitive data access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Detroit hospitals hit by Medical Identity Theft

November 27th, 2014 by admin No comments »
English: Harper Hospital, Detroit, Michigan

Detroit hospitals hit by Medical Identity Theft

According to the reports, two hospitals in Detroit were affected when two thieves stole Protected Health Information (PHI) of around 1,400 people. The purpose of the thieves was revealed when phony tax refunds were filed for around $500,000 using the stolen data.

A search warrant was issued and the investigation led to confiscation of stolen information, which included bank records, credit cards, “stacks of hospital patient records” and hand written notes that included individuals’ names, dates of birth, and Social Security numbers. The accused Markitta Washington, 29, and Martez Lear, 29 allegedly took patient records to file false tax returns in other people’s names. Washington is a former employee of Henry Ford West Bloomfield Hospital and DMC Harper Hospital.

“Criminals should know that while technology has made it easier than ever for them to commit identify fraud, technology is also making it easier for law enforcement to catch them,” U.S. Attorney Barbara McQuade said in a statement. “We are making enforcement of identity theft a high priority because this crime has become so pervasive and can be so damaging to victims.”

Henry Ford spokesman David Olejarz told that the hospital takes the misuse of patients’ information very seriously and that the conduct of a former worker does not represent the entire hospital staff.

Approximately 1,000 patients’ PHI from DMC Harper was found in the home of the two suspects. After the investigation, Washington’s access to the computer systems was revoked.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Brigham and Woman’s Hospital suffered data breach

November 24th, 2014 by admin No comments »
MSI laptop computer

Brigham and Woman’s Hospital suffered data breach 

Brigham and Woman’s Hospital (BWH) laptop was stolen which may have exposed Protected Health Information (PHI) of certain individuals. An armed robbery off hospital ground led to stealing of BWH physician’s laptop and cell phone. According to the reports, physician was forced by the robbers to reveal pass codes and encryption keys.

“Possession of the pass codes/encryption keys along with the devices themselves could provide an individual the ability to view information stored on the laptop or cell phone,” BWH said. “The theft was immediately reported to the Boston Police Department.”

The hospital is unaware of the devices and the status of information access by the robbers is unknown. The devices include information about patients receiving treatment at BWH’s Neurology and Neurosurgery programs. The affected patients count stands at 999 for breached information which includes Patient names, medical record number, age, medications, and information about diagnosis and treatment. Social Security numbers or other financial information was not present on the devices.

“Upon learning of this theft, BWH initiated a thorough investigation, including the creation of a multidisciplinary workgroup to respond to this incident,” the statement said. “BWH is currently reviewing related policies and procedures in an effort to determine if there are steps that BWH can take that may decrease the likelihood of reoccurrence of this type of incident in the future.”

The hospital started sending letters to potentially affected patients asking them to report any illegal activity.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI exposed on emails

November 22nd, 2014 by admin No comments »
Anthem Blue Cross-Blue Shield office in Denver.

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line.

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line. It is not known whether the act of sending PHI in email is considered as data breach. The email was related to routine checkups and preventative screenings with their doctors. But the email also included information like age range and language along with possible medical screening tests – marked “Y” for recommended tests and “N” for tests not listed in the email.

This information is certainly sensitive, as you can imagine, because a call for certain tests, and frequency, could indicate a health problem,” wrote one female Anthem patient who received the email.

The woman said she received the following subject line from her health insurer:

Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N

“We know that patient privacy and security is just as important as having the most comprehensive medical records,” Mark Morgan, president of Anthem Blue Cross, told a reporter at the time of the HIE announcement. The incident occurred when the Anthem Blue Cross is working to further expand in the health IT world.

Blue Shield of California and Anthem Blue Cross has combined strength of 9 million customers in a new comprehensive network, Cal INDEX.

“Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider,” said Jonathan Mayer, a computer scientist and lawyer at Stanford who specializes in data security and privacy.

He added, “It’s especially bad when the information is in the subject line because who knows where that could pop up — on a desktop, a phone.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Computer server goes missing

November 20th, 2014 by admin No comments »
Headquarters of the insurance company in Pitts...

Headquarters of the insurance company in Pittsburgh, , . Address 120 Fifth Ave., Downtown. (Photo credit: Wikipedia)

A subsidiary of Pennsylvania-based health insurer Highmark Inc., Visionworks is facing potential data breach when its computer server went missing from Annapolis store.  Though safeguards and measures exist, incident like this happens when there is negligence in handling computers and data storage devices.

According to the reports, server consisted of partially encrypted Protected Health Information (PHI) which doesn’t includes Social Security numbers. The total of the affected patients stands at 75,000 customers. According to the Visionworks, Customer credit card numbers were encrypted.

Lisa Martinelli, the chief privacy officer for Highmark Health told that company is currently in the process of notifying affected patients. She also told that customers are offered free credit monitoring for one year.

According to the Statement:

An investigation is currently underway to locate a missing database server, which was replaced on June 2, 2014 during scheduled upgrades.

While the location of the server has yet to be determined, it is believed to have been sent to one of the store’s local landfills along with other miscellaneous refuse. At this time, there is no reason to believe that any of the information residing on the server has been accessed or used inappropriately.

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Bon Secours suffers data breach due to former employee

November 17th, 2014 by admin No comments »
Français : Rue Bon Secours, à Nantes

Bon Secours suffers data breach due to former employee.

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Medical records in Dumpster

November 15th, 2014 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

Medical records in Dumpster

Another case of improper disposal came to notice in Texas when medical documents containing “sensitive personal information” were spotted in a dumpster outside of a church in Alamo Heights. Affected information includes patients’ medical records and PHI from the offices of Dr. Huyen Nguyen and Dr. Orlando Kypuros. Affected information includes Patients’ medical conditions, Social Security numbers and driver’s license numbers.

“We were shocked that such information was found unsecure and outside our office,” Nguyen and Kypuros said in a statement to the news station. “Upon discovery of the breach, we immediately investigated the incident to determine how it occurred. Our investigation revealed that some of our employees were not following our office policy, which required protected health information to be shredded. Instead, they were placing the documents in a recycling container.”

After the breach, doctors ‘until further notice’ terminated the recycling program, counseled and retrained all employees, and revised their policies and procedures to ensure that such situation never happens again.

“We are in the process of identifying all affected patients and providing written notification in compliance with state and federal law, which will provide notification of the breach and directions for placing a fraud alert on a credit report,” the statement read.

Affected patients with most sensitive information were contacted personally by the doctor’s office and free credit monitoring services for one year has been setup. Number of affected patients is not known but all the records are under lock and key while the search for an explanation begins.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Community Center ID Theft

November 12th, 2014 by admin No comments »

 

http://openclipart.org/clipart/people/magnifyi...

Community Center ID Theft

A nonprofit system of health clinics in Florida suffered data breach due to identity theft criminal operation. The affected clinic Jessie Trice Community Health Center said that patient’s information was targeted. According to the reports, personal information that was stolen includes Patients’ names, dates of birth and Social Security numbers.

 

“The leadership of Jessie Trice Community Health Center, Inc. deeply regrets this incident and is working vigorously and diligently assessing how to mitigate future risks to all patients and has implemented new procedures and protocols to protect patient information so that this type of theft cannot reoccur,” Jessie Trice president and CEO Annie Neasman explained in the statement.

 

The incident is under investigation by FBI and IRS. Total count of affected patients stands at 7,888 and are notified about the breach. The organization has retained a leading data breach response vendor to work with patients through the process.

 

For additional information about the JTCHC data breach, statement asks to contact their corporate office. According to the statement, no medical records were obtained or have been compromised. The mode and how the theft occurred are not clear. But the statement mentions that immediate action steps are underway to ensure clients protection.

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

No Heath Data Encryption in Federal Sites

November 9th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

No Heath Data Encryption in Federal Sites 

Individuals used AIDS-related medical services information on government health websites which lacked health data encryption. In the recent times health care security is on high priority agenda and lapses like federal websites demands for change.  According to the reports, government is taking initiatives to secure the data. The sites have possible risk of exposing the identities of visitors as private information, like the actual latitude and longitude location of visitors.

“The sites and apps did not themselves track visitors, but their data was handled in ways that could have enabled monitoring by employers, universities or others with access to the data flowing between individual devices – such as computers and smartphones – and the Internet.,” the news source reported.

Steve Roosa, a partner at law firm Holland & Knight, first made the health data encryption discovery. Roosa explained that as part of HIPAA, the Department of Health and Human Services (HHS) enforces federal healthcare privacy rules when personal medical information is handled by private entities.

“It is somewhat shocking, and more than a little ironic, that HHS has opted not to adhere to its own standards here, when the failure to do so puts sensitive health information at risk,” Roosa said in the report.

Aids.gov was one of the website and its Director Miguel Gomez said they started automatically using encryption for all of its users. Since 2010, the website transmitted unencrypted location information of users searching for healthcare providers online. However, the site started offering encryption services – for those who knew how to use it – since last year.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Barriers for big data, mobility, and cloud technology in heath sector

November 6th, 2014 by admin No comments »
Computer-blue

Barriers for big data, mobility, and cloud technology in heath sector

With the evolving technology, the healthcare security is major issue which needs due attention. Many healthcare organizations are wary of using services like big data, mobility and cloud technology mainly because of security concerns. Dell recently surveyed around 2,000 global organizations which confirm that numerous industries are not using evolving technologies because of security consideration. According to the survey:

  • 44 percent of IT decision makers consider security the biggest barrier for expanding mobility technologies
  • 52 percent of respondents said it was a hindrance to using cloud computing
  • 35 percent of surveyed IT decision makers said that security was a barrier for leveraging big data
  • 30 percent of respondents said they have the right information available to make risk-based decisions.
  • One in four organizations said they have a plan in place for all types of security breaches
  • 43 percent of respondents said that security resources are primarily spent on protecting against hackers
  • 37 percent reported that adhering to compliance regulations were the primary security expenditure

“Despite mounting security risks and increased reliance on the Internet and technology to run their businesses, many small and midsize organizations are underprepared to deal with today’s security threats, let alone those of the future,” SMB Group Partner Laurie McCabe said in a statement. “These companies know that disruptive technologies like cloud, mobility and big data can drive innovation and create competitive advantage. But it’s often difficult for them to take a strategic approach and overcome security concerns in order to fully harness the potential.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New Healthcare Apps possess security threat?

November 4th, 2014 by admin No comments »
English: Texas Children's Hospital Complex in ...

With the growth in technology, healthcare organizations are implementing policies to secure data.

With the growth in technology, healthcare organizations are implementing policies to secure data. But there are few application loopholes which may lead to severe data breach.

Founder and Chief Medical officer Dr. Joshua La told that the application has more than 150,000 users in six countries including the US, Canada, UK and Australia.

“In Australia, a customized consent form can be signed by patient or representative before images can be taken,” Landy said. “After that images are reviewed by privacy moderators to make sure they have educational value. [They are] being taken respectfully, there’s no sensationalistic images.”

Bryan Vartabedian, a pediatric gastroenterologist at Texas Children’s Hospital wrote in his blog post that the overall concept makes sense as images in medicine are a good way to teach. He is also wary of Figure 1 and what it could mean to patient privacy.

“There’s a difference between de-identification of images on a level that’s compliant with health privacy law and de-identification that respects a patient’s wishes,” Vartabedian wrote. “I operate within the understanding that if a patient can individually identify their own leg, finger, laceration within an image, they should understand very clearly that the image is headed for the very public domain.”

Healthcare professionals must follow rules to keep patients’ protected health information (PHI) secure, even if they are working to improve a patient’s health.

“In the old days medical images never left the medical library or the glossy paper on which they were printed,” he said. “But times have changed, technology is advancing faster than the discussion surrounding its use, and we have to think carefully about how we repurpose and share the images of those under our care.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Doctors Can Be Sued

November 2nd, 2014 by admin No comments »
Connecticut Supreme Court

According to the Connecticut Supreme Court ruling, doctors can be sued for HIPAA Negligence.

According to the Connecticut Supreme Court ruling, doctors can be sued for HIPAA Negligence.  Recent case involves Emily Byrne who claimed that Avery Center for Obstetrics and Gynecology in Westport violated her right to privacy. According to the reports, she didn’t want to share information about her pregnancy with the father of the child, with whom she was no longer in relationship.

The suit mentioned that the organization failed to make any communication with Byrne for his consent before releasing her medical file.

“Before this ruling, individuals could not file a lawsuit claiming violation of their privacy under the (Health Insurance Portability and Accountability Act of 1996) regulations,” Trumbull lawyer Bruce Elstein told the news source. “It was for that reason that we filed a negligence claim, claiming the medical office was negligent when it released confidential medical records contrary to the requirements set forth in the regulations.”

According to Byrne, she suffered agony when the father of her child used her personal information for “a campaign of harm, ridicule, embarrassment and extortion.”

The Connecticut Supreme Court agreed that a violation of HIPAA regulations may result in a violation of commonly accepted standards of care. This is the first instance that Connecticut’s Supreme Court has ruled regarding HIPAA negligence. The state now joins Missouri, West Virginia and North Carolina in similar rulings.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Moving into new location aggravate reasoning for two data breaches

October 29th, 2014 by admin No comments »
English: Tennessee State Capitol in Nashville,...

Moving into new location aggravate reasoning for two data breaches.

The Metro Public Health Department in Nashville, Tennessee is facing its second data breach when a file cabinet containing files of HIV patients was accidentally sent to a Metro school instead of surplus warehouse. The files were decade old and Health department is monitoring its process of how files are handled during a move to avoid such incident.

The first breach involved missing 1,700 index cards with names, dates of birth, Social Security numbers, addresses and medical coding after the department moved to its new building. The information affected patients in the Children Special Services (CSS) program.

“We are letting them know we started an investigation immediately and we do not believe, according to our investigation, that any of their information was accessed,” health department spokesman Brian Todd told an ABC affiliate at the time. “We believe those index cards probably ended up in a landfill.”

The health department is taking extra efforts to train staff for process and information related to HIPAA laws, patient identification and security.

Todd added that when the department realized those files were missing, it did a “thorough review of all files that were moved from the old building to the new building.” No other files were found to be missing, so if an individual came for any other service, were not impacted, Todd said.

Health department announced it was offering all the impacted people one year of free identity protection through AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Record stolen from doctor’s storage shed

October 25th, 2014 by admin No comments »

Dr. Nisar A. Quraishi came to know that both latches on the shed door of his office’s storage facility had been cut and medical records of patients he had treated was stolen. According to the reports, approximately 40,000 patient records containing protected health information (PHI) were missing. The records reportedly included patients’ Social Security numbers, dates of birth, home addresses and medical histories.

Quraishi said he had “no idea” who broke into the shed and that he had not been to the property since Aug. 10, at which point the shed was still secure, the news source reported. Quraishi became aware of the issue when he was contacted by a neighborhood resident that the lock was broken. Quraishi also told police he was unable to immediately provide any of the names of the patients whose records were stolen from the shed.

While conducting investigation, police said there were no security cameras or witnesses in the area or at the scene. According to the Journal, neighbors weren’t even aware that a break-in had occurred in the first place. It was also reported that the first floor of Quraishi’s office “is a gutted, empty space with exposed beams and no carpet.

A spokeswoman for NYU Langone Medical Center, where Quraishi has been employed since January, said the stolen records were not of NYU Langone patients.

“The patient records involved were from Dr. Quraishi’s private practice … and therefore do not include any treatments provided by him since his employment with NYU Langone as of January 2014,” said Lisa Greiner, senior director of institutional communications at NYU Langone Medical Center. “The medical records of patients who were treated at NYU Langone by Dr. Quraishi are not part of the breach in question.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

X-Ray films and data exposure

October 23rd, 2014 by admin No comments »

California healthcare facility suffered data breach when improper disposal of information affected PHI. Graybill Medical Group notified patients of a potential data breach after X-ray films were accidentally taken out with the regular trash. It was meant to be sent to a waste disposal company.

According to the reports, the films set for disposal were placed in a trash liner bag but the employee who was supposed to take them to the disposal company was ill.

“Later that evening or early the next morning, our janitorial service gathered the films, believing they were to be disposed of as ordinary trash,” Arena said in the release. “That bag was then taken to a dumpster and collected by the waste disposal company. When this was discovered the following day, we attempted to locate the films in the dumpster but it had already been emptied.”

Graybill tried to possess the information by reaching to trash company but was informed that they had already been taken to a landfill and were irretrievable.

“Of the total group of X-ray films that were taken during that period, only a small percentage were to be destroyed,” Arena explained. “Unfortunately, because we do not know which films were in the group set for destruction, we are taking the extra precaution of notifying all patients who had X-rays taken during that time.”

According to the reports, films did not contain Social Security numbers or any other medical information. However, they did contain patient names, addresses, phone numbers, dates of birth and medical provider identification.

“It is our sincere belief that the trash bag of X-ray films is now buried in an unknown location in the landfill, and we have no reason to believe that any of demographic information they contain will be accessed or used in an adverse way in the future,” Arena said. “Protecting the privacy of our patients is of the highest priority in our organization and we deeply regret this incident occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptops with PHI missing

October 21st, 2014 by admin No comments »
MSI laptop computer

Laptops with PHI missing

In the unprecedented event, few laptops went missing in the period of three years from ambulances in the Dallas area. According to the reports, laptops contained patient information. Dallas City Hall stated that Dallas Fire-Rescue (DFR) Emergency Medical Services (EMS) laptop computers in DFR ambulances “became unaccounted for” in the three-year period.

“If the EMS laptop used during a patient’s treatment was one of those unaccounted for, and if the paramedics performed an electrocardiogram (EKG) on the patient, that EKG and possibly the patient’s name, age and gender, may have become accessible to an unauthorized person(s),” explained a press release from the city of Dallas.

Incident was reported to US Department of Health and Human Services (HHS) and according to the process affected patients were notified.

“The City has formed a breach assessment team, which is working with an outside consulting firm to assess potential security risks related to the EMS laptops,” the statement read. “Once the risks have been identified, actions will be implemented to prevent such events from recurring.”

Reports failed to mention number of laptops that went missing. According to the release, Patients who have been contacted and who have questions related to this matter can call the Dallas Fire-Rescue EMS staff.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A Pennsylvania healthcare service suffers data breach

October 19th, 2014 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

A Pennsylvania healthcare service suffers data breach.

A Pennsylvania healthcare service suffered data breach incident which may led to personal health information (PHI) misuse. According to the reports, computer server containing patient information for Dr. Barry Snyder was breached after a third party element accessed information wrongly.

“Our forensics experts cannot verify with 100 percent certainty that the data security event occurred, but Penn Highlands Brookville is providing notice to affected patients so that they may take steps to protect their identity if they feel it is necessary,” the release said.

The affected information includes patients’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, phone numbers, insurance information, medical information and gender.

Healthcare swung into action and hired national security and computer forensics experts to thoroughly investigate the incident. It also provided toll free number for patients to call for more information.

According to the press release:

Penn Highlands Brookville encourages its patients to remain vigilant by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. 

At no charge, you can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Please note, however, that because it tells creditors to follow certain procedures to protect the individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

18th Breach for Oregon Health Insurance Exchange

October 17th, 2014 by admin No comments »

In the successive events, Oregon Health Insurance Exchange suffered 18

Library at Oregon Health & Science University,...

Library at Oregon Health & Science University, in Portland, Oregon. (Photo credit: Wikipedia)

security breaches in past six months. The recent incident involved documents with PHI being sent to wrong patient. Cover Oregon spokeswoman Ariane Holm said the breach is under investigation. The exchange’s security team with a return envelope was immediately sent to Migliaccio who got the other patients information.

“We take the security and privacy or our customers very seriously and have policies and trainings in place to protect personally identifiable information of our consumers,” Holm told the news source, adding Cover Oregon regularly improves procedures.

According to the Associated Press, Ann Migliaccio applied for health coverage through Cover Oregon and then received documents in the mail containing the names and birth dates of two other applicants. However, Migliaccio told the news source that the documents did not include Social Security number. Affected information included addresses, names, dates of birth and internal Cover Oregon IDs.

“It was pretty shocking,” Migliaccio said. “But with Cover Oregon nothing is shocking anymore. They should be very thankful I’m an honest person and I will not try to use this information.”

When applicants need to update their applications, the exchange no longer mails the completed documents that include Social Security numbers and other information. Earlier, Cover Oregon was working with Oracle Corp. to create an HIE for the state but it missed the deadlines and individuals were required to use a hybrid paper-online application process.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UC Davis Health suffers data breach

October 15th, 2014 by admin No comments »
English: UC Davis Medical Center, Sacramento.

UC Davis Health suffers data breach

UC Davis Health suffered data breach when a provider’s email was compromised by an unknown source. According to the reports, 1,326 patients’ data suffered breach. A member of the UC Davis IT team detected unusual activity in the email account and came to conclusion that the provider’s email was compromised by the unknown source. The source is not confirmed till date.

The event did not involve access to patient EHRs, Social Security numbers or other personal financial information. UC Davis Health System said that it has notified or is in the process of notifying several government agencies regarding the breach.

According to the statement:

UC Davis Health System’s email program is encrypted, and there are measures in place to prevent intrusions like this one including email filtering and cyber surveillance from occurring. Immediate actions to protect patient privacy — including blocking access by the unauthorized user and changing the account credentials – were taken when it was discovered that the email account had been compromised.

Since we are unable to determine the exact nature of the access by this unauthorized third-party, we are sending a letter to all patients who had information about them included in this email account.

UC Davis Health System is improving lives and transforming health care by providing excellent patient care, conducting groundbreaking research, fostering innovative, inter professional education, and creating dynamic, productive partnerships with the community. The academic health system includes one of the country’s best medical schools, a 619-bed acute-care teaching hospital, a 1000-member physician’s practice group and the new Betty Irene Moore School of Nursing. It is home to a National Cancer Institute-designated comprehensive cancer center, an international neuro developmental institute, a stem cell institute and a comprehensive children’s hospital. Other nationally prominent centers focus on advancing telemedicine, improving vascular care, eliminating health disparities and translating research findings into new treatments for patients. Together, they make UC Davis a hub of innovation that is transforming health for all.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cone Health Mailing Error

October 12th, 2014 by admin No comments »
English: Torbay Hospital In-patient wards and ...

Cone Health Mailing Error

Cone Health of Greensboro, N.C. has notified 2,076 Southeastern Heart and Vascular Center patients about the data breach which was caused due to mailing error. According to the reports, a courier mistake which led to letters being sent to wrong patients having other patient names, their doctors and names of the practices.

According to the statement on the Cone Health website, social security numbers, dates of birth or insurance information was not compromised in the breach. Cone Health has individually notified all the patients affected by the breach. Cone Health regrets any confusion resulting from the incorrect mailing.

According to the information available on the website of Cone Health one can get the overview of this organization:

Cone Health is a not-for-profit network of healthcare providers serving people in Guilford, Forsyth, Rockingham, Alamance, Randolph, Caswell and surrounding counties. Our tagline – “The Network for Exceptional Care” – highlights our commitment to excellence, which is shared by our more than 10,000 professionals, 1,300 physicians and 1,200 volunteers.

As one of the region’s largest and most comprehensive health networks, Cone Health has more than 100 locations, including six hospitals, 3 medical centers, four urgent care centers, 95 physician practice sites and multiple centers of excellence.

It includes:

The Moses H. Cone Memorial Hospital

Alamance Regional Medical Center

Wesley Long Hospital

Women’s Hospital

Annie Penn Hospital

The Behavioral Health Hospital

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Touchstone Medical folder exposed on Internet

October 10th, 2014 by admin No comments »
Laptop icon

Touchstone Medical folder exposed on Internet

Touchstone Medical Imaging, LLC has suffered data breach as sensitive data was exposed on the internet. It posted notice on the website stating that they didn’t think data was accessible on the internet.

Organization conducted internal investigation which revealed the breach. According to the reports, medical records weren’t included but patient names,dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and some Social Security numbers may have been readable from the exposed folder.

According to the statement:

Touchstone Medical Imaging, LLC is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

We have no knowledge and there is no indication that any patient information has been used improperly. However, in an abundance of caution, we began sending letters to affected patients on October 3, 2014, and have established a dedicated call center to answer questions you may have.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Tampa General hospital data breach

October 7th, 2014 by admin No comments »
English: Tampa General Hospital

Tampa General hospital

Employee access is another major area to work upon, as the new data breach in Tampa General proved the limits of data security. Tampa notified 675 patients that their data had been compromised as a result of a former employee’s inappropriate access.

According to the hospital investigation data compromised includes patient names, addresses, dates of birth, admitting diagnoses, names of insurance payers and in some instances, Social Security numbers. But medical records weren’t compromised. The employee had the records with him during Tampa Police Department traffic stop that led to his arrest. Tampa immediately ordered termination of the employee.

According to the Tampa General hospital statement:

Tampa General Hospital (TGH) is committed to maintaining the privacy and confidentiality of our

patients’ information. Regrettably, this notice concerns an incident involving some of that information.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we continually communicate to and educate our staff on the importance of protecting and securing patient information; emphasizing the importance of reporting any unusual staff behavior as we enhance procedures to prevent and detect misuse of patient information. We have also implemented technology that blocks patient information based on an employee’s job description, including limiting access to patients’ Social Security numbers.

We want to assure our patients that we are taking this matter very seriously and are actively cooperating with law enforcement in their investigation.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

‘Shellshock’ Bug

October 4th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

‘Shellshock’ Bug

What is Shellshock Bug?

Attackers are exploiting critical, newly-disclosed security weakness present in countless networks and Websites that depends on Unix and Linux operating systems. According to the Experts, “Shellshock Bug,” is so tangled with the modern Internet that it could prove puzzling to find solution.

If the threat remains unchecked then in the short run it is likely to put millions of networks and countless consumer records at risk of exposure. There are lot of similarities between recent Heartbleed vulnerability because of its omnipresence and sheer potential for causing havoc on Internet-connected systems mainly websites. According to the reports, the issue lies in the GNU Bourne Again Shell (Bash), the text-based, command-line utility on multiple Linux and Unix operating systems.

Jaime Blasco, labs director at AlienVault, has been running a honeypot on the vulnerability since yesterday to emulate a vulnerable system.

“With the honeypot, we found several machines trying to exploit the Bash vulnerability,” Blasco said. “The majority of them are only probing to check if systems are vulnerable. On the other hand, we found two worms that are actively exploiting the vulnerability and installing a piece of malware on the system. This malware turns the systems into bots that connect to a C&C server where the attackers can send commands, and we have seen the main purpose of the bots is to perform distributed denial of service attacks.”

The OS vulnerability table can be given as:

Microsoft Windows users: No Impact

Linux and UNIX systems: Patches are available

Mac users: Vulnerable

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

JPMorgan Chase attacked by the hackers

October 2nd, 2014 by admin No comments »
JPMorgan Chase Tower (Dallas)

JPMorgan Chase attacked by the hackers.

An overwhelming attack on JPMorgan Chase by the hackers has compromised the accounts of 76 million households and seven million small businesses. It’s one of the largest ever intrusion which has overcame the previous estimates of the bank.

Earlier Target, home depot and a number of other retailers has suffered major data breaches.  The recent incident is blow to already shaken confidence in the digital operations. Below are the details of last year breaches for above mentioned companies –

Target: 40 million cardholders and 70 million others were compromised

Home depot: 56 million cards

Breaches in largest banks like JPMorgan can lead to exposure of more sensitive data.

“We’ve migrated so much of our economy to computer networks because they are faster and more efficient, but there are side effects,” said Dan Kaminsky, a researcher who works as chief scientist at White Ops, a security company.

Bank believes that no money has moved out of the accounts and till today customers are safe. According to the reports, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. It is believed that account information, including passwords or social security numbers are safe.

Jamie Dimon, JPMorgan’s chairman and chief executive, has recognized the growing digital threat. In his annual letter to shareholders, Mr Dimon said, “We’re making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe.”

Due to rising threat of online crime, JPMorgan has said it plans to spend $250 million on digital security annually.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Technologies for Healthcare security and efficiency

September 27th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Technologies for Healthcare security and efficiency

Technologies have been upgraded to accommodate more users and extra efforts are done to safe guard the data. Organizations are demanding software to process larger amount of workload with reduced hardware infrastructure. But they are equally concerned about the data security and multiple products and process are used to implement same. Large amount of investment is done on data loss prevention techniques within and outside of a healthcare IT network.

With the acceptance and growth of Cloud Computing and virtualization technologies, there is also advancement in the security technologies. Below are the linked technologies for Healthcare security efficiency.

Software-defined technologies: Technology is designed specifically to simply networking and security process using new type of software based engines taking security to complete different level.

Virtualization: Virtual firewalls or virtual security appliances are making their way into many large health care environments. To deal with internal traffic security, more virtual applications are used.

Scanning and control engines: With the advancement of the technology new type of scanning and control engines are deployed to detect the threat as early as possible. Features like data-loss prevention (DLP), intrusion detection/prevention services (IPS/IDS), and even disaster recovery load-balancing, are all become more standard.

Controlling end-user devices and BYOD: This is about controlling access to the end user device which employees bring according to the company BYOD policy.

Cloud security:  Due to Cloud, more devices are equipped with scanning more types of traffic coming into a healthcare infrastructure. Specific attention is given to the access control for the users and efforts are made only to provide authorized access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Owensboro Medical Practice suffers data breach

September 24th, 2014 by admin No comments »
Daviess County Courthouse, at Owensboro, Kentu...

Owensboro Medical Practice suffers data breach

Medical Practice has notified 3000 patients who have suffered data breach due to employees who tried to contact them with intention of starting own business. Still there are conflicting reports about the involvement of a business associate (BA) and the dates of breaches. Information which was affected included patient names, addresses, telephone numbers, dates of birth, Social Security numbers, and health conditions.

According to the reports, Medical Practice, located in Owensboro, KY, the breach occurred three years ago and Director of Research for Owensboro Medical Practice, Timothy Hillard said he knew of the incident.”Even if it was one patient, that one patient’s information is highly important to us and not the entire medical records were taken but demographics such as name, date of birth, age, social security number, which is, you know, very concerning to us.”

According to the statement:

On or about July 24, 2014, Owensboro Medical Practice, PLLC, and its business associate, Research Integrity, LLC, learned that a spreadsheet containing protected health information was wrongfully copied and removed from the offices of Research Integrity by a former employee. This occurred despite the fact that only properly authorized persons at Research Integrity had access to the spreadsheet.

Owensboro Medical Practice and Research Integrity are both investigating the incident and taking steps to ensure that patient information is secure. The companies are also pursuing the return of all hard copies of all information from the spreadsheet, the deletion of all computerized versions of such information on a permanent basis, and permanent injunctions against the persons or entities who had possession of the data from utilizing such data in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Malvertising and Online Ad Networks

September 22nd, 2014 by admin No comments »

This decade has seen tremendous rise in the internet business and online advertising has become second largest ad medium after newspaper. So it has attracted attention of attackers to rip off the user.

Advertising networks could become “the next primary attack vector,” contends new research from Bromium Networks. Worse, popular security technologies such as signature-based detection are essentially useless against such attacks, said Rahul Kashyap, Bromium’s chief security architect and head of Research.

Attackers simply put the advertisement on popular sites like YouTube and Yahoo and when user clicks such ads, malware is downloaded. Video sites like YouTube is the best for such attacks as users tend to spend more time on these sites.

These so-called malvertising attacks offer “one of the best ways to compromise huge numbers of people and get away quickly,” said Kashyap. “Attackers can potentially infect millions of people by randomly placing a few malicious ads.”

The Bromium research details a malvertising attack on YouTube that involved kits which enable attackers to test their malware to see if it will be detected by antivirus products.

In a blog post about the YouTube attack, Bromium’s McEnroe Navaraj said Bromium was working with the Google security team to analyze the attack. “Google has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again,” he wrote. Also, he noted, “We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures.”

While disabling ads with an ad blocker is a near-term option for enterprises worried about these kinds of malvertising attacks, Kashyap said it is not a practical long-term solution. “You want to leverage the kinds of technologies which do not depend on signatures or other known techniques to block threats on the network,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

What is Whitelisting?

September 21st, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Whitelisting

A whitelist is a list of those that are being provided a particular privilege, service, mobility, access or recognition depending upon the user’s use. Whitelisting is the reverse of blacklisting.With the process of whitelisting you are relatively safer in the online world. With a relatively small number of malware items, it made sense to compile known virus signatures to detect and prevent infection.

Traditional antivirus is based on blacklisting which helps to block known malware,” said Simone Spencer, endpoint product sxpert,McAfee. “Whitelisting limits use with a ‘deny by default’ approach so that only approved files or applications can be installed.

“Whitelisting is more necessary than ever because viruses and other malware are morphing,” said Rob Cheng, CEO of PC Pitstop.”This means that one virus looks like hundreds or thousands of different viruses to traditional AV products.”

“The stakes have gotten higher because of ransomware viruses, which encrypt your hard drive and demand a ransom in BitCoins for all your files back,” said Cheng. “It encrypts photos, videos, Excel files, PowerPoint presentations and so on, so all your most personal documents are lost.”

Ways of whitelisting: Smaller organization can compile their own list of allowed application. But most enterprises are advised to install whitelisting software preconfigured with known good executables and domains.

Another way of doing whitelisting is application control where you decide which application can run or denied. As virus and malware signatures are becoming increasingly ineffective, this approach of whitelisting is relatively positive. Gartner surveys show that 25 percent of enterprises are already deploying some form of application control.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Six CHSI hospitals face lawsuit for data breach damages

September 20th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Six CHSI hospitals face lawsuit for data breach damages.

According to the reports, six patients who allege their protected health information (PHI) had been exposed to CHSI’s Chinese hackers incident are suing the group. Currently six Mississippi hospitals and their parent company Community Health Systems, Inc. (CHSI) are facing the probe.

The list of hospitals affected by lawsuit is –

  • Central Mississippi Medical Center in Jackson
  • River Region Medical Center in Vicksburg
  • Madison River Oaks Hospital in Canton
  • Crossgates River Oaks Hospital in Brandon
  • River Oaks Hospital in Flowood
  • Natchez Community Hospital.

Community Health Systems, Inc. is conglomerate consisting of 206 hospitals operating in 29 states. CHSI has earlier acquired Health Management Associates (HMA) in January for $7.6 billion and six hospitals had been owned and operated by HMA. The data breach affected 4.5 million patients’ data and some think that it was a result of the OpenSSL Heartbleed vulnerability infiltrating CHSI’s network.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Aventura Hospital suffers third data breach in two years

September 17th, 2014 by admin No comments »
Laptop icon

Aventura Hospital suffers third data breach in two years.

The data breach at Aventura Hospital has exposed 82,601 patients’ data from Sept. 13, 2012 to June 9, 2014. It occurred due to vendor’s employee stealing the sensitive information during that span. It is third breach for Aventura in the span of two years. Valesco Ventures, Aventura’s HIPAA business associate (BA) sent out alert notices to the affected patients.

The affected information included patient names, dates of birth and Social Security numbers, but the organization said that no financial or health information was breached. Incident occurred when Valesco employee inappropriately accessed patient’s information.

According to the Aventura, it will begin assessing how to mitigate patient risks going forward while organization is working with local and federal authorities on breach investigation.

According to the statement:

Valesco Ventures, which provides hospital physician staffing and related services to patients in hospitals, was recently made aware of a situation involving the possible theft of personal patient information from Aventura Hospital and Medical Center. We are committed to the security of patient information, and we apologize for this incident.

On May 28, 2014, Valesco Ventures was notified that an employee may have improperly accessed the personal identifying information of a number of patients of Aventura Hospital and law enforcement was contacted. On June, 10, 2014, law enforcement concluded that this employee had improperly accessed this patient information.

Shortly after law enforcement was notified, Valesco Ventures and Aventura Hospital suspended the individual’s computer and physical access to patient data, and began assessing how to mitigate risks to all patients. Valesco Ventures and Aventura Hospital continue to work with law enforcement to preserve the information that is important to their investigation. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Temple University laptop stolen

September 15th, 2014 by admin No comments »
Temple University logo ("T" logo wit...

Temple University laptop stolen

A Temple University physicians’ office alerted 3,780 patients about data breach caused due to laptop theft from its surgery department. The Temple University physicians’ office laptop included patient names, ages, billing codes, and, in some cases, the names of the referring physicians. Local authorities and the Department of Health and Human Services (HHS) were notified by the Temple.

“To help monitor the potential misuse of the stolen information, Temple has offered identity-monitoring services within the United States to all affected patients for 12 months, at no cost to them,” the statement said. “We deeply regret this incident and the inconvenience this may have caused our patients.”

After the breach, Temple office said it will reinforce employee training, boost physical security and improve technical security measures on desktop computers. The laptop was not encrypted as per the Temple. They also said that hospital staff has been re-trained in computer security and steps have been taken to improve physical surveillance. The theft comes in the month involving 4.5 million medical records stolen from Community Health Services, by computer hackers allegedly from China.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Incorrect mailing leads to data breach

September 12th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Incorrect mailing leads to data breach

Lowa hospital confirmed data breach when human error along with technical issues led to patients’ information being sent to the wrong recipient. Monte Goodyk received his medical bill with the billing information of 11 other Pella Regional Health Center patients.

“Well, you freak out initially, because your first thought is if I have their information, they may have my information,” Goodyk told the news source. “You can almost tell what’s wrong with this patient and what they’re going to the hospital for. I should not know this information about this patient.”

According to the reports, the name and billing information of 11 patients was incorrectly included on a statement to one patient.

“We determined that a number was incorrectly entered into our computer system when an individual checked into one of our clinics,” the spokesperson said in an email. “Our systems failed to identify the human error had happened. Pella Regional Health Center reached out on Friday to all 11 patients involved by phone and connected with 8 of the 11 patients affected. A follow-up letter was sent to each individual with information and our apologies.

Pella Regional’s privacy officer and senior administration is reviewing how they can prevent this type of mistake from happening again, the spokesperson said.

“Today it was discovered that information including your name and Pella Regional Health Center billing information was included on a statement to another patient,” read a letter sent to the 11 patients. “While no diagnosis information was included, we apologize for this breach of information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Dorn VA medical center may have suffered data breach

September 9th, 2014 by admin No comments »
VA Medical Center in Long Beach, California

Dorn VA medical center may have suffered data breach

The Dorn Veterans Administration Hospital may have suffered data breach after officials recently came to know that several boxes with patients’ information had gone missing. According to the reports, four boxes of pathology reports that were stored in a locked area are not present in the desired place.

“We are contacting our Veterans who may have been impacted,” Medical Center Director Timothy McMurry said in a statement. “For we take the loss of personal information very seriously.”

Details of the boxes are –

  • Records in question are only from the years 1999, 2000, and 2002
  • Patients’ names, Social Security numbers (SSNs) and pathology reports are included in the missing files
  • 2,000 patients may have had their personal information compromised

Dorn officials came to know about the missing boxes when they planned moving them in long term storage facility. Officials believe that till date no information is being misused however they mentioned that one year of free credit monitoring is available to veterans who are notified in writing. This is not the first time that Dorn found itself face-to-face with a security issues, earlier unprotected laptop was stolen. According to the reports, patient names, birth dates, weight, race, respiratory test results and partial Social Security numbers (last four digits) were all included on the pulmonary testing lab laptop. Till date, laptop is not recovered.

Central Utah Clinic 31,677 patients suffers data breach

September 6th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Central Utah Clinic 31,677 patients suffers data breach

Central Utah Clinic notified all the patients affected by the data breach caused by the unauthorized entity access of its server. The letter by the clinic stated that the server held only a “limited subset of written imaging and radiology reports dated 2010 and earlier” and not a full set of patient data. But the server did contain patient names, dates of birth, Social Security numbers, addresses and phone numbers.

Central Utah Clinic said that it has alerted regulatory authorities regarding the breach and beefed up the security by hiring security services firm to help with internal access monitoring.

“Protecting our patients’ information from exposure of any kind beyond what is needed for treatment, and particularly from cybercriminal activity, is a key focus at Central Utah Clinic, and we take full responsibility for this incident,” said Scott Barlow, Central Utah Clinic CEO. “These attacks are an unfortunate aspect of information technology and modern healthcare is not immune from this. It is important to understand there is no indication that any of our patients’ personal information was viewed or copied. Regardless, we are committed to transparency and working with our patients to mitigate possible effects of this occurrence.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Duke University Health System breached due to stolen thumb drive

September 4th, 2014 by admin No comments »
Duke Chapel, a frequent icon for the universit...

Duke University Health System breached due to stolen thumb drive

Duke University Health System suffered data breach when thumb drive was stolen from an administrative building by an unauthorized person. According to the reports, an unknown number of patients treated in the Duke Children’s Health Center and Lenox Baker Children’s were affected by the breach.

After the incident, Duke conducted investigation which revealed that thumb drive held spreadsheets with patient names, medical record numbers, physicians’ names, and some Duke University Hospital locations visited. No Social Security numbers, clinical data or financial data were involved.

According to the Duke University Health System website statement:

We have no reason to believe that the information on the thumb drive has been used in any way.  However, out of an abundance of caution, we began notifying patients on August 29, 2014 and have established a dedicated call center to answer any questions that potentially affected patients may have.

We deeply regret any inconvenience this may cause our patients.  To help prevent something like this from happening in the future, we are enhancing our encryption processes and re-enforcing staff education on the use of encryption and the importance of handling patient information secure.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

AltaMed Health Services suffers data breach

September 2nd, 2014 by admin No comments »
Folder, blue

AltaMed Health Services suffers data breach

Sensitive data was potentially breached when an employee stole patient records in an apparent identity theft ring from AltaMed Health Services. According to the reports, 2,995 patients’ were affected by this breach. AltaMed offers a variety of healthcare services and temporary employee should not be given access to patient medical records.

Law enforcement, which was conducting an investigation of the breach informed AltaMed about the breach. Agency has a hard drive that’s believed to hold patient records. Temporary employee working with AltaMed has accessed electronic and paper records and affected patients include those who attended one of its community events in Orange and Los Angeles Counties.

The date breached includes patient names, email addresses, telephone numbers, Social Security numbers, provider information, insurance information, dates of birth, and addresses. “The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again,” The statement said.

AltaMed notified patients, California Department of Public Health, the California Attorney General’s office, and the Department of Health and Human Services (HHS).

Excerpts from the AltaMed Website Statement:

As part of its ongoing commitment to privacy and data security, AltaMed Health Services is issuing this updated website statement notifying affected individuals of a recent incident that may affect the security of their personal and protected health information. The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again. 

The organization launched an internal investigation into the matter to determine what AltaMed records this individual may have accessed during her employment.  The organization retained information privacy and data security legal counsel to assist with its investigation. This investigation is ongoing.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Possible Credit Card breach in Dairy Queen

August 30th, 2014 by admin No comments »
2007–present, notice that the curved lines are...

Possible Credit Card breach in Dairy Queen

U.S. Secret Service had earlier alerted Dairy Queen for a possible data breach related to the Backoff point-of-sale malware. According to the reports, Dairy Queen acknowledges that “customer data at a limited number of stores may be at risk.”

“We are gathering information from a number of sources, including law enforcement, credit card companies and processors,” the company told as they don’t know the affected number of locations.

At one credit union in the Midwest, more than 50 customers suffered with credit card fraud soon after using their credit and debit cards at Dairy Queen locations.

Dairy Queen spokesman Dean Peters  that the company has no policy in place requiring that franchisees notify Dairy Queen in the case of a security breach. “At this time, there is no such policy,” Peters said. “We would assist them if [any franchisees] reached out to us about a breach, but so far we have not heard from any of our franchisees that they have had any kind of breach.”

“Franchise owners and operators will have a harder time locating malicious software — those equipped to detect, contain, and eradicate miscreants from their systems are the exception, not the rule,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Memorial Hermann Health System reports data breach

August 28th, 2014 by admin No comments »
MSI laptop computer

Memorial Hermann Health System reports data breach

Memorial Hermann Health System has hit by internal data breach caused by employee who gained unauthorized access to the organization’s electronic health record (EHR) system over a six and half year. Employee gained access to patients’ names, addresses, medical record numbers, dates of birth, health insurance information, and, in some instances, Social Security numbers.

According to the reports, financial data such as credit card or bank information wasn’t involved in the breach.  Memorial Hermann Health System brought in outside forensics experts and suspended the employee’s access to patient records.

According to the Memorial Hermann Health System notification:

We value patient privacy and deeply regret any inconvenience this may have caused our patients.  Although privacy training is in place for all employees, Memorial Hermann continues to investigate and to review its privacy policies and practices in an effort to prevent something like this from happening in the future.

Organization has notified the affected patients and working on the process. To stop such kind of breach access controls should be monitored properly and only authorized employees should be able to view the Protected Health Information (PHI).

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Get it right, Encryption for your Organization

August 26th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Get it right, Encryption for your Organization

Recent incident of whistle-blower Edward Snowden’s revelations creates confusion over authenticity and workability of many encryption products. Choosing right encryption software provider is the key for data security for your organization. Below are some tips and techniques to choose right encryption software:

  • Random number generators are important. They play a role in the creation of digital certificates.
  • If numbers are predictable then it causes breaches due to easy access to secure codes.

Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says organizations should stop using older encryption algorithms like the deprecated DES (Data Encryption Standard), and even its relative Triple DES, which is simply DES applied three times to each data block.

“In the last 30 years, no one can prove that the NSA did more than influence minor changes in their development. The bottom line is that in most cases the NSA appears to have actually improved the math.”

Longest Encryption Keys

“Today AES 128 is strong, but I say go to 512 or the highest key strength you can implement using what you have today,” he says.

Encrypt in Layers

“I say if there is a way to encrypt, then encrypt. That means in your database encrypt each field, each table, then the whole database. You have to make it so hard for an attacker that it is not worth the effort,” he advises.

Secure Encryption Keys

“If you can implement an encryption system where you control the keys to the data stored in the cloud, then that is going to be much more secure,” says Dave Frymier, chief security officer at IT services company Unisys. Devices such as cloud encryption gateways that handle the encryption to and from the cloud automatically can help companies achieve this sort of security.

Encryption Implementation

“In practice it is very hard to implement an encryption system as it has many moving parts, any one of which can be a weak point,” says Ramon Krikken, an analyst at Gartner. “You have to do a great deal of due diligence to make sure that your encryption implementation is done right.”

External Factors

External factors over which companies have very little control can compromise the security of encryption systems and needs to secured.

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Advanced Evasion Techniques

August 24th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Advanced Evasion Techniques

What is Advanced Evasion Techniques?

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won’t be recognized by an intrusion detection system.

Advanced Evasion threat can cause severe damage even to the secured organization:

  • It can breach many firewalls and avoids detection
  • It inserts malicious code by slicing and dicing it into bits and pieces that arrive by different paths
  • It re-assembles on an endpoint to gain access
  • AETs are quite successful for the most part, evading the technologies deployed by next generation firewalls (NGFWs)
  • Targets intellectual property and financial resources
  • Goes unnoticed until long until the damage is done
  • Mcfee claims that most firewalls are only capable of blocking less than 10 percent of known AETs and the majority of malicious code delivered using AETs slips by unnoticed.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Unencrypted laptop theft in Cedars-Sinai

August 22nd, 2014 by admin No comments »
English: View of North and South Towers of the...

Cedars-Sinai Medical Center in Los Angeles suffered data breach

Cedars-Sinai Medical Center in Los Angeles suffered data breach when an unencrypted laptop was stolen. According to the reports, incident has compromised more than 500 patients’ data. Laptop contained information which included protected health information (PHI) such as medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as some patient social security numbers.

Laptop was stolen from employee’s home and the whereabouts are still unknown. Cedars-Sinai removed remote access to its network from the laptop and is notifying affected patients via letter. Medical center has organization-wide device encryption policy in place.

“Cedars-Sinai retained independent experts in computer forensics to manually and electronically review the files that may have been on the laptop at the time of the theft and to identify any Cedars-Sinai patients whose information may have been stored on the stolen device,” the statement read. “This investigation is ongoing.”

Earlier, encryption software was not installed when laptop’s operating system was updated and thus resulted in policy violation.

“Cedars-Sinai takes the security of our patients’ health information very seriously, and has multiple security safeguards in place to protect health information,” said David Blake, Cedars-Sinai’s chief privacy officer. “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Major US banks suffered data breach due to Russian hackers

August 20th, 2014 by admin No comments »
Laptop icon

Major US banks suffered data breach due to Russian hackers

JPMorgan Chase and other bank were breached by Russian hackers who stole gigabytes of sensitive data which includes savings and checking account information as well as information on bank employees.

Highlights of the incident:

The FBI is investigating whether the attacks may have been launched in retaliation for U.S. government sanctions

“Russia has a policy of reactionary attacks in relation to political contexts,” iSight Partners manager John Hultquist told Bloomberg. “When it comes to countries outside their sphere of influence, those attacks would be more surreptitious.”

At least five banks were hit

“Companies of our size unfortunately experience cyber attacks nearly every day,” JPMorgan spokesperson Patricia Wexler told the Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

Breach was accomplished either via a zero day exploit or via the exploitation of an unsecured employee to access

“At the end of the day, serious attackers, not just cyber punks who try to steal credit card information, will go to great lengths and spend immense amounts of money in order to reach their target, employing not only lessons learned from online criminals over the last 20 years but also decades worth of espionage and social engineering tactics,” Kujawa head of malware intelligence at Malwarebytes Labs said. “The best defense against these attackers is to fortify cyber defenses on every front, the education and access control of any users and finally an awareness and preparedness for any and all attacks that might be encountered.”

Very few enterprises are sufficiently equipped to defend themselves

“In fact, I would say that more than 90 percent of all organizations are completely vulnerable; they simply do not have the tools or the staff to deal with this kind of attack,” Triumfant CEO John Prisco said.

War-game’ on an ongoing basis to make sure new vulnerabilities aren’t missed

“The next stage in the arms race, for both attackers and defenders, is automation — not just searching for gaps, but figuring out the consequences of those gaps, in much the same way that generals study a battlefield before the battle starts,” RedSeal Networks CTO Mike Lloyd said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Lawsuit filed against Xerox

August 17th, 2014 by admin No comments »
English: Brown Heatly Building in Austin - Has...

The Texas Health and Human Services Commission (HHSC) recently filed a lawsuit against Xerox

The Texas Health and Human Services Commission (HHSC) recently filed a lawsuit against Xerox. The action was taken because Xerox hold back patient documents while working as a state’s former primary Medicaid claims administrator. Xerox motioned for a protection order, arguing that it needed the records for its defense.

“There is a legal process for the company to get any records it needs for the lawsuit, but instead Xerox has chosen to put information of Medicaid clients at risk and force the state to take court action to protect those records,” said Texas Health and Human Services Executive Commissioner Kyle Janek.

HHSC recently terminated the Xerox contract. HHSC said documents included client names, photographs, birth dates and medical and billing records. Texas had previously requested that Xerox turn over the Medicaid patient documents. HHSC also has concern over storage or security of the data, other than what the company has admitted in court.

“Xerox has admitted that it has the information and it’s being stored by its lawyers and at least one other company,” Janek said. “They have refused to tell us exactly what information they have, who has access to the information and what’s being done to protect it. We don’t know anything about the security of the servers now housing the information, staff training, background checks, nothing.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare sub contractor fails to secure server

August 13th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Healthcare subcontractor may have compromised up to 570 patients’ data

Healthcare subcontractor may have compromised up to 570 patients’ data due to recent data breach. At this point name of the sub contractor is not known. According to the reports, sub contractor inadvertently failed to secure a computer server containing patient account information.

Breached information includes patient invoice numbers, charge amounts, balance due, policy numbers and billing-related status comments. It was noticed that Social Security numbers and medical records were not part of the breach.

Free patient identity protection services for affected patients are offered by the physicians. According to the HIPAA Omnibus Rule more responsibility falls on sub contractor to help out with breach notification and other breach-related activities. Terms and status of HIPAA business associate agreement (BAA) is not known.

“There is no indication that personal information has been acquired or used,” the company said. It is not known whether any people in or around Guilford County were affected. A company spokeswoman did not immediately return a request for comment.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

- See more at: http://blog.alertsec.com/#sthash.GEAE5nsG.dpuf

Data breach in Children’s Mercy Hospital

August 10th, 2014 by admin No comments »
English: Picture taken from the Liberty Memori...

Children’s Mercy Hospital of Kansas City, Mo. suffered data breach due to inaccuracy in online scheduling application.

Children’s Mercy Hospital of Kansas City, Mo. suffered data breach due to inaccuracy in online scheduling application. Mercy has informed around 4,076 employees’ about the breach. Application was used by the Mercy two years ago to enroll employees and spouses onto its wellness program through StayWell Health Management.

Affected data includes employee names, home and email addresses, phone numbers and dates of birth. No Social Security numbers or financial data were included. It’s unknown at this time how the data was breached.

“We do not believe that affected individuals are at risk for identity theft, and we do not believe individuals need to take action due to the non-sensitive nature of the information,” Melissa Gilkerson, a StayWell spokeswoman said.

StayWell has provided them with the number to a telephone helpline. So far, the helpline has received about 23 calls. The data was stored by a vendor used by StayWell. When company became aware of the breach, it immediately removed data from the affected system, StayWell said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Chinese hackers use malware to access data

August 6th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

Community Health Systems, Inc. reported data breach

Community Health Systems, Inc. reported data breach which affected 4.5 million patients which was cause by Chinese hacking into the computer network using malware. Patient data includes names, addresses, birth dates, telephone numbers and Social Security numbers, but no credit card or medical data were involved. Community Health Systems manages 206 hospitals across 29 states and is among the largest publicly-traded hospital companies in the U.S.

Highlights of the data breach –

  • It was HIPAA violation so organization is alerting all 4.5 million affected patients.
  • Organization is providing free identity-theft protection services.
  • Chinese “Advanced Persistent Threat” group was the culprit.
  • The group was able get through Community Health’s network security with advanced malware.
  • Organization will update its network security to avoid future attacks.

According to the statement:

Since first learning of this attack, the Company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack. The Company also engaged Mandiant, who has conducted a thorough investigation of this incident and is advising the Company regarding remediation efforts.

The Company carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature. While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time, the Company does not believe this incident will have a material adverse effect on its business or financial results.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Onsite Health Diagnostics suffers data breach

August 4th, 2014 by admin No comments »

Onsite Health Diagnostics (OHD), a Tennessee government subcontractor, suffered data breach when its scheduler was accessed inappropriately. OHD has notified the affected local government employees about the breach. According to the reports, online scheduler was accessed by unknown entity.

Around 60,582 employees’ data, such as name, date of birth, address, email address, phone number and gender was accessed. Information related to financial information, Social Security numbers or medical data was not included in the breach.

According to the OHD statements:

OHD and investigating authorities are unaware of any identity theft related to this incident, but out of an abundance of caution, OHD has mailed letters to the affected health plan members to ensure that they are aware of the incident and can take steps to protect their information. OHD will provide one free year of identity theft protection to affected group health plan members.

While this information did not contain any diagnosis or medical information, the state has determined that, because it is related to our members’ health benefits, the disclosure of name, address, email address, phone number and gender does fall under the HIPAA definition of a breach of protected health information. The state has notified the Secretary of HHS of a Breach of Unsecured PHI.

After the breach, OHD has collaborated with experts to determine the flaws in the system. It was also observed that OHD had implemented new procedures and systems for more secure operations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

CD containing sensitive information goes missing

August 2nd, 2014 by admin No comments »
English: Looking north from Jersey Avenue at J...

CD containing sensitive information goes missing

Jersey City Medical Center recently notified a Medicaid patient data breach that occurred as United Parcel Service (UPS) failed to deliver an unencrypted CD with patient data on it. The CD contained unknown number of Medicaid patients’ names and some Social Security numbers.

For some patients information like date of birth, medical record number, gender, and information on visits to the Medical Center: admission and discharge dates, inpatient or outpatient status, number of days care was received, dollar amount of Medical Center charges incurred for care, name of health insurance payer(s), amounts paid by patient or insurers, and/or general type of claim and/or revenue code was present on the CD.

CD was supposed to be couriered at Jersey City Medical Center. The location of the CD remains mystery as no one knows where it is currently. According to the reports, Barnabas Health system will be offering one year credit monitoring.

“While UPS has no evidence that personal information has been made available to any unauthorized parties, or misused in any way, patients are being advised to be aware of any suspicious activity and to monitor their credit reports and financial accounts.” The notification letter, signed by Shani Newell, Privacy Officer says.

Facts related to this incident are –

  • There was a breakdown in protocols to locate and find lost packages.
  • Medical Center reviewed its incident prevention technology to avoid future instances of breaches.
  • Medical Center will attempt to encrypt patient data henceforth
  • Medical Center has since changed its policies to no longer send unencrypted CDs with patient information

“We have followed up extensively with UPS regarding this incident, attempting to ensure that UPS has followed all of its internal procedures designed to locate missing packages.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Riverside Health System suffers identity fraud

July 30th, 2014 by admin No comments »
http://openclipart.org/clipart/people/magnifyi...

Riverside Health System suffers identity fraud

A non-profit healthcare organization, Riverside Health System has declared identity fraud which happened back in 2012. According to the reports, former Riverside Health employee, T’sha Riddick, was involved in a medical identity fraud scheme. She stole credit card information from 13 cancer patients from Cancer Specialists of Tidewater, Virginia.

Information was not available about the way she got the information but it is observed that she has medical fraud history. She was convicted on two counts for identity theft 9 years back in North Carolina.

“Keeping patient information protected is vital at Riverside,” Riverside spokesman Peter Glagola said in a release. “We are looking at ways to improve our monitoring program with more automatic flags to protect our patients.”

Information which caused the breach includes cancer patient’s credit card data and Social Security numbers.

Riverside runs following facilities –

  • Five Hospitals – Facilities in Newport News, Riverside Regional Medical Center.
  • Three specialty hospitals – medical group, surgery centers, retirement communities and home-care services.

Riverside has to do following work for better security –

  • Investigate the way of accessing the information by Riddick
  • Review employee policy
  • Update technology to allow specific access to authorized personals.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Marketing firm acquires patient names and address

July 28th, 2014 by admin No comments »
A portion of downtown Fargo, North Dakota as v...

Marketing firm acquires patient names and address

In an unprecedented event, Essentia Health of Fargo, North Dakota, has suffered data breach due to educational event. A marketing firm was able to access 430 patient names and addresses without their consent. Incident occurred when someone from the Essentia gave portable device containing patient data to the firm, Get Marketing. Essentia chief compliance and privacy officer Vicki Clevenger maintained that no patient medical data had been compromised.

“We have also taken the appropriate actions according to our policies and have provided additional education to the staff members involved to prevent future occurrences,” Clevenger said to inforum.com. “There was no additional information shared, including no medical and clinical information,” Clevenger added.

When Essentia was sending patients information to a free educational event that offered new procedures for those dealing with lower back pain, the breach occurred. In all 70 patients attended the event, but Essentia did recognize that a breach had occurred when the event was being promoted. Jodine Wien, a Moorhead patient, complained to Essentia when she found that her name and address had been given to Get Marketing that was involved in sending out the invitations.

“I’m a little angry at Essentia,” Wien said Monday, adding that she was displeased with the health provider’s initial responses to her complaint. “I was treated completely rudely and nobody wanted to say anything.”

Essentia determined that patients’ names and mailing addresses were “erroneously” released to Get Marketing, which was “engaged and paid by a medical device manufacturer, not Essentia Health,” Clevenger wrote Wien.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Indian Health Services folder causes data breach

July 27th, 2014 by admin No comments »
English: Indian Health Service logo (made by m...

Indian Health Services folder causes data breach

Indian Health Services (IHS) suffered data breach when an employee mistakenly left a folder out in a public area. According to the reports, the incident related information can be provided as –

  • All together 620 patients were affected by the incident.
  • Folder contained information which includes patient names, Social Security numbers and enrollment information.
  • Indian Health Service Rosebud Service Unit sent out breach notification letters to the affected clients.
  • Information was not for the reason behind the presence of folder in Rapid City.
  • According to the IHS, information is not misused or accessed inappropriately.
  • IHS has agreed to improve its HIPAA privacy and security training among employees.

The most common question heard and the one that need to be answered is: “Why was that information in Rapid City to begin with?

William Bear Shield, the chairman of the Rosebud Sioux Tribal Health board and a veteran of Desert Storm said, “I represent a community in Gregory County, 90 miles east of Rosebud, so what was my information doing up there?” He said. “Why was it in possession of an individual in Rapid City?”

Bear Shield said he asked employees at the Rosebud Service Unit why information was in Rapid City, but he said no one would give him a straight answer.

“How can I know if someone didn’t find that information and write down my Social Security number and just wait a year before using it?” he asked.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Browsers under attack

July 26th, 2014 by admin No comments »

Hackers have focused their attacks on browsers which ultimately has common theme for benefiting from the end users. As old versions of the Java Runtime Environment (JRE) are typically now blocked in the browser by default, Java applets require explicit activation from users.

Bromium Labs researchers said, “so this attack vector becomes harder and harder to leverage” and “It’s evident that attackers continue to shift focus in between ubiquitous internet facing applications, but there’s a common theme throughout – attacking the end users.” It leaves hackers looking to other popular applications to exploit.

According to the reports by the lab, Microsoft’s IE was one of the most patched and one of the most exploited applications in 2014′s first half, targeted more often than Mozilla’s Firefox, Google Chrome, Java, Adobe Flash, Adobe Reader or Microsoft Office.

The lab also mentioned different techniques used in the attacks which are given below –

  • Zero day techniques in which attackers used Adobe Flash to launch action script virtual machine (ASVM) attacks.
  • Action script spray facilitates the use of return-oriented programming (ROP), which allows attackers to execute malicious code in the presence of security defenses

“This technique leverages the way dense arrays are allocated in memory,” wrote Bromium researchers. “If a vulnerability allows an attacker to control the size of a vector, they could make it as big as the whole memory space and then search for the necessary API calls and ROP gadgets.”

“Traditional heap spray was supposed to deal with early address randomization techniques implemented in various operating systems. Nowadays defenses are much more sophisticated. Malicious code must ‘know’ addresses of crucial libraries and API functions in order to execute,” said Vadim Kotov, Bromium’s senior security researcher. “Actionscript spray provides this ‘knowledge,’ while its ancestor doesn’t even address this issue.”

“Action heap spray — as well as traditional heap spray — is merely an instrument to exploit security vulnerabilities,” Kotov said. “If you want to reduce the probability of being compromised, you need to have reasonable patching policy and invest in protection software.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two men stole an unencrypted laptop

July 25th, 2014 by admin No comments »
MSI laptop computer

Two men stole an unencrypted laptop

Self Regional Healthcare of Greenwood, S.C. is affected by data breach when two men stole laptop during memorial weekend. It was not clear how many patients were affected by this incident. As per the data, Self regional Healthcare serves around 250,000 patients.

Self regional has notified South Carolina Department of Health. According to reports the patients affected stands around 500 and the records included patients’ names, Social Security numbers, driver’s license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information, and possibly addresses.

Self Regional posted a notice on its website, with comment from President and CEO Jim Pfeiffer

Self Regional takes the security of our patients’ personal information very seriously . . . We retained third-party computer forensic experts to assist with the investigation of this incident, even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop. Because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients’ protected health information.

The two thieves were caught later and one told to the police during the briefing that laptop was thrown in the lake which authorities failed to trace. The act of thief appears to be general theft and not targeted attack for information contained on the laptop. Laptop was unencrypted and pose a threat for the patient’s whose information was present on the laptop.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

- See more at: http://blog.alertsec.com/#sthash.EXcVYngp.dpuf

What is Use-After-Free Memory Risk?

July 19th, 2014 by admin No comments »
Laptop icon

What is Use-After-Free Memory Risk?

Recent updates from the Microsoft, Google or Mozilla shows use-after-free memory errors. Attackers take advantage of vulnerabilities in allocated memory and inject virus or arbitrary code to extract information.

“It does take a lot of knowledge and sophistication,” Karl Sigler, manager, SpiderLabs Threat Intelligence at Trustwave said. “But of course it only takes one researcher to make the discovery, and then everyone else can just copy the research. We’re seeing more use-after-free memory attacks than we ever have before,”

Evolution of attacker methods

It’s not that easy to hack free memory space and install arbitrary software. It requires certain level of sophistication.

“It can take some ninja-fu, it’s not brain dead easy,” Sigler said.

As said earlier, one research to exploit leads to many attacks using same techniques. Researchers make vulnerability exploitable using a technique known as return-oriented programming (ROP).

“ROP has become the method of getting executable code onto the stack,” Stigler said. “ROP chains hop through memory looking for executable pieces of code they can chain through and eventually find a method of getting to run.”

How to reduce the risk

There are ways suggested to stop the attacks as given below –

  •  A Web application firewall (WAF) can be used in some cases to provide a network-layer protection.
  • Microsoft recommends the use of its Enhanced Mitigation Experience Toolkit (EMET) as a technology.
  • Application developers should strive to build better security into their apps.

“Developers should understand what their code is actually using in memory,” Sigler said. “If the program is freeing memory and still flagging it as being able to be used, the program should be able to control what the memory is used for. That would eliminate a lot of the vulnerabilities that attackers have.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Unresolved Network Events

July 12th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Unresolved Network Events

Survey was conducted for security issues by Emulex and the result shows that 73 percent of IT staff has unresolved network events.

“An unresolved network event is one in which the root cause has not been established and therefore the risk of reoccurrence has not been mediated,” Matt Walmsley, senior marketing manager at Emulex division Endace, told SC Magazine. “These events are still unresolved because these IT pros do not have access to the right post-event forensics tools.”

Key highlights of survey are given as below –

  • Eighty-seven percent of respondents mentioned that they had reported the root cause of a network or security issue to their management but didn’t have the necessary information required to be completely accurate in their assessment.
  • Thirty nine percent mentioned that it occurred at least a few times.
  • Forty five percent of IT staff mentioned that they monitor network and application performance manually instead of using network monitoring tools
  • Eighty three percent said there has been an increase in the number of security events they’ve investigated in the past year
  • Eight one percent of security operations role mentioned their organization has experienced a network security breach.
  • Twenty-seven percent of network breaches were found through manual searches and user reporting without the use of alerting tools.
  • Seventy percent of network operations role have experienced a critical network event that took at least one full business day to diagnose.
  • More than half of U.S. counterparts said network outages or performance degradations cost their organizations more than half a million dollars in revenue per hour.

“IT is facing new challenges related to the growing use of software-defined networking, virtualization and higher performing networks, as well as increasingly more sophisticated attacks on company IT assets,” Emulex senior vice president of marketing Shaun Walsh said in a statement.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

St. Joseph Health’s patients’ data stolen

July 10th, 2014 by admin No comments »
English: A Sandisk-brand USB thumb drive, SanD...

St. Joseph Health’s patients’ data stolen

St. Joseph recently took over Regional Medical Group’s imaging center and recent data breach shows example of what can happen after transition. Total of 33,702 patients were affected by this breach. A thumb drive was stolen from employee’s locker which was not locked during the incident. Information related to Encryption status of the thumb drive was not available.

Affected data due to breach includes patient names, gender, medical record numbers, date of birth, date and time of service and X-ray details. Affected patients were treated with X-ray services. The data was restricted to X-rays only. No other imaging exams — such as mammograms or MRIs — were included on the drive.

The stolen thumb drive did not contain information on specific illness or patient diagnoses nor did it include any patient financial information, including insurance data or Social Security numbers.

“We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County, to the Democrat. “We apologize to those patients affected and have already implemented a number of security measures and other protocols so that this doesn’t happen again.”

Salnas also added that St. Joseph would be putting new procedures in place to boost physical security, such as using new security personnel, improving employee awareness and implementing a new alarm system.

“We are in the process of standardizing the records from Redwood Regional Medical Group to St. Joseph,” said Salnas. “Not only the data but procedures and policies, which we’re still in the process of completing.”

 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Montana Health Department hacked

July 8th, 2014 by admin No comments »
English: Butte, Montana, USA

Montana Health Department hacked

Montana Department of Public Health and Human Services is notifying public program clients and employees about data breach due to recent incident of server hacking. Montana hired an investigator and confirmed that their server was inappropriately accessed. The server had sensitive information which included state public assistance data such as food stamps, welfare payments, Medicaid, home heating aid and child-care assistance, birth records and some state employee information. It was also found out that there may have been clients’ names, addresses, birth dates, Social Security numbers and health records.

As protected health information (PHI) was involved in this breach, Montana may initiate conversation with the Department of Health and Human Services (HHS). Montana’s state CIO, Ron Baldwin, told the Gazette that this was a first-time breach and that an outsider found a software vulnerability prior to the department being able to patch it, leading to the server hack. “This is not unique to Montana, it’s not unique to state government,” he said. “All states, all major businesses are experiencing these (attempts) every day, every month, every year … and they come from all over the world.”

Montana Department of Public Health and Human Services director Richard Opper suggested that the hackers may have been involved with trading Bitcoins in some form. “Out of an abundance of caution, we are taking the necessary steps to reach out to those whose information may have been stored in the server,” he said to the Gazette. “DPHHS is committed to answering questions clients and employees may have, and to help them take advantage of services we are offering.”

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Indianapolis hospital sent letters with patient information

July 6th, 2014 by admin No comments »
English: icon for mailing lists

Indianapolis hospital sent letters with patient information

St. Vincent Breast Center of Indianapolis sent letters with patient’s information to the wrong addresses. The breach has caused St. Vincent to send alert to around 63,000 patients. Incident came to notice, when wrong recipients of the letters began calling hospital about the breach. Letters contained printed information which includes patient names, addresses and some scheduled appointments.

According to the St. Vincent there was no financial data or Social Security numbers involved in the incident. Hospital destroyed the letters which were sent by the patients. But the number of sent letter remains unknown.

“We value the privacy and security of patient information, and regret this mailing error,” Rex McKinney, privacy officer for St. Vincent Indianapolis Hospital, said to wishtv.com. “It is our priority to support those who have been affected and make the necessary changes to our patient mailing process to avoid future occurrences. We sincerely apologize for any inconveniences resulting from this unfortunate incident.” McKinney added that the organization will implement new patient information mailing strategies going forward.

Statement on St. Vincent Breast Center website includes:

Please be assured that the Center is taking steps to mitigate this incident by notifying affected individuals through this substitute notice, media notice, and destroying all letters that have been returned. The Center is also evaluating and making changes to its patient mailing processes internally and with external vendors to avoid an incident of this nature in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

The Alabama Department of Public Health faces data breach

July 4th, 2014 by admin No comments »
Seal of the Alabama Department of Public Healt...

The Alabama Department of Public Health faces data breach

The Alabama Department of Public Health (ADPH) has send out breach notices for more than 500 patients. According to the reports, the affected includes patients treated at one of Alabama’s 65 county health departments. Patient’s personal information and identities were compromised due to this incident.

Data compromised includes clients’ names, dates of birth, and Social Security numbers from ADPH, as well as several other entities. Privacy Officer Samarria Dunson, “[w]e believe now that it is possible they may have been former employees, but we are still participating in the investigation. It would be particular records that were printed out by individuals.”

ADPH released a statement saying it was informed on June 5, 2014 that the U.S. Attorney’s Office for the Middle District of Alabama and the U.S. Department of Justice’s Tax Division that they were prosecuting a case of theft involving personal information.

“We believe now that it is possible they may have been former employees, but we are still participating in the investigation,” Alabama Department of Public Health Privacy Officer Samarria Dunson.

“It would be particular records that were printed out by individuals,” Dunson said.

Dunson says victims range in age, but most were young adults.

“They were born mostly in the year of 1996 which would make then 18 now. Unfortunately that seems to be a group of people that these type of criminals really go after maybe because they are not filing tax returns right now or really keeping up with their credit score,” Dunson said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Child Vaccination records stolen

July 2nd, 2014 by admin No comments »

Cryptographically secure pseudorandom number g...

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen.

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen. According to reports, number of child patients stands at 300 whose vaccination information was present on the laptop. Information on the laptop included patients’ last names, dates of birth, doctor identifier and immunization names.

“Metro Health takes the privacy of individual health information seriously and is reviewing all practices and policies associated with the handling and transport of protected health information,” a spokeswoman said to woai.com.  “While the likelihood of harm from this breach is minimal, those affected by this theft are being individually notified and advised to monitor their health insurance statements closely for any unusual activity.”

Metro Health’s site fails to explain the laptop location at the time of the theft. Also it has been come to the notice that laptop which contained vaccination records from the Vaccines for Children program, has not been recovered.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Neurodiagnostics centre notifies patients of data breach

June 29th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Neurodiagnostics centre notifies patients of data breach

Colorado Neurodiagnostics of Littleton, Colo. has notified an unknown number of patients after data breach. According to the reports, laptop was stolen from the office which contained Protected Health Information (PHI).  The information which was comprised includes patient names, dates of birth and clinical information but there were no Social Security numbers or financial data.

It was also noticed that laptop was password protected but the status of encryption was not known. The theft was reported to the Littleton Police and the federal Office for Civil Rights. Colorado Neurodiagnostics is offering affected patients identity protection services. Also, patients are also encouraged to closely monitor financial accounts and, if there is any suspicious activity

According to the organization, they will use security cameras and boost security training among employees. Furthermore to boost the security they should verify the status of encryption software on laptop.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

NRAD suffered PHI data breach

June 27th, 2014 by admin No comments »
Desk full of laptop computers

NRAD suffered PHI data breach

NRAD medical associates situated in Garden City, New York suffered data breach due to unauthorized access of the data by one of its employee. NRAD has informed around 97,000 patients which were affected by this breach. According to the reports, internal employee accessed protected health information (PHI) and patient billing data back in April 2014. Information included date of birth, address, Social Security number, and health insurance information.

The employee working as radiologist was able to pass IT security safeguards in place and accessed information. NRAD said that it “immediately enhanced security measures” and doesn’t believe any of the compromised data was used maliciously. “We believe there is very low risk from this event and the data breach has been contained. We have no evidence that any customer financial or credit card information was involved,” the organization said, according to the report. They do not indicate when the breach occurred or how it was discovered.

In response to the discovery, NRAD “immediately implemented enhanced security measures,” and recommended that patients contact one of the three major credit bureaus to place a fraud alert on credit reports. In the FAQ, they state that the radiologist is “no longer employed at the practice and his misconduct was reported to the appropriate authorities and government agencies for investigation.” The breach was also reported to HHS.

According to the NRAD:

In terms of the scope of the breach, NRAD reports that it affects approximately 97,000 current and former patients, which they state is approximately 12% of the more than 800,000 patients they have treated over the past 20 years. It was not clear from their letter whether all 800,000 current and former patients’ information was still in their billing system (and if so, why).

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Tools for Compliance management which can boost security

June 24th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Tools for Compliance management which can boost security

HIPAA has certain set of rules when it comes for compliance management. Compliance requirements are many times seen as an unnecessary burden but if proper procedures are followed then it can protect your organization even from data breach. Moreover it can also protect you from lawsuits to corporate espionage. The risk associated with compliance failures can include financial impact or fines, data loss, lost business or even a suspension of operations.

Below is the list of compliance management tools -

  • www.glpi-project.org: A free, open source tool, GLPI offers IT and asset management capabilities. After all, a good inventory is the first step in seeing what needs to be secured.
  • www.ptatechnologies.com: A free toolset that is driven by the methodology of effectively managing operational and infosec risks in complex systems using calculative threat analysis and threat modeling.
  • www.somap.org: The ORICO Framework and Tool are two projects in one, offering risk management and the toolset to build a reference implementation of a security framework.
  • sourceforge.net/projects/assetmng: An open source IT asset management system that provides identification, valuation and risk assessments.
  • http://openfisma.org : An open source framework that is designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

IT managers may need to build their own solutions and integrate off-the-shelf products with other solutions. Luckily for those choosing a path of self-development, several free tools can become part of an integrated solution.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Breach count reaches to 1.3 million for Montana DPHHS

June 22nd, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Breach count reaches to 1.3 million for Montana DPHHS

(DPHHS) have faced one of the largest HIPAA breaches in terms of number of affected patients. Total count stands at 1.3 million due to server hack of DPHHS. Information is not available whether the hackers used patient data maliciously or accessed it while on the server.

According to Montana, Server has the sensitive information which has patient demographic information, including names, addresses, dates of birth, and Social Security numbers. Also some records may have information regarding DPHHS services clients applied for and/or received, such as health assessments, diagnoses, treatment, health condition, prescriptions, and insurance. The incident extent came to light when DPHSS hired an investigator to know extent of breach.

“Out of an abundance of caution, we are notifying those whose personal information could have been on the server,” said DPHHS Director Richard Opper. “Again, we have no reports, nor do we have any evidence that anyone’s information was used in any way, or even accessed.”

Earlier Unknown computer hackers used malware to gain entry to a DPHHS server containing client and agency employee personal information. According to the reports, this incident should not impact DPHHS services as none of the information contained on the server was lost and has complete back-up of the information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Rady Children’s Hospital notifies patients of data breach

June 20th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Rady Children’s Hospital notifies patients of data breach

Around 14,121 patients were notified after data breach in Rady’s Children Hospital, San Diego.  Incident of data breach occurred due to human error when patient data was sent to job applicants. According to reports, hospital’s employee sent a spread sheet to unintended receiver.

Spread sheet contained sensitive information which includes patients’ names, dates of birth, primary diagnoses, admit and discharge dates, medical record numbers, and other insurance information. There were no Social Security numbers or financial data included in the files, Ben Metcalf, a hospital media relations representative said.

After the incident, hospital hired security experts to confirm the deletion of files from computers of job applicants. Security experts can also verify whether the files have been shared to know the extent of breach. When Rady conducted investigation on recent breach it was found that this type of breach occurred even in past when mail error exposed 6307 patients data

Rady said that it will begin using only onsite testing programs for job candidates, improve email security approval protocols and encryption methods and better educate employees on patient privacy requirements. Rady Children’s Hospital spends lots of time and money protecting its patient privacy and information from outside hackers. But error by an employee that recently exposed the information.

“Some families were upset,” said Kearns acting president of hospital. “But the vast majority understood that this is something that was not done purposely. This is something that was done on a human error.” Rady Children’s has notified county and state officials and will also need to report the breach to federal regulators.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New Dyre Banking Trojan

June 15th, 2014 by admin No comments »
Password 'fido' ...item 3b.. Five Characters i...

New Dyre Banking Trojan

A new banking Trojan also known as Dyre or Dyreza was discovered by Researchers at CSIS and PhishMe. It was found that this virus is designed to bypass SSL protection and steal banking credentials.

PhishMe researchers warned of this new malware, being delivered via phishing emails with the subject lines “Your FED TAX payment was Rejected” and “RE: Invoice.” The emails contain links to files on LogMeIn’s Cubby.com file storage service. “Since Dropbox has been quick to block phishing links, the attackers needed a new legitimate service,” noted PhishMe’s Ronnie Tokazowski.

Process of attack is as follow – Click on the link in the email, and you’ll download a zip file. If you open the zip file, and malware is installed, which monitors all of the victim’s browser traffic, including SSL traffic, with the aim of stealing and uploading online banking login credentials.

“[Bank credentials] should be encrypted and never seen in the clear,” Tokazowski wrote. “By using a sleight of hand, the attackers make it appear that you’re still on the website and working as HTTPS. In reality, your traffic is redirected to the attackers’ page. To successfully redirect traffic in this manner, the attackers need to be able to see the traffic prior to encryption, and in the case of browsers, this is done with a technique called browser hooking.”

Krause told Dark Reading that the malware seems to represent a new banker Trojan family, unrelated to the Zeus Trojan. “One of the biggest differences between Zeus and Dyre is how communication with the command-and-control infrastructure takes place,” he said. “With Zeus, data is usually encoded or encrypted, then passed back as raw binary data. With Dyre, the data is POSTed in the clear, making detection for enterprises with IDS capabilities very straightforward.”

But that may well change in the near future. “Since data is being posted back unencrypted, I believe this malware is only in its infancy, and we should expect more refinements from the malware author,” Krause said.

Kevin Bocek, vice president for security strategy and threat intelligence at Venafi, told eSecurity Planet by email that the threat from Dyre is being enabled at least in part by the blind trust too many users have in SSL/TLS. “In fact, 40 percent of mobile online banking applications are estimated to be vulnerable to man-in-the-middle (MITM) attacks without any cyber criminal effort,” he said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Round up : Last Month

June 12th, 2014 by admin No comments »


Cryptographically secure pseudorandom number g...
Data Breach Round up : Last Month

To get overview of recent data breaches, we are summing up the challenges and solutions to prevent information and credibility loss.  All the excerpts are part of communication with Rapid7 global security strategist Trey Ford.

Data Points

It’s crucial, Ford says, to ensure that everyone in your organization is fully aware of the sensitivity of the data they may be handling. “A lot of people are posting data, they’re moving things around – they’re just trying to do their jobs – and for a number of reasons they may not always be aware that, OK, this is a list, this is a database, and some of this data is sensitive,” he says.

While most companies are aware of the importance of protecting clearly sensitive data like Social Security numbers and credit card information, Ford says other data can easily slip through the cracks. “We’re in a culture where it’s been comfortable to give out your phone number, your email address, your mom’s maiden name – and we’ve forgotten that with just a few more data points, you can go through and start creating fraudulent accounts or purporting to be someone else,” he says.

“Attackers are going to be like water – they’re going to follow the path of least resistance,” Ford says. “So it may be that a lot of your core systems are very carefully measured, but you don’t get to wash your hands and shrug off liability when you give sensitive data to external companies.”

Breach Communication

Ford says the recent eBay breach serves as a good example of the importance of responding to a breach correctly. “EBay has historically very heavily invested in great technology, great people. They’ve had a very advanced security program, they’re very aggressive with their measurement strategy, they’re a metrics-driven security organization – and I’m confident that their internal response was actually very swift and well-executed internally,” he says.

Encryption is the answer

Finally, Ford says it’s frustrating to see data breaches resulting from the theft of unencrypted laptops and USB drives continuing to be an issue. “Encryption technology exists, it’s pervasive, every major operating system in production used today has it or has it available, and it’s not even terribly expensive,” he says. “The challenge lies in the fact that it’s hard to manage. There are concerns about, ‘What if the admin leaves, or what if we get locked out of something?’ – and those are valid concerns – but those problems have been solved, they’re addressable, and organizations not using encryption should be the exception, not the rule.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

St. Joseph Health’s patients’ data stolen

June 10th, 2014 by admin No comments »
Password 'fido' ...item 3b.. Five Characters i...

St. Joseph Health’s patients’ data stolen

St. Joseph recently took over Regional Medical Group’s imaging center and recent data breach shows example of what can happen after transition. Total of 33,702 patients were affected by this breach. A thumb drive was stolen from employee’s locker which was not locked during the incident. Information related to Encryption status of the thumb drive was not availale.

Affected data due to breach includes patient names, gender, medical record numbers, date of birth, date and time of service and X-ray details. Affected patients were treated with X-ray services. The data was restricted to X-rays only. No other imaging exams — such as mammograms or MRIs — were included on the drive.

The stolen thumb drive did not contain information on specific illness or patient diagnoses nor did it include any patient financial information, including insurance data or Social Security numbers.

“We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County, to the Democrat. “We apologize to those patients affected and have already implemented a number of security measures and other protocols so that this doesn’t happen again.”

Salnas also added that St. Joseph would be putting new procedures in place to boost physical security, such as using new security personnel, improving employee awareness and implementing a new alarm system.

“We are in the process of standardizing the records from Redwood Regional Medical Group to St. Joseph,” said Salnas. “Not only the data but procedures and policies, which we’re still in the process of completing.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Montana Health Department hacked

June 7th, 2014 by admin No comments »
VA Campus Staff Housing, Miles City

Montana Health Department hacked

Montana Department of Public Health and Human Services is notifying public program clients and employees about data breach due to recent incident of server hacking. Montana hired an investigator and confirmed that their server was inappropriately accessed. The server had sensitive information which included state public assistance data such as food stamps, welfare payments, Medicaid, home heating aid and child-care assistance, birth records and some state employee information. It was also found out that there may have been clients’ names, addresses, birth dates, Social Security numbers and healt

As protected health information (PHI) was involved in this breach, Montana may initiate conversation with the Department of Health and Human Services (HHS). Montana’s state CIO, Ron Baldwin, told the Gazette that this was a first-time breach and that an outsider found a software vulnerability prior to the department being able to patch it, leading to the server hack. “This is not unique to Montana, it’s not unique to state government,” he said. “All states, all major businesses are experiencing these (attempts) every day, every month, every year … and they come from all over the world.”

Montana Department of Public Health and Human Services director Richard Opper suggested that the hackers may have been involved with trading Bitcoins in some form. “Out of an abundance of caution, we are taking the necessary steps to reach out to those whose information may have been stored in the server,” he said to the Gazette. “DPHHS is committed to answering questions clients and employees may have, and to help them take advantage of services we are offering.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hershey Medical Center suffers data breach

June 4th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

Hershey Medical Center suffers data breach

Penn State Milton S. Hershey Medical Center notified around 1801 patients for the recent data breach occurred due to employee’s unauthorized access of clinical data. According to reports, particular employee working as a clinical laboratory technician used his personal computer to access protected health information (PHI).

The employee used removable storage device and personal email account while accessing information. Organization is working on improving internal education and training of employees on security best practices. According to release by Hershey medicals -

The employee was authorized to access and use this information because of his job at Penn State Hershey. However he worked on the test log at home using systems and devices outside the secured Penn State Hershey system—his personal computer, a removable storage device (a flash drive) to transport the log home to continue his work after hours and his personal email account to send the updated test log to two Penn State Hershey physicians.

Penn State Hershey considers patient privacy and confidentiality to be of the utmost importance and chose to notify patients of this incident out of an abundance of caution. To decrease the likelihood of similar circumstances occurring in the future, Penn State Hershey is increasing education efforts with employees, focusing on the essential responsibility of all staff to safeguard patient health information at all times and follow proper practices for doing so.

This incident exposed PHI which includes patient test logs from the organization’s women’s health and family practice clinician offices. However, no Social Security numbers or financial data were involved. Affected patients were treated from August 1, 2013 to March 26, 2014.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Connecticut based Access Health in the process of data breach notification

June 2nd, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Connecticut based Access Health in the process of data breach notification

The Connecticut state health insurance exchange, Access Health CT suffered data breach after its vendor’s employee lost a backpack. According to the reports, bag contained notepad having information which includes 413 handwritten names, 151 Social Security numbers, and an undisclosed number of birthdates.

“While we are still working to understand exactly why this person took the information out of the building, based on what we have learned so far it does not appear there was malfeasance on the part of this person,” Jason Madrak, Access Health’s chief marketing officer, said in a statement Sunday.

Access Health has provided one year free credit monitoring and also understanding cause and prevention of such incidents. It is in the process of notifying the affected patients about the breach. Count for affected patient’s stands at 413 according to initial reports.

“The attorney general takes matters of privacy and data security seriously,” Jepsen spokesman Robert S. Blanchard said in a statement. “Consistent with our practice in past breaches by other custodians of personal information, we reached out on Friday to Access Health CT regarding the incident and its plans to protect those potentially affected. We expect those discussions to continue as we seek to ensure that Connecticut residents’ privacy and personal information is protected. In particular, the office is seeking to determine how this incident occurred, what security procedures and policies were in place before the incident, and what is being done to reduce the risk of future breaches occurring.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

ProMedica Bay Park Hospital suffers data breach

May 29th, 2014 by admin No comments »
BGFJ0R (CYBER ATTACK) ...item 2.. Watching the...

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach.

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach. Protected Health Information(PHI) had been copied by the incident when employee inappropriately gained access to the information. Compromised data includes patient names, dates of birth, diagnoses, attending physicians, and medications. According to reports, Social Security numbers and financial data were not accessed.

“ProMedica Bay Park Hospital values patient privacy and deeply regrets that this incident occurred,” the organization said in a statement, reported by northwestohio.com. “The hospital is taking this matter very seriously. ProMedica immediately deactivated the employee’s access to patient information and the individual is no longer employed by ProMedica. ProMedica Bay Park Hospital has completed an internal investigation and is taking precautions to prevent any further health information breaches. This includes additional training for employees to ensure they understand and follow patient information access policies.”

It was revealed that previous employee accessed records of patients when not in directly under the employee’s treatment. The hospital said it will offer all affected patients a one-year membership for identity theft protection services, which includes a security freeze on their credit file, 90-day fraud alert notice, and free annual credit reports and other account statements.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Elliot Hospital’s four computer workstation gets stolen

May 27th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Elliot hospital suffered data breach when employee's car was broken and computers were stolen.

Elliot hospital suffered data breach when employee’s car was broken and computers were stolen. Elliot hospital notified 1200 patients of breach that occurred due to this incident. According to the reports there was no medical or financial data on the workstations and there was only one Social Security Number. The Elliot Hospital employee was apparently transporting the workstations from different Elliot locations.

Patients name were present on workstations. Also 20 emails on computer has data such as date of service, date of birth, address, telephone number and billing codes. Elliot conveyed that they have improved its security processes.

“It’s very important to keep in mind or to understand that this is not a situation involving the breach of electronic medical records,” John Friberg, senior vice president of Elliot Hospital said, according to reports. “In fact, none of the information involved any medical records. For instance, nothing on these four PCs related to any medical history of any patients.”

It is believed that no information has been misused till date. According to new practice, PCs will no longer auto-archive data in the individual hard drive and the data instead will be centrally archived.

Elliot also decided to encrypt it’s PCs.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

LA County heighten encryption policies after data breach

May 24th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

According to reports, LA County is in the process of boosting encryption policies which includes reviewing privacy and security procedures.

According to reports, LA County is in the process of boosting encryption policies which includes reviewing privacy and security procedures. Los Angeles County Department of Health Services (DHS) also initiated new efforts to boost security after recent data breach that affected 342,000 patients.

After the breach, DHS has taken following initiatives -

  • It will boost data security rules
  • Mandating encryption for employees laptops and computer workstation hard drives

L.A. county contractors that exchange patient data with the county must also encrypt the data in motion. Lisa Richardson, DHS spokeswoman, added that the Sutherland incident “alerted us to some necessary security measures.”

It is curious to learn about DHS’s encryption policies prior to the Sutherland breach and what other types of changes it made to safeguards as a result of the data breach.

Important : Health and Human Services (HHS) will be looking to ensure that organizations have encrypted devices containing protected health information (PHI).

It was observed that ideal scenario is not to include sensitive data on local desktop and laptops. But as this situation is difficult to achieve due to work requirements, it is advised to encrypt your devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

UCI notifies students of malware incident

May 22nd, 2014 by admin No comments »
English: no original description

UCI notifies students of malware incident

University of California Irvine (UCI) notified 1,813 students and some non-students affected by a data breach involving key logging software malware. Three UCI student health care computers were affected by the malware incident. The incident came to notice when UCI IT security office learned about the malware on computers.

Information compromised includes patient name and unencrypted medical information. It also potentially included health or dental insurance number, CPT code(s), ICD9 code(s) and/or diagnosis) and student ID numbers. The affected group also included non student’s information like patient ID numbers, mailing addresses, telephone numbers, amount paid for services received, and bank name and check numbers. Information may have been transmitted to unauthorized servers.

According to reports, UCI immediately disconnected the affected computers and made sure that no other components of network were affected.

UC Irvine regrets that your information may have been subject to unauthorized access, and we have taken and continue to take remedial measures to ensure that this situation is not repeated. UC Irvine is committed to maintaining the privacy of students’ and non-student patients’ personally identified information and takes many precautions for the security of personal and medical information. The University is continually modifying its systems and practices to enhance the security of sensitive information.

The university has no indication that the data have been misused.  The  number of patients affected was not reported.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Protect Personally Identifiable Information

May 20th, 2014 by admin No comments »
Desk full of laptop computers

Protect Personally Identifiable Information

Modern security systems rely on users’ personal information, also known as PII, or personally identifiable information, but a data breach can potentially lead to monetary as well as trust loss. So it is very important to protect information from falling into wrong hands.

PII data stands floating around internet, details can easily be cross-correlated, helping wrong doers to quickly put together accurate identity profiles to gain advantage out of information. With just few important aspects of information thieves can cause huge losses to companies or individuals.

Types of PII – static and dynamic

Dynamic PII data includes details like credit card and bank account numbers, email addresses and passwords

Fixed PII data, such as date and place of birth or a national ID number such as a U.S. Social Security number, is far more valuable.

Hacking causes nightmare to both service providers and users. It causes huge losses which stands around  at least $60 million (before insurance) in direct expenses. End users may also  suffer an increased risk of being hacked elsewhere.

Protect your PII –

Passwords:  Properly encode password hashes which should be extremely expensive to decrypt when a breach occurs.

Users: Shifting security data from the service provider to the end user can benefit everyone. Example is of security question where user can creates his or her own question.

Transparency – Increasing user activity transparency – such as providing the time and location of last login – gives extra tools to the user to detect intrusions.

Encryption – Install tools to fight hacking. Install encryption software on laptops and computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Another 3,497 patients added to data breach list

May 17th, 2014 by admin No comments »

English: Sutherland Hospital, Caringbah, New S...

Sutherland Healthcare has to add names of 3,497 patients in the list of data breach.

Sutherland Healthcare has to add names of 3,497 patients in the list of data breach. In April, Sutherland has already added 170,200 patients to the list of affected. Now new addition has increased the count to 342,000.

All the patients received Drug Medi-Cal services through the Department of Public Health. Though no Social Security numbers were included in the breach, patient names, addresses and billing information may have been compromised.

The incident dates back when eight computers were stolen from Sutherland’s Torrance, Calif. office. In the initial reports 168,000 patients were included in the affected list for whom patients’ first and last names, Social Security numbers and certain medical and billing information were potentially compromised.

The notification sent by Sutherland to patients assures them that the company takes “patient privacy very seriously,” but doesn’t notified whether it cared enough to encrypt the data.

The California Attorney General’s office likes encryption and noted in a report last year that more than half the 2.5 million victims of data breaches it surveyed in the state in 2012 would have benefited from its presence. Sutherland’s notice offered those affected free credit monitoring services through ID Experts. The final number on the Sutherland breach is as yet unknown, as they did not disclose how many other covered entities may have been affected by this breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

OCR dismisses group of activist’s HIPAA complaint

May 15th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

OCR dismisses group of activist’s HIPAA complaint

A group of activist, Change to Win (Ctw) had earlier filed a complaint with the Office for Civil Rights (OCR) after it found that patient’s privacy was compromised. OCR has officially completed its investigation into this Walgreens “Well Experience” program. After investigation it has dismissed the complaint.

Ctw has claimed that pharmacists were leaving the desks unattended and thus there were chances of exposing patient’s data. It was case of physical safeguards violation according to Ctw at the Walgreens “Well Experience” program. OCR has performed number of site visits and found as well as concluded that there was no reviewable evidence that Walgreens was missing the appropriate protected health information (PHI) safeguards.

But OCR gave some advice to Walgreens on patient’s consultation room and a screen containing patient’s name. It also recommended retraining of the employees in each store depending upon specific issues. The federal organization will provide Walgreens with technical assistance.

Upon completion of these on-site investigations, OCR found that Walgreens implemented the Well Experience specific safeguards in these stores and, further, these measures appeared to appropriately safeguard patient PHI. OCR noted that in the few stores where there was some evidence of staff error with regard to the implementation of safeguards, this was not evidence of widespread and systemic non-compliance, as the errors varied from store to store.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Boulder Community Health (BCH) investigating data breach

May 13th, 2014 by admin No comments »

BGFJ0R (CYBER ATTACK) ...item 2.. Watching the...

Someone mailed patients’ records to their homes to prove that Boulder Community Health (BCH) has lapses in security.

Someone mailed patients’ records to their homes to prove that Boulder Community Health (BCH) has lapses in security. It is one of kind of incident where context of breach is bizarre. BCH located in Colorado is investigating the incident. Earlier incidents include BCH notifying 178 patients when paperwork was missing. A different incident of BCH happened in which two unlocked recycling bins left 79 patients’ records exposed.

The letters which was sent out contained information of the records from the clinic sites on the main Foothills campus and the Riverbend Office Park neighboring the campus. The letter was sent to the patients to show the lapses of BCH in securing patient’s information. It mentioned that the sensitive information was taken from the papers present in trash bins just outside of the campus.

“If you travel north of Arapahoe (Avenue) on 48th (Street),” the letter said, “you will see the blue containers that contain medical records. These containers are often left unlocked.”

BCH has claimed that it has checked and reviewed employee privacy training and education and added automatic locks to recycle bins. It was not clear exactly whether there was a shredding policy in place.

“Our immediate goal is to determine the scope of this situation,” Boulder said in a statement. “We will work with any affected clinics to assess the impact on their patients and provide support to affected individuals.”

The letter also didn’t fail to accuse the organization of focusing on making money while not emphasizing patient privacy.  Based on the reports, it was clear that unknown person inappropriately took nine patients’ records and sent them to those patients in an attempt to shed light on Boulder’s alleged lax patient privacy policies.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Largest ever violation settlement by NYP and CU

May 10th, 2014 by admin No comments »
English: The Department of Health and Human Se...

Largest ever violation settlement by NYP and CU

The Department of Health and Human Services (HHS) has issued $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital (NYP) and Columbia University (CU). Earlier NYP and CU had violated both the HIPAA Privacy and Security Rules which resulted in electronic Protected Health Information (ePHI) of 6800 patients to data breach. NYP and CU learned of the breach when a deceased patient’s partner found the former patient’s ePHI on the internet.

Breach occurred when the application developer for the affiliate organizations tried deactivating a personally owned computer server on the network which held the data. Soon the ePHI become accessible on the internet search engines after the process of server deactivation.

NYP and CU had submitted a joint breach report after ePHI held on their network suffered data breach. EPHI included patient status, vital signs, medications, and laboratory results.  NYP paid OCR $3,300,000 and CU had to give $1,500,000, with both agreeing to complete corrective action plans. It includes risk analyses, developing risk management plans, revising policies and procedures, staff training, and providing OCR with progress reports.

“When entities participate in joint compliance arrangements, they share the burden of addressing the risks to protected health information,” said Christina Heide, Acting Deputy Director of Health Information Privacy for OCR. “Our cases against NYP and CU should remind health care organizations of the need to make data security central to how they manage their information systems.”

According to the hhs.gov website,

In addition to the impermissible disclosure of ePHI on the internet, OCR’s investigation found that neither NYP nor CU made efforts prior to the breach to assure that the server was secure and that it contained appropriate software protections.  Moreover, OCR determined that neither entity had conducted an accurate and thorough risk analysis that identified all systems that access NYP ePHI.  As a result, neither entity had developed an adequate risk management plan that addressed the potential threats and hazards to the security of ePHI.  Lastly, NYP failed to implement appropriate policies and procedures for authorizing access to its databases and failed to comply with its own policies on information access management.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

- See more at: http://blog.alertsec.com/#sthash.4Btkgtu7.dpuf

Enhanced by Zemanta

UPMC faces file class suit by the data breach affected employees

May 7th, 2014 by admin No comments »
English: A wing of UPMC Shadyside, the co-flag...

UPMC faces file class suit by the data breach affected employees

University of Pittsburgh Medical Center (UPMC) data breach has invited file class suit by the 27,000 affected employees. A file class suit is filed against UPMC and its payroll vendor, Ultimate Software Group. Out of 27,000 affected employees, 788 employees were known to have been the victims of tax fraud.

An attorney, Michael Kraemer filed the class suit against UPMC. He said that at least two employees learned that their data had shown up on an “underground or black market-type forum.”  “It gives me more questions. Is this related to the UPMC data breach? If it is, UPMC should be as transparent as possible in letting everyone know what they know about who has the information or if it’s been contained,” said Kraemer, who is pursuing class-action litigation against UPMC.

The suit mentions that UPMC and the vendor breached its duty to protect private employee information which resulted in vulnerability of misuse of employee’s information to tax return fraud. UPMC has offered employees the chance to sign up for a year of free credit monitoring services – But the class suit is filed for a court injunction forcing 25 years’ worth of identity theft insurance, credit restoration services, and credit and bank monitoring services.

Mitchell Dauerman, the company’s executive vice president, said he doesn’t believe UPMC or any of its subsidiaries are clients of Ultimate Software, and may have been sued by mistake.

Some UPMC employees interviewed on the streets of the city’s Oakland section feared for identity theft.

“They’re going to wait one year, they’re going to wait two years, they’re going to wait three years, and they could come back. I could be affected by a job I took in college, which is sort of scary,” said Allisandra Supinski.

“I feel comfortable with the one year that I have. If i look into it more, I may change my mind,” said Amy Hoffman.

“As long as you are with UPMC, they should cover us. As long as we work there for them, we should be able to get protected,” said Rodreda Tate.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Molina Healthcare contractor experiences breach due to mail error

May 5th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

Molina Healthcare contractor experiences breach due to mail error

Molina Healthcare, a multi-state healthcare organization reported breach which may have affected 5,261 former members’ Social Security numbers. Incident occurred due to post card mailing error. According to the reports, printing contractor Creel Printing committed mistake and there were no names on the cards and the Social Security numbers weren’t identified on the cards. Information which may have made public includes Addresses and Social Security numbers. Member’s names were not listed on the cards.

The cards were sent out to the members with the purpose of informing about the various benefits attached to the health insurance marketplace. According to reports, affected patients are the ones who reside in Washington State. The reason behind the breach was mix up when the social security numbers were mistaken for tracking numbers.

“Creel did not mean to print [Social Security numbers] on the postcards,” Timothy Zevnik, privacy official with Molina Healthcare, wrote in a notification posted to the Molina Healthcare website. “Creel did not have Molina’s permission to print [Social Security numbers] on the postcards.”

Molina Healthcare investigated the breach, improved processes and procedures, and put additional safeguards in place to ensure a similar incident does not occur. All impacted individuals are being notified, and offered a free year of identity theft monitoring services.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UMMMC sends out patient data breach notices

May 2nd, 2014 by admin No comments »

STUXNET - strayed from its intended target (No...

UMMMC sends out patient data breach notices

UMass Memorial Medical Center (UMMMC) of Worcester, Mass. revealed this week that it had alerted more than 2,400 affected patients of the breach. It took nearly two months to investigate patient data breach. According to the reports, initially four patients’ data was initially found to be accessed and potentially misused by a former employee.

The information may have been used to open commercial accounts, such as credit card and cell phone accounts. After coming to know about the incident, UMass immediately began an internal investigation. According to the statement, employee had access to patient information such as name, date of birth, Social Security number, and address at some point. UMass reported that two months time of investigation was taken to know the duration of the access ex-employee had.

In the website statement, UMass mentioned –

UMMMC has had a privacy and information security program in place for several years, and we want to assure our patients that we are committed to the security of patient information and taking this matter very seriously. To help prevent this type of situation from happening again, UMMMC is further strengthening its program, including identifying additional measures and enhancements to existing safeguards to protect patient information. UMMMC is also re-enforcing staff education regarding our policies and procedures to safeguard patient information.

UMMMC deeply regrets this incident and any inconvenience it may cause our patients. UMMMC has had a privacy and information security program in place for several years, and we want to assure our patients that we are committed to the security of patient information and taking this matter very seriously.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Centura Health hit by phishing attack

April 29th, 2014 by admin No comments »

Mercy Medical Center in Oshkosh, Wisconsin. {|...

Mercy Regional Medical Center of Durango, Colo. suffered data breach because of phishing attack.

Mercy Regional Medical Center of Durango, Colo.  suffered data breach because of phishing attack. In the recent times, phishing attacks have become more complex. It is observed that it is difficult even for shrewd of users to pick out. Mercy which is owned by Centura Health notified 1000 patients about the incident. Data affected by phishing attack includes names, Social Security numbers, Medicare beneficiary numbers, addresses, dates of birth and phone numbers. It also includes protected health information (PHI) such as diagnoses, dates of service, names of a patient’s treating physician and medical-record numbers.

Statement of Centura read, “We became aware that a small number of employee e-mail accounts may have been accessible as a result of the phishing. We hired an outside forensics expert firm to perform a comprehensive review of the affected employees’ e-mail accounts and confirmed that some of the e-mails contained patient information and may have included patient demographic information and/or clinical information and in some instances Medicare Beneficiary number and Social Security number.”

According to reports, Mercy employees were the target of a phishing email attack in which the hackers tried to obtain user names and passwords.  Phishing email was carefully drafted which gave the impression of authentic communication which trapped some employees to reveal system login information.

“Those steps included immediately stopping the attack, performing an investigation and hiring an outside forensics expert to assist, reinforcing education to all employees regarding ‘phishing’ emails and continuing to implement enhancements for strengthening user login authentication,” the statement read which implies Centura taking steps to implement  and reinforce necessary protective measures to help prevent future occurrences.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Boston Medical Center transcription service notifies 15,000 patients

April 28th, 2014 by admin No comments »

English: Boston Medical Center 日本語: ボストン医療センター

Boston Medical Center transcription service notifies 15,000 patients

Boston Medical Center (BMC) suffered data breach due to transcription’s service vendor’s website. Around 15,000 patients have been affected by this incident. BMS has fired the vendor and notified the patients regarding the breach. According to reports, records didn’t include Social Security numbers or financial data but patient names, addresses, and medical information, including what drugs they were taking, were potentially compromised as a result of the website posting.

“We have no evidence that any unauthorized individuals actually looked at the records,” Jenni Watson, the hospital’s chief of staff said, “But we wanted to notify the patients involved.” The incident may have occurred due to vendor’s website lacking password protection for the patient records. BMC, which had worked with MDF for about 10 years, is unsure of the extent and duration of the breach.

“We take our responsibility to maintain our patients’ privacy very seriously and have notified all individuals who were affected by this vendor error. As a result of this incident, we have terminated our relationship with MDF.” BMC said.

Jani said, “The hospital had no reason to believe the information was viewed by outsiders or misused.”

It is interesting to see the agreement between BMC and vendor whether they have included terms of contract for breach, considering BMC has notified the patients from their end.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Hackers target Boston Children’s Hospital

April 24th, 2014 by admin No comments »

Cryptographically secure pseudorandom number g...

Hackers target Boston Children’s Hospital

Cyber security hackers have made various attempts to crack Boston Children’s Hospital website. It was observed that hackers aim was to overload the Children’s website and potentially expose hospital’s internal network. According to reports, no attack was successful. Also, according to Children’s hospital no data has been illegally accessed.

Hospital has to shut down some web pages due to this hacking incident. As a result of which many patients were not able to access the details related to appointments, test results, and other case information. This attacks has not been linked to hackers group, Anonymous directly- But there seems connection for the attacks and group’s involvement in the Justina Pelletier (a Children’s patient) child custody case

Children’s chief executive Sandra Fenwick told employees that “multiple attacks, designed to bring the site down by overwhelming its capacity” and that the hospital “received a direct, credible threat against our internal network, including staff and patient information…”

It is believed that Anonymous is specifically targeting Children’s Hospital because of the Justina Pelletier case. According to reports, hospital believed that she had psychiatric and not physical problems. Since then Anonymous is involved in the campaign against the hospital. Boston Children’s Hospital has filed child abuse charges against Pelletier’s family following it seeking treatment for her alleged intestinal and other issues

Anonymous said, “To the Boston Children’s Hospital why do you employ people that clearly do not put patients first?” continued as “We demand that you terminate Alice W. Newton from her employment or you to shall feel the full unbridled wrath of Anonymous. Test us and you shall fail.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Stolen laptop of Coordinated Health may affect 700 patients

April 22nd, 2014 by admin No comments »
An Acer laptop computer.

An Acer laptop computer. (Photo credit: Wikipedia)

Coordinated health breach may impact around 700 patients as laptop was stolen containing PHI information. It was observed that laptop belonged to one of their employee. Laptop contained Protected Health Information (PHI) such as patient names, dates of birth, addresses, insurance information, appointment dates and physician names as well as their Social Security numbers.

Breach can be considered as HIPAA violation. Incident of stolen laptop occurred when an employee left the laptop in car. According to release from the Coordinated Health, the device was password protected but it appeared that laptop was unencrypted. The laptop was stolen from the car of an employee in Bethlehem. The incident was immediately reported to local authorities with a formal police report filed.

According to release of Coordinated Health –

Coordinated hired a forensic investigator to conduct a full review of the content on the computer. While the laptop was password protected, the investigation revealed that the device may have contained an email with an attached file of 733 CH patient files, their social security numbers and their protected health information including (PHI): name, date of birth, address, insurance, appointment date and physician name.

This is the second breach reported by Coordinated Health within the past month. In the first incident, Whitehall township office had been robbed and patient information and cash were stolen. In this incident around 70 patients were affected. The patient information included the last four digits of patients’ credit cards and Social Security numbers, as well as names, birth dates, phone numbers and some health information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UPMC notifies employees of data breach and fraud activity

April 20th, 2014 by admin No comments »

English: A wing of UPMC Shadyside, the co-flag...

UPMC notifies employees of data breach and fraud activity.

The University of Pittsburgh Medical Center (UPMC) notified around 27,000 employees affected by recent data breach. UPMC advised employees to verify with the IRS that their identities are safe. UPMC is also offering LifeLock identity protection to employees for free if signed up before this month.

“As of today, 788 employees have been the victims of tax fraud,” UPMC spokeswoman Gloria Kreps wrote in a statement. “We want to assure our patients that no patient information was breached. We are continuing to work with the IRS, Secret Service and FBI to determine the source of the breach. We continue to urge our employees to register with LifeLock as an important step to deter any additional fraudulent activity.”

It seems that information was accessed to get financial data and may cause identity theft for affected employees. In turn of events, affected employees have filed the law suit against UPMC. Michael Kraemer, the attorney is representing for the complaint against UPMC. He mentioned that organization failed to safeguard and prevent vulnerabilities from being taken advantage of in the UPMC computer system.

“We are putting our full resources behind efforts to investigate and secure our systems,” UPMC Vice President John P. Houston wrote in the letter. “We recognize a situation like this creates stress and anxiety about the safety of your personal information and we want to provide you with all the tools and resources we can to help you deal with this all-too-common crime.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach affects 1,144 patients of University Urology of Tennessee

April 18th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Data breach affects 1,144 patients of University Urology of Tennessee

University Urology of Tenn. released data breach statement which involves 1,144 affected patients. Data breach information was limited to names and addresses. According to website statement social Security Numbers, financial account information, clinical information were not exposed.

This particular data breach incident involved an administrative assistant who gathered patient’s data in bid to sell to a competing provider for winning patients business. Incident came to notice when patients started receiving calls from competing provider. Patients began calling university to alert about unsolicited phone calls.

Peggy Kares, HIPAA Security Officer at University Urology, P.C. said, “We understand that any breach of protected health information is a concern for our patients. We sincerely regret this situation occurred.”

University took following action after the breach – It terminated the employment, revoked access to protected health information (PHI), changed internal passwords and agreed with the competing organization to destroy received patients information.

According to website statement,
University Urology, P.C. is notifying by mail the patients impacted by this breach. While it appears that the information subject to the breach was to be used for patient solicitation and there is absolutely no indication that the information may be used for purposes of identity theft, patients may choose to monitor their credit card, bank, or other financial statements for signs of fraud and identity theft.

The information consisting of patient names and addresses is considered protected health information and is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

LewisGale Regional Health System reports data breach

April 15th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

LewisGale Regional Health System reports data breach

LewisGale Regional Health System of Salem, Va.  notifies a multi state data breach to 400 affected patients. Around 40 of patients were under LewisGale’s care. Information related to patient names, addresses, insurance information and social security numbers were all potentially exposed.

Incident of breach occurred at LewisGale’s billing department due to former employee accessing patients data. Report stated that former employee is being investigated related to identity theft. It was found that they allegedly obtained credit, opened accounts, and even leased apartment with other people’s information.

Jim Clendenen received the letter related to data breach. “We’re retired now and everything we got is taking care of. I’d hate to have somebody stumble in there and take care of everything that we’ve worked all these years for,” Clendenen said.

He continued “Wondering how and why they would let an employee have access to something that he had no reason to have.” and “I just hope maybe something can be done to prevent you or someone else going through what I’m going through right now.”

LewisGale website excerpts are as bellow -

LewisGale Regional Health System was recently informed that a former employee, whose job function required access to Patient Health Information protected by HIPAA, is under investigation for misuse of that information related to approximately 40 of our patients. All of these patients have been notified in writing and provided complimentary credit monitoring through a national credit reporting agency. We have also established a toll-free call center for patients with questions, as well as an email address to which they may submit written communications.

We are fully committed to the security of Patient Health Information and the privacy of our patients. The employee in question has been terminated and we support this person’s prosecution to the fullest extent of the law.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Texas nonprofit advocacy group notifies PHI breach of 2,934

April 13th, 2014 by admin No comments »
English: Texas Health and Human Services Build...

Texas nonprofit advocacy group notifies PHI breach of 2,934

An Austin, Texas nonprofit advocacy group for children with developmental disabilities, EveryChild, Inc. has informed 2,934 families about the potential data breach. EveryChild learnt about the breach when internal computer was found stolen from its office. EveryChild, Inc. is a non-profit with a contract with the Texas Health and Human Services Commission (HHSC) to help adults under age 22 and children with disabilities get services in a family setting rather than an institution.

Computer contained PHI information which included patients’ birth dates, Social Security numbers, Medicaid numbers, photos and other health information. EveryChild has also alerted Texas Health and Human Services Commission about lost computer and possible data breach.

EveryChild believes till date that data present on the computer was not misused. Information is not available whether the patients only from Austin suffered data breach or there are patients from San Antonio as well. Also information regarding safe guarding methods on the computer was not available. Thus it was not clear whether computer was password protected or encrypted.

Excerpts of Website statement –

Upon discovery of the theft, we immediately notified law enforcement and the Texas Health and Human Services Commission. We are cooperating with investigations and attempts to recover the computers. We are also improving the security of confidential information through security alarms, enhanced technology, and policy and procedure changes.

If you were personally affected by this theft and we have your current address, you will be receiving a letter informing you about the credit monitoring protection. If you believe you may have been affected and do not receive a letter, you may contact our toll free number.

We take the protection of private information seriously and sincerely regret that this crime put information at risk. We will continue work to put stronger controls in place to better protect private information in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

More 170,200 patients affected in previous Los Angeles County DHS data breach

April 10th, 2014 by admin No comments »
The main entrance to the Los Angeles County Me...

The main entrance to the Los Angeles County Medical Center General Hospital (Photo credit: Wikipedia)

Los Angeles County Department of Health Services (DHS) earlier reported about 168,000-patient’s data breach at its billing company, Sutherland Healthcare Solutions. In the recent notification it has added more 170,200 patients in the data breach list. Total number of affected patients comes around 338,700.Earlier eight computers were stolen from Torrance which led to data breach.

Torrance police department along with Los Angeles County district attorney’s cyber-crime team and the U.S. Secret

Service are trying to find the information on break in. Spokesman David Sommers said there is three class action lawsuit filed against the county and it is reviewing Sutherland’s security procedures.

Information on the computers includes  patients’ first and last names, Social Security numbers and certain medical and billing information, as well as potentially birth dates, addresses and diagnoses.

Affected patients are offered 12 months of credit/fraud/identity protection services from ID Experts. “We encourage you to take full advantage of this service offering,” Sutherland tells affected patients. “Representatives from ID Experts are aware of the incident and can answer questions or concerns you may have regarding protection of your personal information.”

In this event further, Department of Health and Human Services (HHS) imposed fine on its first county, Skagit County of Northwest Washington, for a HIPAA violation. County has agreed to a $215,000 monetary settlement.

Sutherland provides services to the Los Angeles County Department of Health Services and Department of Public Health. The county is working with the vendor to review its privacy and security program. Sutherland has increased employee training.

The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

La Palma Intercommunity Hospital notifies data breach involving unknown number of patients

April 8th, 2014 by admin No comments »
STUXNET - strayed from its intended target (No...

La Palma Intercommunity Hospital notifies data breach involving unknown number of patients

La Palma Intercommunity Hospital delayed for about one and half year to notify affected patients. It has alerted unknown number of patients about the data breach. Details regarding the incident are limited. It came to notice that Intercommunity employee allegedly, without permission accessed information, which included Social Security numbers, driver’s license numbers, addresses, birth dates and limited medical information.

La Palma Chief Financial Officer Alan H. Smith, sent out a letter regarding firing of the employee involved in accessing the information. The note mentioned, “We sincerely apologize for any concern or inconvenience this incident may cause you,” Smith wrote. “The security and confidentiality of our patients’ personal information is extremely important to us. Our hospital has taken measures to protect against future attacks of this nature.”

Spokeswoman Rachel Hogue didn’t provide proper explanation as why there was a delay in notifying affected patients of the data breach. It was not clear how many patients were affected and whether the data was secure.

Federal privacy law forbids unauthorized viewing of patient medical records. Some hospitals have paid large settlements after their employees allegedly viewed the medical records of celebrities.

The letter from the hospital says that they are offering credit monitoring for one year.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Michigan Health Department notifies data breach

April 5th, 2014 by admin No comments »

MDCH

Michigan Health Department notifies data breach

The Michigan Department of community Health (MDCH) announced details about the data breach that happened due to stolen laptop and flash drive. It was observed that laptop was encrypted but flash drive was unencrypted. Incident happened in a State Long Term Care Ombudsman’s Office employee.

After the breach MDCH sent the notification to the 2595 affected patients. Flash drive contained information of the living and deceased individuals like names and addresses, social security numbers for 1539 patients.

“MDCH takes any potential breach of security with the utmost seriousness and sincerely regrets that this breach occurred,” said Nick Lyon, Chief Deputy Director of the MDCH. “We are working swiftly to notify any individuals who may have been impacted and with staff to tighten our security procedures going forward.”

Statement on the MDCH website mentioned –

All individuals with data on the flash drive are being notified so that they can monitor their accounts and other financial affairs for any unauthorized use. MDCH is working with the LTC Ombudsman’s Office to offer credit monitoring services at no cost to people whose Social Security number or Medicaid number were compromised.  In addition, a credit file death suppression service is being offered to the families of deceased individuals to assist them in securing their deceased loved one’s credit file.

If you are an affected person, and wish to take action to protect yourself from potential identity thieves, you may place a fraud alert on your credit file.  A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Orlando medical center lost flash drive

April 3rd, 2014 by admin No comments »
20090415 USB Flash Drives

Orlando medical center lost flash drive

Orlando Health’s Arnold Palmer Medical Center reported data breach when it lost the flash drive. Flash drive contained patient’s data which included names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, according to the report, transfer dates of the children who were patients at either Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women & Babies between 2009 and 2013.

Arnold notified about the lost flash drive to the affected patients. The flash drive did not include patients’ Social Security numbers or financial data. Patients’ records are strictly considered as confidential under the 1996 Health Insurance Portability and Accountability Act (HIPAA) law. Orlando Health notified federal authorities regarding the data breach. They suspect that flash drive was lost and not stolen.

Steve Stallard, corporate director of compliance and information security at Orlando Health said, “Arnold Palmer Medical Center takes this incident very seriously, and we are committed to protecting patients’ health and personal information.”

Stallard added that they do not have any evidence to prove that device was used by unauthorized individual. A computer flash drive contained patient information of 586 children treated at Orlando Health’s Arnold Palmer Medical Center.

“We deeply regret any concern or inconvenience this may cause.” He added.

Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Unique case where concerned entity didn’t violate HIPAA regulations

March 30th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

Unique case where concerned entity didn’t violate HIPAA regulations

Major task of HIPAA is to keep track on data breaches and government penalties for compliance failure. It covers entities that handle patient data in some form. Incident involved Monroeville, Pa. when its 911 dispatch centre from five fire stations gave easy access for patient medical records to unauthorized users. Information which was accessible included names, driver’s license numbers, birth dates and medical histories.

Monroeville is a community of about 28,000 with a vibrant business corridor, a convention center and two busy hospitals. The Pittsburgh Post-Gazette was covering this incident for last two years and found that Monroeville, Pa didn’t breached HIPAA regulations. Investigation was carried out by Department of Health and Human Services (HHS).

HHS learned that municipality failed to maintain the database properly and soon after the discovery of the breach unauthorized access was terminated. According to Office for Civil Rights, ‘Monroeville, its dispatch center, police department or fire department are all not covered under the provisions of the privacy law, which mainly related to health care providers and insurers.’

Two Monroeville council members said they were pleased by the government’s findings. Tom Wilson said, “I was happy that they didn’t find any violations, and the folks that were falsely accused, that took the brunt of the accusations, were completely exonerated.”

Linda Gaydos said,” “I am absolutely overjoyed for the employees of our police department, our dispatch center, our EMS and our fire departments and their families, to have this put behind them,” She added, “We had a group of people in Monroeville that worked against Monroeville, and they smoke-screened and they tried to keep stirring the pot and they tried to scare people and make it worse. They’ve made it a very, very bad, uncomfortable situation for a lot of people, and I’m hoping this will put an end to it.”

Municipal Manager Timothy Little said, “I think it lifts a cloud off of Monroeville, and specifically the public safety aspect of the municipality, that there wasn’t any wrongdoing with respect to [health privacy law] violations,”

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

.

Enhanced by Zemanta

University of Kentucky (UK) Healthcare reports 1,079-patient data breach

March 27th, 2014 by admin No comments »

UK National Health Service on Second Life - Ma...

University of Kentucky (UK) Healthcare reports 1,079-patient data breach

UK healthcare has informed 1,079 patients about the data breach after the incident of stolen laptop. Data breach involved one of its vendor HIPAA business associates (BAs).  Laptop was password protected.

Laptop contained Personal healthcare Information (PHI) which included name, date of birth, medical records number, diagnosis, medications, laboratory results, progress notes, allergies, height and weight, date of service, physician name and clinic. According to UK information related to Social Security numbers, credit cards, debit cards or bank account numbers were not present on the laptop.

Status of the encryption of laptop is unknown. A statement linked from the UK website mentioned –

UK HealthCare and Talyst deeply regret any inconvenience this causes. UK HealthCare and Talyst have policies and procedures in place and are committed to safeguard the privacy of all patients.

We have no evidence your information was misused.

Stay alert for the signs of identity theft, such as:
• Accounts you did not open and debts on your accounts that you cannot explain.
• Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your social security number, address(es), name or initials, and employers.
• Failing to receive bills or other mail. Follow up with creditors if your bills don’t arrive on time.
• Receiving credit cards that you didn’t apply for.
• Being denied credit or being offered less favorable credit terms, such as a high interest rate, for no apparent reason.
• Getting calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

We also recommend that you regularly review the explanation of benefits statement that you receive from your health insurer. Please immediately contact your health insurer if you identify services listed on your explanation of benefits that you did not receive.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Facts You Should Know about Cyber Insurance

March 24th, 2014 by admin No comments »

Cyber

Facts You Should Know about Cyber Insurance

Cyber insurance is to protect losses against cyber threat and losses. Cyber Insurance is not a new concept but many companies don’t have cyber insurance policies still today. The growth for cyber insurance is slow because market is very complex and inconsistent.  Cyber insurance can be costly too which can go around $35,000 for a $1 million in coverage which is still less compared to costs of major breach.

It is important to know about cyber insurance and how can it benefit the organizations.

Cyber insurance is specific

Your general liability and professional indemnity insurance is not cyber insurance. General liabilities frequently cover basics like physical damage and not data breach. A simple virus can cost millions in terms of losses. Most of general liability insurer deliberately neglect the data breach clause.

All are not equal

Cyber insurance is still considered to be relatively nascent stage. It is a decade old concept to save the companies from data breach. A standard cyber insurance policy may not cover exact need of your organization. It is important to access your needs and go your proposed policy to negotiate best suitable terms.

Data loss cover

Cyber insurance policy should go beyond hacking and cover data loss. A minor data loss can cause significance damage to the company.

Example: Massachusetts General Hospital had to pay a $1 million fine to the US Department of Health and Human Services after an employee of Partners HealthCare left the records of 192 patients on a train.

Cyber insurance vs. good security

Cyber insurance is not the license to neglect security constraint of data. You have to perform assessment and audits to check the policies to secure the data.

“Being able to prove that they weren’t negligent could save organizations millions in the long-run,” explains Jamie Bouloux, a cyber insurance liability executive at AIG. “If something happens when a client loses data, they can tell the regulator that they did everything within reason to try to ensure that there was an environment of security where its employees knew how to handle client information.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach settlement costs $4 million to Stanford Hospital

March 22nd, 2014 by admin No comments »

Stanford-hospital-entrance

Data breach settlement costs $4 million to Stanford Hospital

A class action lawsuit was filed for data breach that occurred back in 2009 for which Stanford hospital agreed to pay $4 for its settlement. California’s well-known Confidentiality of Medical Information Act (CMIA) was violated after 20,000 emergency room patients’ data became viewable in 2010 on a third-party student homework website.

CMIA prevents health care service providers from making patient records public without written consent. Los Angeles County Superior Court Judge Elihu Berle tentatively approved the settlement but final decision is yet to be finalized.

Shana Springer filed the class suit in 2011 for $20 million which comes around 100$ per patient. It was observed by the Stanford that data was breached when Multi-Specialty Collection Services sent the data to a third party for a graph which eventually landed on the dormant ‘Student of Fortune’ website.  Stanford maintained their stand that it had properly encrypted the patient data. Los Angeles-based Multi-Specialty Collection Services LLC is the contractor hired by the Stanford hospital.

Information like credit card information or Social Security numbers were not disclosed in the breach but medical record numbers, hospital account numbers, billing charges, as well as emergency room admission and discharge dates were available on the website.

After the incident, Stanford has proposed many remediations to protect crucial information from breach.  It will create a program dedicated to improving its security posture by training staff members. Training will be focused on policies to protect patient privacy.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

IT companies: Ways to tackle Cloud File Sharing Threat

March 20th, 2014 by admin No comments »

Cloud computing comes to NERSC

IT companies: Ways to tackle Cloud File Sharing Threat

Many cloud file sharing companies are now slowly but steadily wiping out the traditional IT companies methods. More and more IT infrastructure and apps are moving to cloud. Trend for employees using devices like Smartphone, tab to access corporate data (BYOD) is increasing.

Current situation is also leading to increase in security threats for corporate data. Environment is such where IT departments are losing their relevance and control over data.

Adaption of the Technology

IT professionals have adapted to the phases of technological breakthroughs. It is fact that more and more IT infrastructure is moving to the cloud and best way to adapt cloud technology is to put policies and audit strategies in place to avoid data breach. Control objectives should be created for cloud usage and implementation.

Encryption

One of the efficient ways to protect data is by creating encryption. Basically with encryption one need not to worry for the data whether it is moved or stored. Relying on the encryption has its own challenges like visibility of the data for day to day usage. Also trying to encrypt and decrypt work all the time is not feasible. Policy should be in place for the strategic encryption of the data.

Access to right Cloud service provider

Organizations today understand the need and importance of moving operations to cloud but many hesitate due to security threat involved in it. When choosing a cloud vendor it is important to ensure that compliance guidelines are in line with the organizations regulations and standards.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach in North Carolina’s Cornerstone Neurology

March 17th, 2014 by admin No comments »

MSI laptop computer

Data breach in North Carolina’s Cornerstone Neurology

Information of 548 patients from Cornerstone Health Care in high Point was stolen which may lead to data breach. Incident came to notice when employees didn’t find the laptop. It contained protected health information (PHI) including patient names, dates of birth, physician names, and nerve conduction scan summaries, but did not have addresses, billing information, or Social Security numbers.

Thief was not able to access additional information as computer was not connected to the billing system or electronic security numbers. Compliance and patient safety officer said, “This wasn’t one of our laptops that our providers use to see all of our patients. Because this computer isn’t integrated into our systems, we didn’t have an easy way to figure out what patients might have been involved.” Officials believe that laptop was not stolen for the information.

Cornerstone after the incident revised its policy and procedures to restrain staff securing sensitive information. It was not clear whether Cornerstone has informed the Department of Health and Human Services (HHS) about the stolen equipment and data breach.

Excerpts of the notice from home page says,

Cornerstone Health Care values the trust placed in us by our patients and takes our responsibility to maintain the confidentiality of our patients’ data very seriously. Regrettably, this notice concerns an incident involving some of that information.

We sincerely regret that this incident occurred. To help prevent similar events in the future, we have installed new locks on all rooms in the facility that contain electronic devices, reviewed our information privacy and security policies, and provided education and training to Cornerstone staff regarding the importance of securing patient information. Please be assured that we take the privacy of our patients’ personal information seriously and that we will continue to implement improvements to protect our patients’ personal information.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Recent Update for United Healthcare fax breach

March 14th, 2014 by admin No comments »
BGFJ0R (CYBER ATTACK) ...item 2.. Watching the...

Recent Update for United Healthcare fax breach

Patient info was sent to the wrong recipient, Stephen Butler’s. A Portland, Oregon man received erroneous faxes containing protected health information (PHI) from Community Memorial Hospital patients. Fax was intended to be sent to United Healthcare, as Insurance Company but went to Butler instead.

Fax contained four patients birth dates, insurance identification numbers, and admission dates. Roper, the hospital believes that this was the only fax sent to wrong recipient. But hospital was unaware about the incident until it was contacted by the news agency. It is believed that error was mostly likely due to dialing of wrong number. United Healthcare has carried out his own investigations.

Roper St. Francis, the healthcare network released the statement,

Roper St. Francis is committed to protecting the privacy of patients. This week, Roper St. Francis leaders learned that on August 1, 2013, one fax intended for an insurance company was inadvertently sent to a wrong number. The information in the fax contained the names of four patients, their dates of birth, dates of admission, and insurance member ID numbers. Roper St. Francis leaders have personally apologized to the patients involved. The mission at Roper St. Francis is to heal all patients with compassion, faith and excellence, and this includes protecting their private information as well.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Health Source of Ohio file breach affects 8,800 patients due to Internet lapses

March 12th, 2014 by admin No comments »
STUXNET - strayed from its intended target (No...

Health Source of Ohio file breach affects 8,800 patients due to Internet lapses

Health Source of Ohio (HSO) reported a data breach of 8800 patients when the PHI information was available on Internet. PHI information contained names, addresses, phone numbers, and account numbers for each patient. Some patients also had their dates of birth, healthcare information, credit card numbers, and Social Security numbers in the file.

The Information was gathered through a web based program used by Health care accounting staff. The information was supposed to be accessible only to authorized staff – but file was available through internet searches. The file was viewed 47 times and soon after discovery of breach, HSO secured the data and disable the site access. It was not clear what actions were taken by the health centre to avoid such incidents in future.

HSO stated, “The privacy and security of patients’ personal and healthcare information is very important to HSO. Individuals who called HSO’s patient accounting staff during the time period above with questions about their account should examine their personal and financial information, such as credit card accounts and accounts with financial institutions for unusual or unauthorized activity.”

HSO listed Pair Networks as the business associate in the statement to HHS. File was hosted on the servers of Pair Networks. Pair Networks’ terms of service in their contract makes account security the sole responsibility of the customer. It does not mean that breach happened due to Pair Networks.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Data Breach in MaryLand DDA affects 9,700 clients

March 10th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Data Breach in MaryLand DDA affects 9,700 clients

Case management provider Service Coordination Inc.’s (SCI) computer systems of The Maryland Developmental Disabilities Administration (DDA) was hacked which compromised 9,700 patients’ protected health information (PHI). It contained client names, demographic information, DDA service provider, medical assistance number, Medicaid and Medicaid Waiver status and reason, Social Security numbers, and other SCI service information.

“We regret the occurrence of this unfortunate criminal incident and we apologize for any inconvenience this may have caused individuals who we work with. We continue our vigilant actions to safeguard the information of those who count on us for resource coordination services and we remain committed to supporting their needs,” said John Dumas, Executive Director of Service Coordination

SCI contacted a cybersecurity forensics team which confirmed unauthorized use. SCI also notified the FBI and U.S. Department of Justice (DOJ). It requested a delay in clients’ notification to avoid hindrances in their criminal investigations. Only after law enforcement seized the hackers account and equipment, SCI began notifying the clients.

SCI is offering one year free identity theft protection to those affected by the breach. In a website statement, SCI further added,

There is no current evidence of any misuse or further release of information by the hacker or others. To help protect affected Maryland residents from the possibility of identity theft and/or fraud as a result of this incident, SCI has engaged an identity theft protection firm, to provide affected individuals with a full year of identity theft protection services at SCI’s expense.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Mental Health Treatment Organization health data exposed

March 8th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Mental Health Treatment Organization health data exposed

Community Based Services On-Call Binder of Yellowstone Boys and Girls Ranch (YBGR) in Montana was lost or destroyed. Organization printed legal notice in the news paper informing clients of the breach.

Binder contained Protected Health Information (PHI) from clients, including names, addresses, dates of birth, parents’ names, and program and treatment professionals’ information. Financial information and Social Security number was not present in the binder.

YBGR has stopped using binders after the incident. It has notified the clients for same. New process is followed were staff members must use a new on-call system or visit a ranch office to receive information. YBGR is in the process of implementing new electronic record system to ensure security of the sensitive information. It has notified the customers to monitor credit reports. They are also advised to inform Federal Trade Commission (FTC) for any suspicious activity.

“We want to make sure that if there’s any trust lost with any of our families, with any of the people we work with, we want to regain that,” said Shawn Byrne, YBGR’s chief operating officer for community-based services.

In its public notice YBGR mentioned,

We conducted an extensive investigation and determined that the Binder was either destroyed or misplaced sometime during the summer of 2013.

YBGR has no reason to believe that any personal information was accessed or used inappropriately and we believe that the likelihood of such misuse is low. Nonetheless, out of abundance of caution, and in accordance with federal law, we are providing the media with notice of this incident, in addition to individualized notice to every client who might have been affected so that our clients might take steps to protect themselves from potential harm resulting from this incident.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Office break leads to patient information breach

March 4th, 2014 by admin No comments »
Password 'fido' ...item 3b.. Five Characters i...

Office break leads to patient information breach

The protected health information (PHI) of patients at Dr. J.M. Benson’s Sherman, Texas practice was stolen in the event of office break in which may lead to data breach. Computers and at least one hard drive were stolen from the office.

Devices contained information of patients which includes names, addresses, phone numbers, health insurance provider numbers, and Social Security numbers. Status of information whether it was encrypted or not was unavailable.

Office issued written statement and advised to check their health reports and credit reports for any illegal activity. It mentioned, “We suspect that it might be possible for the persons who stole the equipment to attempt to use the information contained therein for the purposes of committing health insurance fraud.” Office is in the process of upgrading security checks. They also said, “Sincerely apologize and regret that this situation occurred.”

Dr. Benson immediately reported the incident to the police and investigation is in the process. He further added in statement issued to the affected patients, “In addition, you should monitor your health care reports, such as your insurance Explanation of Benefit (EOB) documents, to ensure that charges included on the EOB’s are for services that are actually provided to you,”

It is possible for the person who stole the records can use the patient’s personal information for committing health insurance fraud.

The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Error in faxing causes united health care breach

March 2nd, 2014 by admin No comments »

English: Community Memorial Hospital, Ayer Mas...

Error in faxing causes united health care breach

A Portland, Oregon man received erroneous faxes containing Protected health Information (PHI) from Community Memorial Hospital patients. Patient info was sent to the wrong recipient, Stephen Butler’s.

Fax included information of patient names, dates of birth, patient ID numbers, admission dates, and discharge dates. Butler called the hospital to inform them about the error after tracing the number to Community Memorial Hospital in Menomonee Falls, Wisconsin.

Investigation revealed that breach was caused by United Healthcare. Butler initially contacted one of the patients of the hospital. Froedtert Health, which runs Community Memorial Hospital, was alerted of the breach through a patient.

“She took my name and number, said she was very thankful that I called her, and she said she was going to talk to the hospital administration immediately,” Butler said referring to the patient. Butler claims he called the hospital a half dozen times over the past year and told them to stop sending faxes. But faxes were sent erroneously even after repeated requests. He finally started calling the patients and media after which faxes stopped.

United representative issued a statement, “We were alerted by Froedtert Health about this issue earlier today, and we are working closely with them to investigate and determine the facts. We take very seriously the privacy and personal information of our members.” It was not able to determine whether breach was a result of human error or a glitch in the system.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Default IP Address, Outdated Firmware used by majority of SOHO Wireless Routers

February 28th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Default IP Address, Outdated Firmware used by majority of SOHO Wireless Routers

Tripwire has announced the results from its analysis of security vulnerabilities in small and home office wireless routers, finding that 80 per cent have exploitable flaws in their security.

Tripware conducted survey of 653 IT and security professionals and 1,009 employees who work remotely in the U.S. and U.K. Survey shows that 55 percent of IT professionals and 85 percent of employees haven’t changed the default IP address on their wireless routers.

It also came to notice that 52 percent of IT professionals and 59 percent of employees haven’t updated the firmware on their routers. Also admin password on their routers is also not changed by 30 percent of IT professionals and 46 percent of employees.

Tripware also found out that 80 percent of Amazon.com’s top 25 best-selling small office/home office (SOHO) wireless routers have security flaws.

Tripwire security researcher Craig Young said in a statement. “Unfortunately, users don’t change the default administrator passwords or the default IPs in these devices and this behavior, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious Web sites, browser plugins, and smartphone applications.” And “[T]hreats to routers will continue to increase as malicious actors recognize how much information can be gained by attacking these devices,”

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Beebe Healthcare notified 1,900 patients of a data breach through contracted employee

February 27th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Beebe Healthcare notified 1,900 patients of a data breach through contracted employee

Potential data breach came to notice when contracted employee did not show up for work. It was learned by the co-workers that the employee had previously been arrested for identity theft in Pennsylvania. Beebe healthcare of Delaware notified 1,900 patients of a data breach. It was observed that employee had worked at three Beebe offices in their network.

Beebe Healthcare has hired forensics team to conduct an enquiry into possible data breach. It was observed that no information is misused. In statement it explained, “Our investigation determined that during her assigned job duties, the contractor had access to patient medical records, which included patient names, dates of birth, Social Security numbers, health insurance information and clinical information.” Beebe Internal Medicine in Lewes, Beebe Family Practice in Millville, and Beebe Pulmonary Associates were affected location.

“Upon learning of this information, we immediately terminated the contractor’s engagement and began a thorough investigation, including hiring a national forensic expert firm. Our investigation determined that during her assigned job duties, the contractor had access to patient medical records, which included patient names, dates of birth, Social Security numbers, health insurance information and clinical information.

Based on our investigation and the work of the national forensic experts, we have no evidence that patient information was removed from Beebe or has been used inappropriately in any way. Although the staffing agency with whom we contracted performs background checks on all applicants, the report did not reflect any potential criminal activity for this individual,” Beebe further added in the statement, “We deeply regret any inconvenience this has caused our patients. To prevent this from happening in the future, we are performing our own background checks of all staffing agency employees and will no longer rely on staffing agencies to do so.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Hacked server of St. Joseph leads to data breach affecting 405,000

February 26th, 2014 by admin No comments »
STUXNET - strayed from its intended target (No...

Hacked server of St. Joseph leads to data breach affecting 405,000

St. Joseph Health System (SJHS) in Texas reported a data breach due to hacking of server. It has affected more than 405,000 patients, employees, and employee beneficiaries. Hackers from china and other locations accessed information through single server. The server has employee and patient data from St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center as per the health system. The server was taken offline as soon as breach was discovered.
Information about patient names, birth dates, Social Security numbers, possibly addresses, Medical information as well as bank information for current and former employees were present on the server. Investigators failed to determine if any information had been extracted.
“SJHS is working with the United States Federal Bureau of Investigation, which is also looking into this incident. SJHS is providing written notice of this incident to affected individuals, to the U.S. Department of Health and Human Services, as well as to certain state and international regulators.”SHJS mentioned in a release on its website.
St. Joseph stated that there has been no report about misuse of information. It has setup a confidential call center for affected people. Statement on their website further added, ‘To further protect individuals from identity theft or financial loss, we encourage patients, employees, and their families to remain vigilant, to review their account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity.

Individuals can also check their credit by obtaining a free credit report.  Under U.S. law, individuals are entitled to one free credit report every year from each of the three major credit bureaus.
SJHS have five hospitals, two long term care centers, more than a dozen physician clinic locations and a charitable foundation. It has a designated Accountable Care Organization.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

HIMSS Privacy and Security director discusses ‘Hidden Pitfalls with Cloud, Mobile Technology and Mobile Data’ at HIMSS14

February 24th, 2014 by admin No comments »

HIMSS 2010

HIMSS Privacy and Security director discusses ‘Hidden Pitfalls with Cloud, Mobile Technology and Mobile Data’ at HIMSS14

Lee Kim will review practices of healthcare organization examining vendor contracts, such as business associate agreements (BAAs) with cloud vendors maintaining HIPAA compliance. Kim assists HIMSS with government relations, federal affairs, and state affairs in terms of evaluating privacy and security laws and regulations.

She believes that organizations have been doing risk assessments to find holes in their information systems.
They’re definitely going through risk assessments for their systems and I’m predicting that organizations, including providers will be more focused on risk remediation. Its one thing to assess risk, determining high-level vulnerabilities, but the real value you get out of a risk assessment is what you do about it and take action. Providers can do this by actually mitigating those risks both inside and outside of their organizations.
Kim believes that there must be strong program to have processes in place. Kim mentioned that health industry is unique as it’s trusted with patient information and can affect patients’ lives.
Ensuring the patient information is both private as well as secure is certainly paramount. Not only do organizations need to comply with HIPAA, they need to have a holistic approach to keeping bad actors away from patient data. Unfortunately, these bad actors can be inside or outside an organization. Or it may even be an individual who doesn’t have bad intent but is exceeding the scope of their authorized access and cause a breach out of negligence.
Kim also stated that there are many cloud users who are not completely aware of it.
In terms of where we’re going with information technology, it just seems as though there’s more of a dependence on cloud-based solutions. For example, a provider may contract with a cloud provider or use a hosted EHR solution. More health IT stakeholders are seeking these outsourced solutions such as cloud.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Two Men Jailed for Identity Theft

February 22nd, 2014 by admin No comments »
Credit card and lock on laptop

Two men jailed for their involvement in identity theft at medical Lab.

Angelo Ponds, 32, of Miami Gardens, Fla., and Sean Guillaume, 31, of Miramar, Fla. were sentenced to jail for their involvement in identity theft at medical Lab. Incident was related to stolen identity tax refund (SIRF) scheme. Ponds was sentenced to 48 months in prison and Guillaume was sentenced to 94 months in prison both to be followed by three years of supervised release.

Guillaume stole medical records with names, dates of birth, and Social Security numbers, and sold data for 5,000 individuals. He worked for unidentified medical laboratory testing company .He sold this information to Ponds. He knew that Ponds would use the PII to file fraudulent tax returns seeking refunds.

According to court documents, Guillaume worked for a company that performed medical laboratory tests where he had access to medical records with names, dates of birth, and Social Security numbers (personal identity information or “PII”) of individuals in the course of his employment with that company.

According to justice records, Ponds filed other people record fake taxation earnings with Internal Revenue Service seeking refunds.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Hospitals focus on IT security audits

February 20th, 2014 by admin No comments »
English: West Virginia Universities Downtown C...

Hospitals focus on IT security audits

After healthcare organization makes decisions on security audit strategies, some aspect has to be considered such as potential impact on daily workflow and the amount of time that elapses between catching an abnormality and resolving the issue. Mark Combs, West Virginia University Hospitals Chief Information Security Officer (CISO) mentioned about the steps to find internal security threats.

Mark Combs mentioned that audit report can stop larger breach. He mentioned about the situation in Florida where a healthcare organization was alerted by federal investigators that one of its employees was filing false tax claims.

“Obviously, we’ve found instances where employees were doing inappropriate things, but we were able to catch them soon enough so that they didn’t grow into one of those larger issues,” Combs said. “Luckily, we haven’t had one yet where federal authorities alert us of an incident.” He further added organizations set their policies as best practices and they need applications in place to enforce those policies.

Combs and West Virginia University Hospitals made decision for use of Iatric Systems’ Security Audit Manager (SAM) product. Rob Rhodes, Senior Director of Patient Privacy Solutions for Iatric Systems said that the integration works well with SAM because it reaches out to any of organization’s systems with PHI and allows us to pull the audit logs and aggregate them in the SAM.

“Once it’s aggregated in SAM, we then run proactive reports and alerts,” he said. “Users can set those up so the algorithms we have go out and look for potential privacy violations. SAM has incident tracking as well.”

West Virginia recently incorporated a policy change when it switched from a legacy system to Epic HER.

We did that to comply with the HIPAA Security Rule, as we were concerned that people would use their access to look at and potentially harm the integrity of their own record if they make mistake. We put “same last name” auditing in place, which is a report that’s native to SAM. Not only were we able to use that in Epic, but for our other half-dozen or so systems as well.  As we contacted managers telling them they weren’t complying with the policy, we saw a huge reduction in people looking at their own accounts through work access.

To get perfect audit reports encryption software for laptops are essential. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Complaint filed against St. Rose Dominican Hospitals

February 18th, 2014 by admin No comments »
St. Rose Dominican Hospital, Siena Campus - He...

The Office for Civil Rights (OCR) complaint is filed against ST. Rose Dominican hospitals for allegedly compromising patient’s records

The Office for Civil Rights (OCR) complaint is filed against ST. Rose Dominican hospitals for allegedly compromising patient’s records as part of gaining advantage in a contract dispute. Dignity health which owns ST. Rose Dominican hospitals is in process of dealing with a complaint. It is complaint against violating patient privacy by using records for leverage.

According to the announcement by the Nevada Health Services Coalition, Dignity Health took access to patient records by contacting Coalition plan members. It happened when the agreements between the two agencies fell through. It is considered as violation by the Health Insurance Portability and Accountability Act, or HIPAA. U.S. Department of Health and Human Services Office of Civil Rights filed the complaint. The Nevada Health Services Coalition, a nonprofit, helps negotiates hospital contracts for discounted health care service rates for 19 member group healthcare organizations, including 230,000 Nevada residents.

Christine Carafelli, executive director of the coalition said, “It’s our position that patient data collected in the course of medical treatment should not be used to lobby or gain leverage in contract negotiations.”

After this complaint, Dignity Health released statement:

“St. Rose Dominican Hospitals upholds the highest ethical and moral principles, and honors federal, state and other regulatory guidelines related to the provision of health care. St. Rose has not, and will not, compromise patient safety or confidentiality. Like all hospitals, St. Rose values the patients it has served and regularly communicates with current and former patients regarding operational, financial or other matters related to health care services at St. Rose.”

To protect your data arising out of disputes it is better to safeguard company laptops with encryption software. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization. Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

1,100 patients of St. Vincent Hospital notified about laptop theft

February 15th, 2014 by admin No comments »
St Vincent's Hospital 9

1,100 patients of St. Vincent Hospital notified about laptop theft

St. Vincent Hospital notifies 1,100 patients of laptop theft. Letters were sent out for same. Laptop was used with an EEG machine went missing leading to potential data breach. Laptop was password protected which was connected to an EEG machine (for recording electrical activity in the brain) used for diagnostic testing was detached and stolen. Police was notified immediately after the incident. It is considered by the hospital that laptop was not stolen for the information it contained and thus there may be low risk involved in the data breach.

ST. Vincent spokesperson said that laptop was taken from euro diagnostic department of the main St. Vincent Hospital campus in Indianapolis, a unit where doctors, patients and family members of patients can usually be found.

In a statement issued by the hospital, it mentioned that laptop contained patients’ protected health information (PHI) which includes name, date of birth, gender, date of service, type of service and physician name. This diagnostic testing device didn’t contain information related to the social security numbers or financial data. Affected patients of this stolen incident were advised to request free credit reports from Experian, Equifax, or TransUnion. It is advised to the patients to get the report check for any breach.

According to the spokesperson, “St. Vincent is taking precautionary steps to avoid future incidents, and is evaluating its medical devices, and installing encryption protection software as appropriate. Also, the hospital is working to enhance its physical security measures.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Notification letter sent to 3,026 clients of Easter Seal Society

February 13th, 2014 by admin No comments »

MSI laptop computer

Easter Seal Society employee’s work laptop was stolen which caused data breach of nearly 3,026 clients

Easter Seal Society employee’s work laptop was stolen which caused data breach of its clients. Nearly 3,026 clients were affected and same were notified about the incident. Theft incident resulted in data breach because of stolen employee’s laptop along with few other belongings.

The Easter Seal Society of Superior California released a report mentioning that there was some grouping of date of birth, health care provider information, patient identification number, health care billing information and therapy notes. So data compromised didn’t consist of same information for all the clients. Easter Seal Society of Superior California president and CEO Gary T. Kasai mentioned in the notification letter, “Upon learning of this incident, Easter Seals immediately launched an internal investigation, hired specialized data security counsel to assist in the response to this incident, and retained external forensics experts to assist in determining the scope of this event.”

“Following this incident we undertook a review of our internal policies and procedures related to protected health information, as well as the enforcement of our employees’ adherence to these policies and procedures,” Kasai added in the statement. “All necessary steps are being taken to ensure that this type of event does not occur again in the future.”

Easter Seal doesn’t believe any sort of fraudulent activity has occurred till now. Its press release added ‘Easter Seals also encourages all concerned individuals to remain vigilant, to review account statements, and to monitor credit reports for suspicious activity.’ But it failed to indicate whether the laptop was encrypted or even password-protected.

Easter seal is not a healthcare provider but an organization dedicated to services and education for those with disabilities. It is likely considered a HIPAA business associate.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

University of Miami Health System patients notified about lost records

February 10th, 2014 by admin No comments »

University of Miami

University of Miami Health System patients notified about lost records

The University of Miami Health System (UHealth) one of Southern Florida’s largest health providers has lost patient records containing protected health information (PHI). It had recently begun to notify about the incident to the patients.

Information on the file contained patient names, dates of birth, physician’s name, insurance company name, medical record name, visited facility, visit number, procedures, diagnostic codes, and Social Security numbers. Uhealth didn’t disclose the number of patients affected.

“Medical records are not at risk, but in an abundance of caution, the University is notifying all individuals whose information was included in the missing records,” a written statement by the Health System mentioned.

In July, an off-site storage vendor was contacted by the Department of Otolaryngology to locate the records but was unable to find it. After confirmation they notified about the lost records. Uhealth is offering credit monitoring services for all the affected patients. It further added as patients were notified after six months of the incident, it is unlikely of misuse in coming days.

Theo Karantsalis, whose son was treated by the department said, “The one thing we expect is that your patient records are going to be kept confidential.”

According to Uhealth’s Statement it will report the incident to HHS. Below is complete excerpt of the report:

“The University of Miami Health System (UHealth) is committed to providing our patients the best possible care and to protecting the confidentiality of our patients’ health information. On June 27, 2013, the Department of Otolaryngology, while attempting to retrieve records stored at an offsite storage vendor, was notified that the vendor was unable to locate the records. After an exhaustive search, it was confirmed on August 28, 2013, that the records were not in the possession of the University or the storage vendor.

Everything we’re giving out is on the release

These records consisted of billing vouchers (documents used for internal billing purposes). Vouchers contain the name, date of birth, social security numbers, physician name, facility, insurance company name, medical record number, visit number, procedure and diagnosis codes for the patient’s visit. Vouchers are documents used for internal billing purposes ONLY. Medical records are not at risk.

At this time, there is no indication that the information has been misused in any way.

In an abundance of caution, the University is notifying all individuals whose information was included in the missing records. The University also is offering potentially affected patients complimentary credit monitoring protection and has established a website to serve as a primary source of information, as well as a toll-free number for additional questions.

Only patients who were seen at the Department of Otolaryngology may potentially be affected by the incident. Potentially affected patients will receive a notification letter.

University computer systems are completely unaffected by this incident. All patient information remains current and available on these systems.

At the University of Miami Health System, we take the privacy and security of our patients’ information very seriously. We continue to review and refine our physical and electronic safeguards to enhance protection of all patient data. We are committed to protecting all information entrusted to us, and pursuant to the Federal HITECH Breach Notification Rule, we will report this incident to the U.S. Department of Health and Human Services.

Available around the clock, the University’s incident website is http://entincident.med.miami.edu. The toll-free incident line, 866-274-4371, is available from 9 a.m. to 9 p.m. EST Monday through Friday and from 11 a.m. to 8 p.m. EST Saturday and Sunday until April 30, 2014.”

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

White Lodge Investigates Data Breach, Card Fraud

February 8th, 2014 by admin No comments »
Marriott

White Lodge Investigates Data Breach, Card Fraud

White Lodging Services, a hospitality company that manages 168 hotels in 21 states under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach. It has suspected 14 hotels along with some hotel restaurants and lounges where the possible breach happened at point of sales systems. It suspected below establishments.

  • Sheraton Erie Bayfront, Erie, Pa.
  • Marriott Midway, Chicago, Ill.
  • Holiday Inn Midway, Chicago, Ill.
  • Holiday Inn Austin Northwest, Austin, Texas
  • Westin Austin at the Domain, Austin, Texas
  • Marriott Boulder, Boulder, Colo.
  • Marriott Denver South, Denver, Colo.
  • Marriott Indianapolis Downtown, Indianapolis, Ind.
  • Marriott Richmond Downtown, Richmond, Va.
  • Marriott Louisville Downtown, Louisville Ky.
  • Renaissance Plantation, Plantation, Fla.
  • Renaissance Broomfield Flatiron, Broomfield, Colo.
  • Radisson Star Plaza, Merrillville, Ind.

Information about the breach first came to notice when security journalist Brian Krebs reported, Marriott properties operated by White Lodging Services based in Merrillville, Ind was affected by the unnamed card processors tied to fraud involving hundreds of credit cards to a number of this property. He reported location of other affected hotels as Austin, Texas, Chicago, Denver, Los Angeles, Louisville, Ky., and Tampa, Fla., among other cities.

White Lodge spokeswoman Kathleen Quilligan told The Times of Northwest Indiana, “An investigation is in progress, and we will provide meaningful information as soon as it becomes available,” White Lodge is owned by Dean White 90, whose Forbes estimation is $1.9 billion. His company manages 168 hotels under variety of brand names.

Hilton, Starwood Hotels and Resorts Worldwide Spokesperson did not immediately respond to an emailed request for comment on apparent data breach. Marriot issued a statement later about the White Lodging Data breach which includes, ‘”One of our franchise management companies has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels,” and it continued “They are in the midst of the investigation and are in close contact with the banks and credit cards companies.”

Marriot failed to share details immediately as per the statement as it says “Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide,” and “Since this impacts customer of Marriott properties, we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely.”

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Big banks and retailers lock horns over Data breach

February 3rd, 2014 by admin No comments »

English: Logo of Target, US-based retail chain

Big banks and retailers lock horns over Data breach

Target customers personal information of about 110 million was exposed during the data breach. It was notified by the Justice Department after suspicious activity involving payment cards used at Target stores. Also Neiman Marcus computer was attacked by hackers. It was notified late to the customers as company required confirmation for the breach.

Target Executive Vice President John Mulligan started his testimony before the Senate Judiciary Committee with an apology before blame game started between big banks and retailers. He stated during first part of hearing, “We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back.” According to Mulligan, company hired its own independent team of experts to conduct a forensic investigation after the breach.

Personal information like credit and debit card numbers, expiration dates, PIN numbers and codes on the cards’ magnetic strips was compromised after 40 million credit and debit card accounts of Target were breached late last year. Also non card information like names, phone numbers and email and mailing addresses of 70 million Target customers were also stolen.

Neiman Marcus computer was also affected by the breach. Michael Kingston, senior vice president of the Neiman Marcus Group said, “The malware was evidently able to capture payment card data in real time, right after a card was swiped, and had sophisticated features that made it particularly difficult to detect, including some that were specifically customized to evade our multilayered security architecture that provided strong protection of our customers’ data and our systems.”

FTC Commissioner Edith Ramierz and William Noonan, a top agent with the Secret Service’s cyber operations branch are expected to report the Senate Judiciary Committee following testimony from retailers.

With the seriousness involved in the breach data it is advised companies to put all security measures in place. Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Saint Francis Hospital Patient Data Breach

January 30th, 2014 by