Onsite Health Diagnostics suffers data breach

August 4th, 2014 by admin No comments »

Onsite Health Diagnostics (OHD), a Tennessee government subcontractor, suffered data breach when its scheduler was accessed inappropriately. OHD has notified the affected local government employees about the breach. According to the reports, online scheduler was accessed by unknown entity.

Around 60,582 employees’ data, such as name, date of birth, address, email address, phone number and gender was accessed. Information related to financial information, Social Security numbers or medical data was not included in the breach.

According to the OHD statements:

OHD and investigating authorities are unaware of any identity theft related to this incident, but out of an abundance of caution, OHD has mailed letters to the affected health plan members to ensure that they are aware of the incident and can take steps to protect their information. OHD will provide one free year of identity theft protection to affected group health plan members.

While this information did not contain any diagnosis or medical information, the state has determined that, because it is related to our members’ health benefits, the disclosure of name, address, email address, phone number and gender does fall under the HIPAA definition of a breach of protected health information. The state has notified the Secretary of HHS of a Breach of Unsecured PHI.

After the breach, OHD has collaborated with experts to determine the flaws in the system. It was also observed that OHD had implemented new procedures and systems for more secure operations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

CD containing sensitive information goes missing

August 2nd, 2014 by admin No comments »
English: Looking north from Jersey Avenue at J...

CD containing sensitive information goes missing

Jersey City Medical Center recently notified a Medicaid patient data breach that occurred as United Parcel Service (UPS) failed to deliver an unencrypted CD with patient data on it. The CD contained unknown number of Medicaid patients’ names and some Social Security numbers.

For some patients information like date of birth, medical record number, gender, and information on visits to the Medical Center: admission and discharge dates, inpatient or outpatient status, number of days care was received, dollar amount of Medical Center charges incurred for care, name of health insurance payer(s), amounts paid by patient or insurers, and/or general type of claim and/or revenue code was present on the CD.

CD was supposed to be couriered at Jersey City Medical Center. The location of the CD remains mystery as no one knows where it is currently. According to the reports, Barnabas Health system will be offering one year credit monitoring.

“While UPS has no evidence that personal information has been made available to any unauthorized parties, or misused in any way, patients are being advised to be aware of any suspicious activity and to monitor their credit reports and financial accounts.” The notification letter, signed by Shani Newell, Privacy Officer says.

Facts related to this incident are –

  • There was a breakdown in protocols to locate and find lost packages.
  • Medical Center reviewed its incident prevention technology to avoid future instances of breaches.
  • Medical Center will attempt to encrypt patient data henceforth
  • Medical Center has since changed its policies to no longer send unencrypted CDs with patient information

“We have followed up extensively with UPS regarding this incident, attempting to ensure that UPS has followed all of its internal procedures designed to locate missing packages.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Riverside Health System suffers identity fraud

July 30th, 2014 by admin No comments »
http://openclipart.org/clipart/people/magnifyi...

Riverside Health System suffers identity fraud

A non-profit healthcare organization, Riverside Health System has declared identity fraud which happened back in 2012. According to the reports, former Riverside Health employee, T’sha Riddick, was involved in a medical identity fraud scheme. She stole credit card information from 13 cancer patients from Cancer Specialists of Tidewater, Virginia.

Information was not available about the way she got the information but it is observed that she has medical fraud history. She was convicted on two counts for identity theft 9 years back in North Carolina.

“Keeping patient information protected is vital at Riverside,” Riverside spokesman Peter Glagola said in a release. “We are looking at ways to improve our monitoring program with more automatic flags to protect our patients.”

Information which caused the breach includes cancer patient’s credit card data and Social Security numbers.

Riverside runs following facilities –

  • Five Hospitals – Facilities in Newport News, Riverside Regional Medical Center.
  • Three specialty hospitals – medical group, surgery centers, retirement communities and home-care services.

Riverside has to do following work for better security –

  • Investigate the way of accessing the information by Riddick
  • Review employee policy
  • Update technology to allow specific access to authorized personals.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Marketing firm acquires patient names and address

July 28th, 2014 by admin No comments »
A portion of downtown Fargo, North Dakota as v...

Marketing firm acquires patient names and address

In an unprecedented event, Essentia Health of Fargo, North Dakota, has suffered data breach due to educational event. A marketing firm was able to access 430 patient names and addresses without their consent. Incident occurred when someone from the Essentia gave portable device containing patient data to the firm, Get Marketing. Essentia chief compliance and privacy officer Vicki Clevenger maintained that no patient medical data had been compromised.

“We have also taken the appropriate actions according to our policies and have provided additional education to the staff members involved to prevent future occurrences,” Clevenger said to inforum.com. “There was no additional information shared, including no medical and clinical information,” Clevenger added.

When Essentia was sending patients information to a free educational event that offered new procedures for those dealing with lower back pain, the breach occurred. In all 70 patients attended the event, but Essentia did recognize that a breach had occurred when the event was being promoted. Jodine Wien, a Moorhead patient, complained to Essentia when she found that her name and address had been given to Get Marketing that was involved in sending out the invitations.

“I’m a little angry at Essentia,” Wien said Monday, adding that she was displeased with the health provider’s initial responses to her complaint. “I was treated completely rudely and nobody wanted to say anything.”

Essentia determined that patients’ names and mailing addresses were “erroneously” released to Get Marketing, which was “engaged and paid by a medical device manufacturer, not Essentia Health,” Clevenger wrote Wien.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Indian Health Services folder causes data breach

July 27th, 2014 by admin No comments »
English: Indian Health Service logo (made by m...

Indian Health Services folder causes data breach

Indian Health Services (IHS) suffered data breach when an employee mistakenly left a folder out in a public area. According to the reports, the incident related information can be provided as –

  • All together 620 patients were affected by the incident.
  • Folder contained information which includes patient names, Social Security numbers and enrollment information.
  • Indian Health Service Rosebud Service Unit sent out breach notification letters to the affected clients.
  • Information was not for the reason behind the presence of folder in Rapid City.
  • According to the IHS, information is not misused or accessed inappropriately.
  • IHS has agreed to improve its HIPAA privacy and security training among employees.

The most common question heard and the one that need to be answered is: “Why was that information in Rapid City to begin with?

William Bear Shield, the chairman of the Rosebud Sioux Tribal Health board and a veteran of Desert Storm said, “I represent a community in Gregory County, 90 miles east of Rosebud, so what was my information doing up there?” He said. “Why was it in possession of an individual in Rapid City?”

Bear Shield said he asked employees at the Rosebud Service Unit why information was in Rapid City, but he said no one would give him a straight answer.

“How can I know if someone didn’t find that information and write down my Social Security number and just wait a year before using it?” he asked.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Browsers under attack

July 26th, 2014 by admin No comments »

Hackers have focused their attacks on browsers which ultimately has common theme for benefiting from the end users. As old versions of the Java Runtime Environment (JRE) are typically now blocked in the browser by default, Java applets require explicit activation from users.

Bromium Labs researchers said, “so this attack vector becomes harder and harder to leverage” and “It’s evident that attackers continue to shift focus in between ubiquitous internet facing applications, but there’s a common theme throughout – attacking the end users.” It leaves hackers looking to other popular applications to exploit.

According to the reports by the lab, Microsoft’s IE was one of the most patched and one of the most exploited applications in 2014′s first half, targeted more often than Mozilla’s Firefox, Google Chrome, Java, Adobe Flash, Adobe Reader or Microsoft Office.

The lab also mentioned different techniques used in the attacks which are given below –

  • Zero day techniques in which attackers used Adobe Flash to launch action script virtual machine (ASVM) attacks.
  • Action script spray facilitates the use of return-oriented programming (ROP), which allows attackers to execute malicious code in the presence of security defenses

“This technique leverages the way dense arrays are allocated in memory,” wrote Bromium researchers. “If a vulnerability allows an attacker to control the size of a vector, they could make it as big as the whole memory space and then search for the necessary API calls and ROP gadgets.”

“Traditional heap spray was supposed to deal with early address randomization techniques implemented in various operating systems. Nowadays defenses are much more sophisticated. Malicious code must ‘know’ addresses of crucial libraries and API functions in order to execute,” said Vadim Kotov, Bromium’s senior security researcher. “Actionscript spray provides this ‘knowledge,’ while its ancestor doesn’t even address this issue.”

“Action heap spray — as well as traditional heap spray — is merely an instrument to exploit security vulnerabilities,” Kotov said. “If you want to reduce the probability of being compromised, you need to have reasonable patching policy and invest in protection software.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two men stole an unencrypted laptop

July 25th, 2014 by admin No comments »
MSI laptop computer

Two men stole an unencrypted laptop

Self Regional Healthcare of Greenwood, S.C. is affected by data breach when two men stole laptop during memorial weekend. It was not clear how many patients were affected by this incident. As per the data, Self regional Healthcare serves around 250,000 patients.

Self regional has notified South Carolina Department of Health. According to reports the patients affected stands around 500 and the records included patients’ names, Social Security numbers, driver’s license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information, and possibly addresses.

Self Regional posted a notice on its website, with comment from President and CEO Jim Pfeiffer

Self Regional takes the security of our patients’ personal information very seriously . . . We retained third-party computer forensic experts to assist with the investigation of this incident, even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop. Because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients’ protected health information.

The two thieves were caught later and one told to the police during the briefing that laptop was thrown in the lake which authorities failed to trace. The act of thief appears to be general theft and not targeted attack for information contained on the laptop. Laptop was unencrypted and pose a threat for the patient’s whose information was present on the laptop.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

- See more at: http://blog.alertsec.com/#sthash.EXcVYngp.dpuf

What is Use-After-Free Memory Risk?

July 19th, 2014 by admin No comments »
Laptop icon

What is Use-After-Free Memory Risk?

Recent updates from the Microsoft, Google or Mozilla shows use-after-free memory errors. Attackers take advantage of vulnerabilities in allocated memory and inject virus or arbitrary code to extract information.

“It does take a lot of knowledge and sophistication,” Karl Sigler, manager, SpiderLabs Threat Intelligence at Trustwave said. “But of course it only takes one researcher to make the discovery, and then everyone else can just copy the research. We’re seeing more use-after-free memory attacks than we ever have before,”

Evolution of attacker methods

It’s not that easy to hack free memory space and install arbitrary software. It requires certain level of sophistication.

“It can take some ninja-fu, it’s not brain dead easy,” Sigler said.

As said earlier, one research to exploit leads to many attacks using same techniques. Researchers make vulnerability exploitable using a technique known as return-oriented programming (ROP).

“ROP has become the method of getting executable code onto the stack,” Stigler said. “ROP chains hop through memory looking for executable pieces of code they can chain through and eventually find a method of getting to run.”

How to reduce the risk

There are ways suggested to stop the attacks as given below –

  •  A Web application firewall (WAF) can be used in some cases to provide a network-layer protection.
  • Microsoft recommends the use of its Enhanced Mitigation Experience Toolkit (EMET) as a technology.
  • Application developers should strive to build better security into their apps.

“Developers should understand what their code is actually using in memory,” Sigler said. “If the program is freeing memory and still flagging it as being able to be used, the program should be able to control what the memory is used for. That would eliminate a lot of the vulnerabilities that attackers have.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Unresolved Network Events

July 12th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Unresolved Network Events

Survey was conducted for security issues by Emulex and the result shows that 73 percent of IT staff has unresolved network events.

“An unresolved network event is one in which the root cause has not been established and therefore the risk of reoccurrence has not been mediated,” Matt Walmsley, senior marketing manager at Emulex division Endace, told SC Magazine. “These events are still unresolved because these IT pros do not have access to the right post-event forensics tools.”

Key highlights of survey are given as below –

  • Eighty-seven percent of respondents mentioned that they had reported the root cause of a network or security issue to their management but didn’t have the necessary information required to be completely accurate in their assessment.
  • Thirty nine percent mentioned that it occurred at least a few times.
  • Forty five percent of IT staff mentioned that they monitor network and application performance manually instead of using network monitoring tools
  • Eighty three percent said there has been an increase in the number of security events they’ve investigated in the past year
  • Eight one percent of security operations role mentioned their organization has experienced a network security breach.
  • Twenty-seven percent of network breaches were found through manual searches and user reporting without the use of alerting tools.
  • Seventy percent of network operations role have experienced a critical network event that took at least one full business day to diagnose.
  • More than half of U.S. counterparts said network outages or performance degradations cost their organizations more than half a million dollars in revenue per hour.

“IT is facing new challenges related to the growing use of software-defined networking, virtualization and higher performing networks, as well as increasingly more sophisticated attacks on company IT assets,” Emulex senior vice president of marketing Shaun Walsh said in a statement.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

St. Joseph Health’s patients’ data stolen

July 10th, 2014 by admin No comments »
English: A Sandisk-brand USB thumb drive, SanD...

St. Joseph Health’s patients’ data stolen

St. Joseph recently took over Regional Medical Group’s imaging center and recent data breach shows example of what can happen after transition. Total of 33,702 patients were affected by this breach. A thumb drive was stolen from employee’s locker which was not locked during the incident. Information related to Encryption status of the thumb drive was not available.

Affected data due to breach includes patient names, gender, medical record numbers, date of birth, date and time of service and X-ray details. Affected patients were treated with X-ray services. The data was restricted to X-rays only. No other imaging exams — such as mammograms or MRIs — were included on the drive.

The stolen thumb drive did not contain information on specific illness or patient diagnoses nor did it include any patient financial information, including insurance data or Social Security numbers.

“We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County, to the Democrat. “We apologize to those patients affected and have already implemented a number of security measures and other protocols so that this doesn’t happen again.”

Salnas also added that St. Joseph would be putting new procedures in place to boost physical security, such as using new security personnel, improving employee awareness and implementing a new alarm system.

“We are in the process of standardizing the records from Redwood Regional Medical Group to St. Joseph,” said Salnas. “Not only the data but procedures and policies, which we’re still in the process of completing.”

 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Montana Health Department hacked

July 8th, 2014 by admin No comments »
English: Butte, Montana, USA

Montana Health Department hacked

Montana Department of Public Health and Human Services is notifying public program clients and employees about data breach due to recent incident of server hacking. Montana hired an investigator and confirmed that their server was inappropriately accessed. The server had sensitive information which included state public assistance data such as food stamps, welfare payments, Medicaid, home heating aid and child-care assistance, birth records and some state employee information. It was also found out that there may have been clients’ names, addresses, birth dates, Social Security numbers and health records.

As protected health information (PHI) was involved in this breach, Montana may initiate conversation with the Department of Health and Human Services (HHS). Montana’s state CIO, Ron Baldwin, told the Gazette that this was a first-time breach and that an outsider found a software vulnerability prior to the department being able to patch it, leading to the server hack. “This is not unique to Montana, it’s not unique to state government,” he said. “All states, all major businesses are experiencing these (attempts) every day, every month, every year … and they come from all over the world.”

Montana Department of Public Health and Human Services director Richard Opper suggested that the hackers may have been involved with trading Bitcoins in some form. “Out of an abundance of caution, we are taking the necessary steps to reach out to those whose information may have been stored in the server,” he said to the Gazette. “DPHHS is committed to answering questions clients and employees may have, and to help them take advantage of services we are offering.”

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Indianapolis hospital sent letters with patient information

July 6th, 2014 by admin No comments »
English: icon for mailing lists

Indianapolis hospital sent letters with patient information

St. Vincent Breast Center of Indianapolis sent letters with patient’s information to the wrong addresses. The breach has caused St. Vincent to send alert to around 63,000 patients. Incident came to notice, when wrong recipients of the letters began calling hospital about the breach. Letters contained printed information which includes patient names, addresses and some scheduled appointments.

According to the St. Vincent there was no financial data or Social Security numbers involved in the incident. Hospital destroyed the letters which were sent by the patients. But the number of sent letter remains unknown.

“We value the privacy and security of patient information, and regret this mailing error,” Rex McKinney, privacy officer for St. Vincent Indianapolis Hospital, said to wishtv.com. “It is our priority to support those who have been affected and make the necessary changes to our patient mailing process to avoid future occurrences. We sincerely apologize for any inconveniences resulting from this unfortunate incident.” McKinney added that the organization will implement new patient information mailing strategies going forward.

Statement on St. Vincent Breast Center website includes:

Please be assured that the Center is taking steps to mitigate this incident by notifying affected individuals through this substitute notice, media notice, and destroying all letters that have been returned. The Center is also evaluating and making changes to its patient mailing processes internally and with external vendors to avoid an incident of this nature in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

The Alabama Department of Public Health faces data breach

July 4th, 2014 by admin No comments »
Seal of the Alabama Department of Public Healt...

The Alabama Department of Public Health faces data breach

The Alabama Department of Public Health (ADPH) has send out breach notices for more than 500 patients. According to the reports, the affected includes patients treated at one of Alabama’s 65 county health departments. Patient’s personal information and identities were compromised due to this incident.

Data compromised includes clients’ names, dates of birth, and Social Security numbers from ADPH, as well as several other entities. Privacy Officer Samarria Dunson, “[w]e believe now that it is possible they may have been former employees, but we are still participating in the investigation. It would be particular records that were printed out by individuals.”

ADPH released a statement saying it was informed on June 5, 2014 that the U.S. Attorney’s Office for the Middle District of Alabama and the U.S. Department of Justice’s Tax Division that they were prosecuting a case of theft involving personal information.

“We believe now that it is possible they may have been former employees, but we are still participating in the investigation,” Alabama Department of Public Health Privacy Officer Samarria Dunson.

“It would be particular records that were printed out by individuals,” Dunson said.

Dunson says victims range in age, but most were young adults.

“They were born mostly in the year of 1996 which would make then 18 now. Unfortunately that seems to be a group of people that these type of criminals really go after maybe because they are not filing tax returns right now or really keeping up with their credit score,” Dunson said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Child Vaccination records stolen

July 2nd, 2014 by admin No comments »

Cryptographically secure pseudorandom number g...

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen.

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen. According to reports, number of child patients stands at 300 whose vaccination information was present on the laptop. Information on the laptop included patients’ last names, dates of birth, doctor identifier and immunization names.

“Metro Health takes the privacy of individual health information seriously and is reviewing all practices and policies associated with the handling and transport of protected health information,” a spokeswoman said to woai.com.  “While the likelihood of harm from this breach is minimal, those affected by this theft are being individually notified and advised to monitor their health insurance statements closely for any unusual activity.”

Metro Health’s site fails to explain the laptop location at the time of the theft. Also it has been come to the notice that laptop which contained vaccination records from the Vaccines for Children program, has not been recovered.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Neurodiagnostics centre notifies patients of data breach

June 29th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Neurodiagnostics centre notifies patients of data breach

Colorado Neurodiagnostics of Littleton, Colo. has notified an unknown number of patients after data breach. According to the reports, laptop was stolen from the office which contained Protected Health Information (PHI).  The information which was comprised includes patient names, dates of birth and clinical information but there were no Social Security numbers or financial data.

It was also noticed that laptop was password protected but the status of encryption was not known. The theft was reported to the Littleton Police and the federal Office for Civil Rights. Colorado Neurodiagnostics is offering affected patients identity protection services. Also, patients are also encouraged to closely monitor financial accounts and, if there is any suspicious activity

According to the organization, they will use security cameras and boost security training among employees. Furthermore to boost the security they should verify the status of encryption software on laptop.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

NRAD suffered PHI data breach

June 27th, 2014 by admin No comments »
Desk full of laptop computers

NRAD suffered PHI data breach

NRAD medical associates situated in Garden City, New York suffered data breach due to unauthorized access of the data by one of its employee. NRAD has informed around 97,000 patients which were affected by this breach. According to the reports, internal employee accessed protected health information (PHI) and patient billing data back in April 2014. Information included date of birth, address, Social Security number, and health insurance information.

The employee working as radiologist was able to pass IT security safeguards in place and accessed information. NRAD said that it “immediately enhanced security measures” and doesn’t believe any of the compromised data was used maliciously. “We believe there is very low risk from this event and the data breach has been contained. We have no evidence that any customer financial or credit card information was involved,” the organization said, according to the report. They do not indicate when the breach occurred or how it was discovered.

In response to the discovery, NRAD “immediately implemented enhanced security measures,” and recommended that patients contact one of the three major credit bureaus to place a fraud alert on credit reports. In the FAQ, they state that the radiologist is “no longer employed at the practice and his misconduct was reported to the appropriate authorities and government agencies for investigation.” The breach was also reported to HHS.

According to the NRAD:

In terms of the scope of the breach, NRAD reports that it affects approximately 97,000 current and former patients, which they state is approximately 12% of the more than 800,000 patients they have treated over the past 20 years. It was not clear from their letter whether all 800,000 current and former patients’ information was still in their billing system (and if so, why).

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Tools for Compliance management which can boost security

June 24th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Tools for Compliance management which can boost security

HIPAA has certain set of rules when it comes for compliance management. Compliance requirements are many times seen as an unnecessary burden but if proper procedures are followed then it can protect your organization even from data breach. Moreover it can also protect you from lawsuits to corporate espionage. The risk associated with compliance failures can include financial impact or fines, data loss, lost business or even a suspension of operations.

Below is the list of compliance management tools -

  • www.glpi-project.org: A free, open source tool, GLPI offers IT and asset management capabilities. After all, a good inventory is the first step in seeing what needs to be secured.
  • www.ptatechnologies.com: A free toolset that is driven by the methodology of effectively managing operational and infosec risks in complex systems using calculative threat analysis and threat modeling.
  • www.somap.org: The ORICO Framework and Tool are two projects in one, offering risk management and the toolset to build a reference implementation of a security framework.
  • sourceforge.net/projects/assetmng: An open source IT asset management system that provides identification, valuation and risk assessments.
  • http://openfisma.org : An open source framework that is designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

IT managers may need to build their own solutions and integrate off-the-shelf products with other solutions. Luckily for those choosing a path of self-development, several free tools can become part of an integrated solution.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Breach count reaches to 1.3 million for Montana DPHHS

June 22nd, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Breach count reaches to 1.3 million for Montana DPHHS

(DPHHS) have faced one of the largest HIPAA breaches in terms of number of affected patients. Total count stands at 1.3 million due to server hack of DPHHS. Information is not available whether the hackers used patient data maliciously or accessed it while on the server.

According to Montana, Server has the sensitive information which has patient demographic information, including names, addresses, dates of birth, and Social Security numbers. Also some records may have information regarding DPHHS services clients applied for and/or received, such as health assessments, diagnoses, treatment, health condition, prescriptions, and insurance. The incident extent came to light when DPHSS hired an investigator to know extent of breach.

“Out of an abundance of caution, we are notifying those whose personal information could have been on the server,” said DPHHS Director Richard Opper. “Again, we have no reports, nor do we have any evidence that anyone’s information was used in any way, or even accessed.”

Earlier Unknown computer hackers used malware to gain entry to a DPHHS server containing client and agency employee personal information. According to the reports, this incident should not impact DPHHS services as none of the information contained on the server was lost and has complete back-up of the information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Rady Children’s Hospital notifies patients of data breach

June 20th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Rady Children’s Hospital notifies patients of data breach

Around 14,121 patients were notified after data breach in Rady’s Children Hospital, San Diego.  Incident of data breach occurred due to human error when patient data was sent to job applicants. According to reports, hospital’s employee sent a spread sheet to unintended receiver.

Spread sheet contained sensitive information which includes patients’ names, dates of birth, primary diagnoses, admit and discharge dates, medical record numbers, and other insurance information. There were no Social Security numbers or financial data included in the files, Ben Metcalf, a hospital media relations representative said.

After the incident, hospital hired security experts to confirm the deletion of files from computers of job applicants. Security experts can also verify whether the files have been shared to know the extent of breach. When Rady conducted investigation on recent breach it was found that this type of breach occurred even in past when mail error exposed 6307 patients data

Rady said that it will begin using only onsite testing programs for job candidates, improve email security approval protocols and encryption methods and better educate employees on patient privacy requirements. Rady Children’s Hospital spends lots of time and money protecting its patient privacy and information from outside hackers. But error by an employee that recently exposed the information.

“Some families were upset,” said Kearns acting president of hospital. “But the vast majority understood that this is something that was not done purposely. This is something that was done on a human error.” Rady Children’s has notified county and state officials and will also need to report the breach to federal regulators.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New Dyre Banking Trojan

June 15th, 2014 by admin No comments »
Password 'fido' ...item 3b.. Five Characters i...

New Dyre Banking Trojan

A new banking Trojan also known as Dyre or Dyreza was discovered by Researchers at CSIS and PhishMe. It was found that this virus is designed to bypass SSL protection and steal banking credentials.

PhishMe researchers warned of this new malware, being delivered via phishing emails with the subject lines “Your FED TAX payment was Rejected” and “RE: Invoice.” The emails contain links to files on LogMeIn’s Cubby.com file storage service. “Since Dropbox has been quick to block phishing links, the attackers needed a new legitimate service,” noted PhishMe’s Ronnie Tokazowski.

Process of attack is as follow – Click on the link in the email, and you’ll download a zip file. If you open the zip file, and malware is installed, which monitors all of the victim’s browser traffic, including SSL traffic, with the aim of stealing and uploading online banking login credentials.

“[Bank credentials] should be encrypted and never seen in the clear,” Tokazowski wrote. “By using a sleight of hand, the attackers make it appear that you’re still on the website and working as HTTPS. In reality, your traffic is redirected to the attackers’ page. To successfully redirect traffic in this manner, the attackers need to be able to see the traffic prior to encryption, and in the case of browsers, this is done with a technique called browser hooking.”

Krause told Dark Reading that the malware seems to represent a new banker Trojan family, unrelated to the Zeus Trojan. “One of the biggest differences between Zeus and Dyre is how communication with the command-and-control infrastructure takes place,” he said. “With Zeus, data is usually encoded or encrypted, then passed back as raw binary data. With Dyre, the data is POSTed in the clear, making detection for enterprises with IDS capabilities very straightforward.”

But that may well change in the near future. “Since data is being posted back unencrypted, I believe this malware is only in its infancy, and we should expect more refinements from the malware author,” Krause said.

Kevin Bocek, vice president for security strategy and threat intelligence at Venafi, told eSecurity Planet by email that the threat from Dyre is being enabled at least in part by the blind trust too many users have in SSL/TLS. “In fact, 40 percent of mobile online banking applications are estimated to be vulnerable to man-in-the-middle (MITM) attacks without any cyber criminal effort,” he said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Round up : Last Month

June 12th, 2014 by admin No comments »


Cryptographically secure pseudorandom number g...
Data Breach Round up : Last Month

To get overview of recent data breaches, we are summing up the challenges and solutions to prevent information and credibility loss.  All the excerpts are part of communication with Rapid7 global security strategist Trey Ford.

Data Points

It’s crucial, Ford says, to ensure that everyone in your organization is fully aware of the sensitivity of the data they may be handling. “A lot of people are posting data, they’re moving things around – they’re just trying to do their jobs – and for a number of reasons they may not always be aware that, OK, this is a list, this is a database, and some of this data is sensitive,” he says.

While most companies are aware of the importance of protecting clearly sensitive data like Social Security numbers and credit card information, Ford says other data can easily slip through the cracks. “We’re in a culture where it’s been comfortable to give out your phone number, your email address, your mom’s maiden name – and we’ve forgotten that with just a few more data points, you can go through and start creating fraudulent accounts or purporting to be someone else,” he says.

“Attackers are going to be like water – they’re going to follow the path of least resistance,” Ford says. “So it may be that a lot of your core systems are very carefully measured, but you don’t get to wash your hands and shrug off liability when you give sensitive data to external companies.”

Breach Communication

Ford says the recent eBay breach serves as a good example of the importance of responding to a breach correctly. “EBay has historically very heavily invested in great technology, great people. They’ve had a very advanced security program, they’re very aggressive with their measurement strategy, they’re a metrics-driven security organization – and I’m confident that their internal response was actually very swift and well-executed internally,” he says.

Encryption is the answer

Finally, Ford says it’s frustrating to see data breaches resulting from the theft of unencrypted laptops and USB drives continuing to be an issue. “Encryption technology exists, it’s pervasive, every major operating system in production used today has it or has it available, and it’s not even terribly expensive,” he says. “The challenge lies in the fact that it’s hard to manage. There are concerns about, ‘What if the admin leaves, or what if we get locked out of something?’ – and those are valid concerns – but those problems have been solved, they’re addressable, and organizations not using encryption should be the exception, not the rule.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

St. Joseph Health’s patients’ data stolen

June 10th, 2014 by admin No comments »
Password 'fido' ...item 3b.. Five Characters i...

St. Joseph Health’s patients’ data stolen

St. Joseph recently took over Regional Medical Group’s imaging center and recent data breach shows example of what can happen after transition. Total of 33,702 patients were affected by this breach. A thumb drive was stolen from employee’s locker which was not locked during the incident. Information related to Encryption status of the thumb drive was not availale.

Affected data due to breach includes patient names, gender, medical record numbers, date of birth, date and time of service and X-ray details. Affected patients were treated with X-ray services. The data was restricted to X-rays only. No other imaging exams — such as mammograms or MRIs — were included on the drive.

The stolen thumb drive did not contain information on specific illness or patient diagnoses nor did it include any patient financial information, including insurance data or Social Security numbers.

“We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County, to the Democrat. “We apologize to those patients affected and have already implemented a number of security measures and other protocols so that this doesn’t happen again.”

Salnas also added that St. Joseph would be putting new procedures in place to boost physical security, such as using new security personnel, improving employee awareness and implementing a new alarm system.

“We are in the process of standardizing the records from Redwood Regional Medical Group to St. Joseph,” said Salnas. “Not only the data but procedures and policies, which we’re still in the process of completing.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Montana Health Department hacked

June 7th, 2014 by admin No comments »
VA Campus Staff Housing, Miles City

Montana Health Department hacked

Montana Department of Public Health and Human Services is notifying public program clients and employees about data breach due to recent incident of server hacking. Montana hired an investigator and confirmed that their server was inappropriately accessed. The server had sensitive information which included state public assistance data such as food stamps, welfare payments, Medicaid, home heating aid and child-care assistance, birth records and some state employee information. It was also found out that there may have been clients’ names, addresses, birth dates, Social Security numbers and healt

As protected health information (PHI) was involved in this breach, Montana may initiate conversation with the Department of Health and Human Services (HHS). Montana’s state CIO, Ron Baldwin, told the Gazette that this was a first-time breach and that an outsider found a software vulnerability prior to the department being able to patch it, leading to the server hack. “This is not unique to Montana, it’s not unique to state government,” he said. “All states, all major businesses are experiencing these (attempts) every day, every month, every year … and they come from all over the world.”

Montana Department of Public Health and Human Services director Richard Opper suggested that the hackers may have been involved with trading Bitcoins in some form. “Out of an abundance of caution, we are taking the necessary steps to reach out to those whose information may have been stored in the server,” he said to the Gazette. “DPHHS is committed to answering questions clients and employees may have, and to help them take advantage of services we are offering.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hershey Medical Center suffers data breach

June 4th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

Hershey Medical Center suffers data breach

Penn State Milton S. Hershey Medical Center notified around 1801 patients for the recent data breach occurred due to employee’s unauthorized access of clinical data. According to reports, particular employee working as a clinical laboratory technician used his personal computer to access protected health information (PHI).

The employee used removable storage device and personal email account while accessing information. Organization is working on improving internal education and training of employees on security best practices. According to release by Hershey medicals -

The employee was authorized to access and use this information because of his job at Penn State Hershey. However he worked on the test log at home using systems and devices outside the secured Penn State Hershey system—his personal computer, a removable storage device (a flash drive) to transport the log home to continue his work after hours and his personal email account to send the updated test log to two Penn State Hershey physicians.

Penn State Hershey considers patient privacy and confidentiality to be of the utmost importance and chose to notify patients of this incident out of an abundance of caution. To decrease the likelihood of similar circumstances occurring in the future, Penn State Hershey is increasing education efforts with employees, focusing on the essential responsibility of all staff to safeguard patient health information at all times and follow proper practices for doing so.

This incident exposed PHI which includes patient test logs from the organization’s women’s health and family practice clinician offices. However, no Social Security numbers or financial data were involved. Affected patients were treated from August 1, 2013 to March 26, 2014.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Connecticut based Access Health in the process of data breach notification

June 2nd, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Connecticut based Access Health in the process of data breach notification

The Connecticut state health insurance exchange, Access Health CT suffered data breach after its vendor’s employee lost a backpack. According to the reports, bag contained notepad having information which includes 413 handwritten names, 151 Social Security numbers, and an undisclosed number of birthdates.

“While we are still working to understand exactly why this person took the information out of the building, based on what we have learned so far it does not appear there was malfeasance on the part of this person,” Jason Madrak, Access Health’s chief marketing officer, said in a statement Sunday.

Access Health has provided one year free credit monitoring and also understanding cause and prevention of such incidents. It is in the process of notifying the affected patients about the breach. Count for affected patient’s stands at 413 according to initial reports.

“The attorney general takes matters of privacy and data security seriously,” Jepsen spokesman Robert S. Blanchard said in a statement. “Consistent with our practice in past breaches by other custodians of personal information, we reached out on Friday to Access Health CT regarding the incident and its plans to protect those potentially affected. We expect those discussions to continue as we seek to ensure that Connecticut residents’ privacy and personal information is protected. In particular, the office is seeking to determine how this incident occurred, what security procedures and policies were in place before the incident, and what is being done to reduce the risk of future breaches occurring.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

ProMedica Bay Park Hospital suffers data breach

May 29th, 2014 by admin No comments »
BGFJ0R (CYBER ATTACK) ...item 2.. Watching the...

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach.

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach. Protected Health Information(PHI) had been copied by the incident when employee inappropriately gained access to the information. Compromised data includes patient names, dates of birth, diagnoses, attending physicians, and medications. According to reports, Social Security numbers and financial data were not accessed.

“ProMedica Bay Park Hospital values patient privacy and deeply regrets that this incident occurred,” the organization said in a statement, reported by northwestohio.com. “The hospital is taking this matter very seriously. ProMedica immediately deactivated the employee’s access to patient information and the individual is no longer employed by ProMedica. ProMedica Bay Park Hospital has completed an internal investigation and is taking precautions to prevent any further health information breaches. This includes additional training for employees to ensure they understand and follow patient information access policies.”

It was revealed that previous employee accessed records of patients when not in directly under the employee’s treatment. The hospital said it will offer all affected patients a one-year membership for identity theft protection services, which includes a security freeze on their credit file, 90-day fraud alert notice, and free annual credit reports and other account statements.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Elliot Hospital’s four computer workstation gets stolen

May 27th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Elliot hospital suffered data breach when employee's car was broken and computers were stolen.

Elliot hospital suffered data breach when employee’s car was broken and computers were stolen. Elliot hospital notified 1200 patients of breach that occurred due to this incident. According to the reports there was no medical or financial data on the workstations and there was only one Social Security Number. The Elliot Hospital employee was apparently transporting the workstations from different Elliot locations.

Patients name were present on workstations. Also 20 emails on computer has data such as date of service, date of birth, address, telephone number and billing codes. Elliot conveyed that they have improved its security processes.

“It’s very important to keep in mind or to understand that this is not a situation involving the breach of electronic medical records,” John Friberg, senior vice president of Elliot Hospital said, according to reports. “In fact, none of the information involved any medical records. For instance, nothing on these four PCs related to any medical history of any patients.”

It is believed that no information has been misused till date. According to new practice, PCs will no longer auto-archive data in the individual hard drive and the data instead will be centrally archived.

Elliot also decided to encrypt it’s PCs.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

LA County heighten encryption policies after data breach

May 24th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

According to reports, LA County is in the process of boosting encryption policies which includes reviewing privacy and security procedures.

According to reports, LA County is in the process of boosting encryption policies which includes reviewing privacy and security procedures. Los Angeles County Department of Health Services (DHS) also initiated new efforts to boost security after recent data breach that affected 342,000 patients.

After the breach, DHS has taken following initiatives -

  • It will boost data security rules
  • Mandating encryption for employees laptops and computer workstation hard drives

L.A. county contractors that exchange patient data with the county must also encrypt the data in motion. Lisa Richardson, DHS spokeswoman, added that the Sutherland incident “alerted us to some necessary security measures.”

It is curious to learn about DHS’s encryption policies prior to the Sutherland breach and what other types of changes it made to safeguards as a result of the data breach.

Important : Health and Human Services (HHS) will be looking to ensure that organizations have encrypted devices containing protected health information (PHI).

It was observed that ideal scenario is not to include sensitive data on local desktop and laptops. But as this situation is difficult to achieve due to work requirements, it is advised to encrypt your devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

UCI notifies students of malware incident

May 22nd, 2014 by admin No comments »
English: no original description

UCI notifies students of malware incident

University of California Irvine (UCI) notified 1,813 students and some non-students affected by a data breach involving key logging software malware. Three UCI student health care computers were affected by the malware incident. The incident came to notice when UCI IT security office learned about the malware on computers.

Information compromised includes patient name and unencrypted medical information. It also potentially included health or dental insurance number, CPT code(s), ICD9 code(s) and/or diagnosis) and student ID numbers. The affected group also included non student’s information like patient ID numbers, mailing addresses, telephone numbers, amount paid for services received, and bank name and check numbers. Information may have been transmitted to unauthorized servers.

According to reports, UCI immediately disconnected the affected computers and made sure that no other components of network were affected.

UC Irvine regrets that your information may have been subject to unauthorized access, and we have taken and continue to take remedial measures to ensure that this situation is not repeated. UC Irvine is committed to maintaining the privacy of students’ and non-student patients’ personally identified information and takes many precautions for the security of personal and medical information. The University is continually modifying its systems and practices to enhance the security of sensitive information.

The university has no indication that the data have been misused.  The  number of patients affected was not reported.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Protect Personally Identifiable Information

May 20th, 2014 by admin No comments »
Desk full of laptop computers

Protect Personally Identifiable Information

Modern security systems rely on users’ personal information, also known as PII, or personally identifiable information, but a data breach can potentially lead to monetary as well as trust loss. So it is very important to protect information from falling into wrong hands.

PII data stands floating around internet, details can easily be cross-correlated, helping wrong doers to quickly put together accurate identity profiles to gain advantage out of information. With just few important aspects of information thieves can cause huge losses to companies or individuals.

Types of PII – static and dynamic

Dynamic PII data includes details like credit card and bank account numbers, email addresses and passwords

Fixed PII data, such as date and place of birth or a national ID number such as a U.S. Social Security number, is far more valuable.

Hacking causes nightmare to both service providers and users. It causes huge losses which stands around  at least $60 million (before insurance) in direct expenses. End users may also  suffer an increased risk of being hacked elsewhere.

Protect your PII –

Passwords:  Properly encode password hashes which should be extremely expensive to decrypt when a breach occurs.

Users: Shifting security data from the service provider to the end user can benefit everyone. Example is of security question where user can creates his or her own question.

Transparency – Increasing user activity transparency – such as providing the time and location of last login – gives extra tools to the user to detect intrusions.

Encryption – Install tools to fight hacking. Install encryption software on laptops and computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Another 3,497 patients added to data breach list

May 17th, 2014 by admin No comments »

English: Sutherland Hospital, Caringbah, New S...

Sutherland Healthcare has to add names of 3,497 patients in the list of data breach.

Sutherland Healthcare has to add names of 3,497 patients in the list of data breach. In April, Sutherland has already added 170,200 patients to the list of affected. Now new addition has increased the count to 342,000.

All the patients received Drug Medi-Cal services through the Department of Public Health. Though no Social Security numbers were included in the breach, patient names, addresses and billing information may have been compromised.

The incident dates back when eight computers were stolen from Sutherland’s Torrance, Calif. office. In the initial reports 168,000 patients were included in the affected list for whom patients’ first and last names, Social Security numbers and certain medical and billing information were potentially compromised.

The notification sent by Sutherland to patients assures them that the company takes “patient privacy very seriously,” but doesn’t notified whether it cared enough to encrypt the data.

The California Attorney General’s office likes encryption and noted in a report last year that more than half the 2.5 million victims of data breaches it surveyed in the state in 2012 would have benefited from its presence. Sutherland’s notice offered those affected free credit monitoring services through ID Experts. The final number on the Sutherland breach is as yet unknown, as they did not disclose how many other covered entities may have been affected by this breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

OCR dismisses group of activist’s HIPAA complaint

May 15th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

OCR dismisses group of activist’s HIPAA complaint

A group of activist, Change to Win (Ctw) had earlier filed a complaint with the Office for Civil Rights (OCR) after it found that patient’s privacy was compromised. OCR has officially completed its investigation into this Walgreens “Well Experience” program. After investigation it has dismissed the complaint.

Ctw has claimed that pharmacists were leaving the desks unattended and thus there were chances of exposing patient’s data. It was case of physical safeguards violation according to Ctw at the Walgreens “Well Experience” program. OCR has performed number of site visits and found as well as concluded that there was no reviewable evidence that Walgreens was missing the appropriate protected health information (PHI) safeguards.

But OCR gave some advice to Walgreens on patient’s consultation room and a screen containing patient’s name. It also recommended retraining of the employees in each store depending upon specific issues. The federal organization will provide Walgreens with technical assistance.

Upon completion of these on-site investigations, OCR found that Walgreens implemented the Well Experience specific safeguards in these stores and, further, these measures appeared to appropriately safeguard patient PHI. OCR noted that in the few stores where there was some evidence of staff error with regard to the implementation of safeguards, this was not evidence of widespread and systemic non-compliance, as the errors varied from store to store.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Boulder Community Health (BCH) investigating data breach

May 13th, 2014 by admin No comments »

BGFJ0R (CYBER ATTACK) ...item 2.. Watching the...

Someone mailed patients’ records to their homes to prove that Boulder Community Health (BCH) has lapses in security.

Someone mailed patients’ records to their homes to prove that Boulder Community Health (BCH) has lapses in security. It is one of kind of incident where context of breach is bizarre. BCH located in Colorado is investigating the incident. Earlier incidents include BCH notifying 178 patients when paperwork was missing. A different incident of BCH happened in which two unlocked recycling bins left 79 patients’ records exposed.

The letters which was sent out contained information of the records from the clinic sites on the main Foothills campus and the Riverbend Office Park neighboring the campus. The letter was sent to the patients to show the lapses of BCH in securing patient’s information. It mentioned that the sensitive information was taken from the papers present in trash bins just outside of the campus.

“If you travel north of Arapahoe (Avenue) on 48th (Street),” the letter said, “you will see the blue containers that contain medical records. These containers are often left unlocked.”

BCH has claimed that it has checked and reviewed employee privacy training and education and added automatic locks to recycle bins. It was not clear exactly whether there was a shredding policy in place.

“Our immediate goal is to determine the scope of this situation,” Boulder said in a statement. “We will work with any affected clinics to assess the impact on their patients and provide support to affected individuals.”

The letter also didn’t fail to accuse the organization of focusing on making money while not emphasizing patient privacy.  Based on the reports, it was clear that unknown person inappropriately took nine patients’ records and sent them to those patients in an attempt to shed light on Boulder’s alleged lax patient privacy policies.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Largest ever violation settlement by NYP and CU

May 10th, 2014 by admin No comments »
English: The Department of Health and Human Se...

Largest ever violation settlement by NYP and CU

The Department of Health and Human Services (HHS) has issued $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital (NYP) and Columbia University (CU). Earlier NYP and CU had violated both the HIPAA Privacy and Security Rules which resulted in electronic Protected Health Information (ePHI) of 6800 patients to data breach. NYP and CU learned of the breach when a deceased patient’s partner found the former patient’s ePHI on the internet.

Breach occurred when the application developer for the affiliate organizations tried deactivating a personally owned computer server on the network which held the data. Soon the ePHI become accessible on the internet search engines after the process of server deactivation.

NYP and CU had submitted a joint breach report after ePHI held on their network suffered data breach. EPHI included patient status, vital signs, medications, and laboratory results.  NYP paid OCR $3,300,000 and CU had to give $1,500,000, with both agreeing to complete corrective action plans. It includes risk analyses, developing risk management plans, revising policies and procedures, staff training, and providing OCR with progress reports.

“When entities participate in joint compliance arrangements, they share the burden of addressing the risks to protected health information,” said Christina Heide, Acting Deputy Director of Health Information Privacy for OCR. “Our cases against NYP and CU should remind health care organizations of the need to make data security central to how they manage their information systems.”

According to the hhs.gov website,

In addition to the impermissible disclosure of ePHI on the internet, OCR’s investigation found that neither NYP nor CU made efforts prior to the breach to assure that the server was secure and that it contained appropriate software protections.  Moreover, OCR determined that neither entity had conducted an accurate and thorough risk analysis that identified all systems that access NYP ePHI.  As a result, neither entity had developed an adequate risk management plan that addressed the potential threats and hazards to the security of ePHI.  Lastly, NYP failed to implement appropriate policies and procedures for authorizing access to its databases and failed to comply with its own policies on information access management.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

- See more at: http://blog.alertsec.com/#sthash.4Btkgtu7.dpuf

Enhanced by Zemanta

UPMC faces file class suit by the data breach affected employees

May 7th, 2014 by admin No comments »
English: A wing of UPMC Shadyside, the co-flag...

UPMC faces file class suit by the data breach affected employees

University of Pittsburgh Medical Center (UPMC) data breach has invited file class suit by the 27,000 affected employees. A file class suit is filed against UPMC and its payroll vendor, Ultimate Software Group. Out of 27,000 affected employees, 788 employees were known to have been the victims of tax fraud.

An attorney, Michael Kraemer filed the class suit against UPMC. He said that at least two employees learned that their data had shown up on an “underground or black market-type forum.”  “It gives me more questions. Is this related to the UPMC data breach? If it is, UPMC should be as transparent as possible in letting everyone know what they know about who has the information or if it’s been contained,” said Kraemer, who is pursuing class-action litigation against UPMC.

The suit mentions that UPMC and the vendor breached its duty to protect private employee information which resulted in vulnerability of misuse of employee’s information to tax return fraud. UPMC has offered employees the chance to sign up for a year of free credit monitoring services – But the class suit is filed for a court injunction forcing 25 years’ worth of identity theft insurance, credit restoration services, and credit and bank monitoring services.

Mitchell Dauerman, the company’s executive vice president, said he doesn’t believe UPMC or any of its subsidiaries are clients of Ultimate Software, and may have been sued by mistake.

Some UPMC employees interviewed on the streets of the city’s Oakland section feared for identity theft.

“They’re going to wait one year, they’re going to wait two years, they’re going to wait three years, and they could come back. I could be affected by a job I took in college, which is sort of scary,” said Allisandra Supinski.

“I feel comfortable with the one year that I have. If i look into it more, I may change my mind,” said Amy Hoffman.

“As long as you are with UPMC, they should cover us. As long as we work there for them, we should be able to get protected,” said Rodreda Tate.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Molina Healthcare contractor experiences breach due to mail error

May 5th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

Molina Healthcare contractor experiences breach due to mail error

Molina Healthcare, a multi-state healthcare organization reported breach which may have affected 5,261 former members’ Social Security numbers. Incident occurred due to post card mailing error. According to the reports, printing contractor Creel Printing committed mistake and there were no names on the cards and the Social Security numbers weren’t identified on the cards. Information which may have made public includes Addresses and Social Security numbers. Member’s names were not listed on the cards.

The cards were sent out to the members with the purpose of informing about the various benefits attached to the health insurance marketplace. According to reports, affected patients are the ones who reside in Washington State. The reason behind the breach was mix up when the social security numbers were mistaken for tracking numbers.

“Creel did not mean to print [Social Security numbers] on the postcards,” Timothy Zevnik, privacy official with Molina Healthcare, wrote in a notification posted to the Molina Healthcare website. “Creel did not have Molina’s permission to print [Social Security numbers] on the postcards.”

Molina Healthcare investigated the breach, improved processes and procedures, and put additional safeguards in place to ensure a similar incident does not occur. All impacted individuals are being notified, and offered a free year of identity theft monitoring services.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UMMMC sends out patient data breach notices

May 2nd, 2014 by admin No comments »

STUXNET - strayed from its intended target (No...

UMMMC sends out patient data breach notices

UMass Memorial Medical Center (UMMMC) of Worcester, Mass. revealed this week that it had alerted more than 2,400 affected patients of the breach. It took nearly two months to investigate patient data breach. According to the reports, initially four patients’ data was initially found to be accessed and potentially misused by a former employee.

The information may have been used to open commercial accounts, such as credit card and cell phone accounts. After coming to know about the incident, UMass immediately began an internal investigation. According to the statement, employee had access to patient information such as name, date of birth, Social Security number, and address at some point. UMass reported that two months time of investigation was taken to know the duration of the access ex-employee had.

In the website statement, UMass mentioned –

UMMMC has had a privacy and information security program in place for several years, and we want to assure our patients that we are committed to the security of patient information and taking this matter very seriously. To help prevent this type of situation from happening again, UMMMC is further strengthening its program, including identifying additional measures and enhancements to existing safeguards to protect patient information. UMMMC is also re-enforcing staff education regarding our policies and procedures to safeguard patient information.

UMMMC deeply regrets this incident and any inconvenience it may cause our patients. UMMMC has had a privacy and information security program in place for several years, and we want to assure our patients that we are committed to the security of patient information and taking this matter very seriously.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Centura Health hit by phishing attack

April 29th, 2014 by admin No comments »

Mercy Medical Center in Oshkosh, Wisconsin. {|...

Mercy Regional Medical Center of Durango, Colo. suffered data breach because of phishing attack.

Mercy Regional Medical Center of Durango, Colo.  suffered data breach because of phishing attack. In the recent times, phishing attacks have become more complex. It is observed that it is difficult even for shrewd of users to pick out. Mercy which is owned by Centura Health notified 1000 patients about the incident. Data affected by phishing attack includes names, Social Security numbers, Medicare beneficiary numbers, addresses, dates of birth and phone numbers. It also includes protected health information (PHI) such as diagnoses, dates of service, names of a patient’s treating physician and medical-record numbers.

Statement of Centura read, “We became aware that a small number of employee e-mail accounts may have been accessible as a result of the phishing. We hired an outside forensics expert firm to perform a comprehensive review of the affected employees’ e-mail accounts and confirmed that some of the e-mails contained patient information and may have included patient demographic information and/or clinical information and in some instances Medicare Beneficiary number and Social Security number.”

According to reports, Mercy employees were the target of a phishing email attack in which the hackers tried to obtain user names and passwords.  Phishing email was carefully drafted which gave the impression of authentic communication which trapped some employees to reveal system login information.

“Those steps included immediately stopping the attack, performing an investigation and hiring an outside forensics expert to assist, reinforcing education to all employees regarding ‘phishing’ emails and continuing to implement enhancements for strengthening user login authentication,” the statement read which implies Centura taking steps to implement  and reinforce necessary protective measures to help prevent future occurrences.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Boston Medical Center transcription service notifies 15,000 patients

April 28th, 2014 by admin No comments »

English: Boston Medical Center 日本語: ボストン医療センター

Boston Medical Center transcription service notifies 15,000 patients

Boston Medical Center (BMC) suffered data breach due to transcription’s service vendor’s website. Around 15,000 patients have been affected by this incident. BMS has fired the vendor and notified the patients regarding the breach. According to reports, records didn’t include Social Security numbers or financial data but patient names, addresses, and medical information, including what drugs they were taking, were potentially compromised as a result of the website posting.

“We have no evidence that any unauthorized individuals actually looked at the records,” Jenni Watson, the hospital’s chief of staff said, “But we wanted to notify the patients involved.” The incident may have occurred due to vendor’s website lacking password protection for the patient records. BMC, which had worked with MDF for about 10 years, is unsure of the extent and duration of the breach.

“We take our responsibility to maintain our patients’ privacy very seriously and have notified all individuals who were affected by this vendor error. As a result of this incident, we have terminated our relationship with MDF.” BMC said.

Jani said, “The hospital had no reason to believe the information was viewed by outsiders or misused.”

It is interesting to see the agreement between BMC and vendor whether they have included terms of contract for breach, considering BMC has notified the patients from their end.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Hackers target Boston Children’s Hospital

April 24th, 2014 by admin No comments »

Cryptographically secure pseudorandom number g...

Hackers target Boston Children’s Hospital

Cyber security hackers have made various attempts to crack Boston Children’s Hospital website. It was observed that hackers aim was to overload the Children’s website and potentially expose hospital’s internal network. According to reports, no attack was successful. Also, according to Children’s hospital no data has been illegally accessed.

Hospital has to shut down some web pages due to this hacking incident. As a result of which many patients were not able to access the details related to appointments, test results, and other case information. This attacks has not been linked to hackers group, Anonymous directly- But there seems connection for the attacks and group’s involvement in the Justina Pelletier (a Children’s patient) child custody case

Children’s chief executive Sandra Fenwick told employees that “multiple attacks, designed to bring the site down by overwhelming its capacity” and that the hospital “received a direct, credible threat against our internal network, including staff and patient information…”

It is believed that Anonymous is specifically targeting Children’s Hospital because of the Justina Pelletier case. According to reports, hospital believed that she had psychiatric and not physical problems. Since then Anonymous is involved in the campaign against the hospital. Boston Children’s Hospital has filed child abuse charges against Pelletier’s family following it seeking treatment for her alleged intestinal and other issues

Anonymous said, “To the Boston Children’s Hospital why do you employ people that clearly do not put patients first?” continued as “We demand that you terminate Alice W. Newton from her employment or you to shall feel the full unbridled wrath of Anonymous. Test us and you shall fail.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Stolen laptop of Coordinated Health may affect 700 patients

April 22nd, 2014 by admin No comments »
An Acer laptop computer.

An Acer laptop computer. (Photo credit: Wikipedia)

Coordinated health breach may impact around 700 patients as laptop was stolen containing PHI information. It was observed that laptop belonged to one of their employee. Laptop contained Protected Health Information (PHI) such as patient names, dates of birth, addresses, insurance information, appointment dates and physician names as well as their Social Security numbers.

Breach can be considered as HIPAA violation. Incident of stolen laptop occurred when an employee left the laptop in car. According to release from the Coordinated Health, the device was password protected but it appeared that laptop was unencrypted. The laptop was stolen from the car of an employee in Bethlehem. The incident was immediately reported to local authorities with a formal police report filed.

According to release of Coordinated Health –

Coordinated hired a forensic investigator to conduct a full review of the content on the computer. While the laptop was password protected, the investigation revealed that the device may have contained an email with an attached file of 733 CH patient files, their social security numbers and their protected health information including (PHI): name, date of birth, address, insurance, appointment date and physician name.

This is the second breach reported by Coordinated Health within the past month. In the first incident, Whitehall township office had been robbed and patient information and cash were stolen. In this incident around 70 patients were affected. The patient information included the last four digits of patients’ credit cards and Social Security numbers, as well as names, birth dates, phone numbers and some health information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UPMC notifies employees of data breach and fraud activity

April 20th, 2014 by admin No comments »

English: A wing of UPMC Shadyside, the co-flag...

UPMC notifies employees of data breach and fraud activity.

The University of Pittsburgh Medical Center (UPMC) notified around 27,000 employees affected by recent data breach. UPMC advised employees to verify with the IRS that their identities are safe. UPMC is also offering LifeLock identity protection to employees for free if signed up before this month.

“As of today, 788 employees have been the victims of tax fraud,” UPMC spokeswoman Gloria Kreps wrote in a statement. “We want to assure our patients that no patient information was breached. We are continuing to work with the IRS, Secret Service and FBI to determine the source of the breach. We continue to urge our employees to register with LifeLock as an important step to deter any additional fraudulent activity.”

It seems that information was accessed to get financial data and may cause identity theft for affected employees. In turn of events, affected employees have filed the law suit against UPMC. Michael Kraemer, the attorney is representing for the complaint against UPMC. He mentioned that organization failed to safeguard and prevent vulnerabilities from being taken advantage of in the UPMC computer system.

“We are putting our full resources behind efforts to investigate and secure our systems,” UPMC Vice President John P. Houston wrote in the letter. “We recognize a situation like this creates stress and anxiety about the safety of your personal information and we want to provide you with all the tools and resources we can to help you deal with this all-too-common crime.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach affects 1,144 patients of University Urology of Tennessee

April 18th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Data breach affects 1,144 patients of University Urology of Tennessee

University Urology of Tenn. released data breach statement which involves 1,144 affected patients. Data breach information was limited to names and addresses. According to website statement social Security Numbers, financial account information, clinical information were not exposed.

This particular data breach incident involved an administrative assistant who gathered patient’s data in bid to sell to a competing provider for winning patients business. Incident came to notice when patients started receiving calls from competing provider. Patients began calling university to alert about unsolicited phone calls.

Peggy Kares, HIPAA Security Officer at University Urology, P.C. said, “We understand that any breach of protected health information is a concern for our patients. We sincerely regret this situation occurred.”

University took following action after the breach – It terminated the employment, revoked access to protected health information (PHI), changed internal passwords and agreed with the competing organization to destroy received patients information.

According to website statement,
University Urology, P.C. is notifying by mail the patients impacted by this breach. While it appears that the information subject to the breach was to be used for patient solicitation and there is absolutely no indication that the information may be used for purposes of identity theft, patients may choose to monitor their credit card, bank, or other financial statements for signs of fraud and identity theft.

The information consisting of patient names and addresses is considered protected health information and is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

LewisGale Regional Health System reports data breach

April 15th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

LewisGale Regional Health System reports data breach

LewisGale Regional Health System of Salem, Va.  notifies a multi state data breach to 400 affected patients. Around 40 of patients were under LewisGale’s care. Information related to patient names, addresses, insurance information and social security numbers were all potentially exposed.

Incident of breach occurred at LewisGale’s billing department due to former employee accessing patients data. Report stated that former employee is being investigated related to identity theft. It was found that they allegedly obtained credit, opened accounts, and even leased apartment with other people’s information.

Jim Clendenen received the letter related to data breach. “We’re retired now and everything we got is taking care of. I’d hate to have somebody stumble in there and take care of everything that we’ve worked all these years for,” Clendenen said.

He continued “Wondering how and why they would let an employee have access to something that he had no reason to have.” and “I just hope maybe something can be done to prevent you or someone else going through what I’m going through right now.”

LewisGale website excerpts are as bellow -

LewisGale Regional Health System was recently informed that a former employee, whose job function required access to Patient Health Information protected by HIPAA, is under investigation for misuse of that information related to approximately 40 of our patients. All of these patients have been notified in writing and provided complimentary credit monitoring through a national credit reporting agency. We have also established a toll-free call center for patients with questions, as well as an email address to which they may submit written communications.

We are fully committed to the security of Patient Health Information and the privacy of our patients. The employee in question has been terminated and we support this person’s prosecution to the fullest extent of the law.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Texas nonprofit advocacy group notifies PHI breach of 2,934

April 13th, 2014 by admin No comments »
English: Texas Health and Human Services Build...

Texas nonprofit advocacy group notifies PHI breach of 2,934

An Austin, Texas nonprofit advocacy group for children with developmental disabilities, EveryChild, Inc. has informed 2,934 families about the potential data breach. EveryChild learnt about the breach when internal computer was found stolen from its office. EveryChild, Inc. is a non-profit with a contract with the Texas Health and Human Services Commission (HHSC) to help adults under age 22 and children with disabilities get services in a family setting rather than an institution.

Computer contained PHI information which included patients’ birth dates, Social Security numbers, Medicaid numbers, photos and other health information. EveryChild has also alerted Texas Health and Human Services Commission about lost computer and possible data breach.

EveryChild believes till date that data present on the computer was not misused. Information is not available whether the patients only from Austin suffered data breach or there are patients from San Antonio as well. Also information regarding safe guarding methods on the computer was not available. Thus it was not clear whether computer was password protected or encrypted.

Excerpts of Website statement –

Upon discovery of the theft, we immediately notified law enforcement and the Texas Health and Human Services Commission. We are cooperating with investigations and attempts to recover the computers. We are also improving the security of confidential information through security alarms, enhanced technology, and policy and procedure changes.

If you were personally affected by this theft and we have your current address, you will be receiving a letter informing you about the credit monitoring protection. If you believe you may have been affected and do not receive a letter, you may contact our toll free number.

We take the protection of private information seriously and sincerely regret that this crime put information at risk. We will continue work to put stronger controls in place to better protect private information in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

More 170,200 patients affected in previous Los Angeles County DHS data breach

April 10th, 2014 by admin No comments »
The main entrance to the Los Angeles County Me...

The main entrance to the Los Angeles County Medical Center General Hospital (Photo credit: Wikipedia)

Los Angeles County Department of Health Services (DHS) earlier reported about 168,000-patient’s data breach at its billing company, Sutherland Healthcare Solutions. In the recent notification it has added more 170,200 patients in the data breach list. Total number of affected patients comes around 338,700.Earlier eight computers were stolen from Torrance which led to data breach.

Torrance police department along with Los Angeles County district attorney’s cyber-crime team and the U.S. Secret

Service are trying to find the information on break in. Spokesman David Sommers said there is three class action lawsuit filed against the county and it is reviewing Sutherland’s security procedures.

Information on the computers includes  patients’ first and last names, Social Security numbers and certain medical and billing information, as well as potentially birth dates, addresses and diagnoses.

Affected patients are offered 12 months of credit/fraud/identity protection services from ID Experts. “We encourage you to take full advantage of this service offering,” Sutherland tells affected patients. “Representatives from ID Experts are aware of the incident and can answer questions or concerns you may have regarding protection of your personal information.”

In this event further, Department of Health and Human Services (HHS) imposed fine on its first county, Skagit County of Northwest Washington, for a HIPAA violation. County has agreed to a $215,000 monetary settlement.

Sutherland provides services to the Los Angeles County Department of Health Services and Department of Public Health. The county is working with the vendor to review its privacy and security program. Sutherland has increased employee training.

The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

La Palma Intercommunity Hospital notifies data breach involving unknown number of patients

April 8th, 2014 by admin No comments »
STUXNET - strayed from its intended target (No...

La Palma Intercommunity Hospital notifies data breach involving unknown number of patients

La Palma Intercommunity Hospital delayed for about one and half year to notify affected patients. It has alerted unknown number of patients about the data breach. Details regarding the incident are limited. It came to notice that Intercommunity employee allegedly, without permission accessed information, which included Social Security numbers, driver’s license numbers, addresses, birth dates and limited medical information.

La Palma Chief Financial Officer Alan H. Smith, sent out a letter regarding firing of the employee involved in accessing the information. The note mentioned, “We sincerely apologize for any concern or inconvenience this incident may cause you,” Smith wrote. “The security and confidentiality of our patients’ personal information is extremely important to us. Our hospital has taken measures to protect against future attacks of this nature.”

Spokeswoman Rachel Hogue didn’t provide proper explanation as why there was a delay in notifying affected patients of the data breach. It was not clear how many patients were affected and whether the data was secure.

Federal privacy law forbids unauthorized viewing of patient medical records. Some hospitals have paid large settlements after their employees allegedly viewed the medical records of celebrities.

The letter from the hospital says that they are offering credit monitoring for one year.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Michigan Health Department notifies data breach

April 5th, 2014 by admin No comments »

MDCH

Michigan Health Department notifies data breach

The Michigan Department of community Health (MDCH) announced details about the data breach that happened due to stolen laptop and flash drive. It was observed that laptop was encrypted but flash drive was unencrypted. Incident happened in a State Long Term Care Ombudsman’s Office employee.

After the breach MDCH sent the notification to the 2595 affected patients. Flash drive contained information of the living and deceased individuals like names and addresses, social security numbers for 1539 patients.

“MDCH takes any potential breach of security with the utmost seriousness and sincerely regrets that this breach occurred,” said Nick Lyon, Chief Deputy Director of the MDCH. “We are working swiftly to notify any individuals who may have been impacted and with staff to tighten our security procedures going forward.”

Statement on the MDCH website mentioned –

All individuals with data on the flash drive are being notified so that they can monitor their accounts and other financial affairs for any unauthorized use. MDCH is working with the LTC Ombudsman’s Office to offer credit monitoring services at no cost to people whose Social Security number or Medicaid number were compromised.  In addition, a credit file death suppression service is being offered to the families of deceased individuals to assist them in securing their deceased loved one’s credit file.

If you are an affected person, and wish to take action to protect yourself from potential identity thieves, you may place a fraud alert on your credit file.  A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Orlando medical center lost flash drive

April 3rd, 2014 by admin No comments »
20090415 USB Flash Drives

Orlando medical center lost flash drive

Orlando Health’s Arnold Palmer Medical Center reported data breach when it lost the flash drive. Flash drive contained patient’s data which included names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, according to the report, transfer dates of the children who were patients at either Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women & Babies between 2009 and 2013.

Arnold notified about the lost flash drive to the affected patients. The flash drive did not include patients’ Social Security numbers or financial data. Patients’ records are strictly considered as confidential under the 1996 Health Insurance Portability and Accountability Act (HIPAA) law. Orlando Health notified federal authorities regarding the data breach. They suspect that flash drive was lost and not stolen.

Steve Stallard, corporate director of compliance and information security at Orlando Health said, “Arnold Palmer Medical Center takes this incident very seriously, and we are committed to protecting patients’ health and personal information.”

Stallard added that they do not have any evidence to prove that device was used by unauthorized individual. A computer flash drive contained patient information of 586 children treated at Orlando Health’s Arnold Palmer Medical Center.

“We deeply regret any concern or inconvenience this may cause.” He added.

Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Unique case where concerned entity didn’t violate HIPAA regulations

March 30th, 2014 by admin No comments »

CNET News - Desktop threat, still a threat (De...

Unique case where concerned entity didn’t violate HIPAA regulations

Major task of HIPAA is to keep track on data breaches and government penalties for compliance failure. It covers entities that handle patient data in some form. Incident involved Monroeville, Pa. when its 911 dispatch centre from five fire stations gave easy access for patient medical records to unauthorized users. Information which was accessible included names, driver’s license numbers, birth dates and medical histories.

Monroeville is a community of about 28,000 with a vibrant business corridor, a convention center and two busy hospitals. The Pittsburgh Post-Gazette was covering this incident for last two years and found that Monroeville, Pa didn’t breached HIPAA regulations. Investigation was carried out by Department of Health and Human Services (HHS).

HHS learned that municipality failed to maintain the database properly and soon after the discovery of the breach unauthorized access was terminated. According to Office for Civil Rights, ‘Monroeville, its dispatch center, police department or fire department are all not covered under the provisions of the privacy law, which mainly related to health care providers and insurers.’

Two Monroeville council members said they were pleased by the government’s findings. Tom Wilson said, “I was happy that they didn’t find any violations, and the folks that were falsely accused, that took the brunt of the accusations, were completely exonerated.”

Linda Gaydos said,” “I am absolutely overjoyed for the employees of our police department, our dispatch center, our EMS and our fire departments and their families, to have this put behind them,” She added, “We had a group of people in Monroeville that worked against Monroeville, and they smoke-screened and they tried to keep stirring the pot and they tried to scare people and make it worse. They’ve made it a very, very bad, uncomfortable situation for a lot of people, and I’m hoping this will put an end to it.”

Municipal Manager Timothy Little said, “I think it lifts a cloud off of Monroeville, and specifically the public safety aspect of the municipality, that there wasn’t any wrongdoing with respect to [health privacy law] violations,”

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

.

Enhanced by Zemanta

University of Kentucky (UK) Healthcare reports 1,079-patient data breach

March 27th, 2014 by admin No comments »

UK National Health Service on Second Life - Ma...

University of Kentucky (UK) Healthcare reports 1,079-patient data breach

UK healthcare has informed 1,079 patients about the data breach after the incident of stolen laptop. Data breach involved one of its vendor HIPAA business associates (BAs).  Laptop was password protected.

Laptop contained Personal healthcare Information (PHI) which included name, date of birth, medical records number, diagnosis, medications, laboratory results, progress notes, allergies, height and weight, date of service, physician name and clinic. According to UK information related to Social Security numbers, credit cards, debit cards or bank account numbers were not present on the laptop.

Status of the encryption of laptop is unknown. A statement linked from the UK website mentioned –

UK HealthCare and Talyst deeply regret any inconvenience this causes. UK HealthCare and Talyst have policies and procedures in place and are committed to safeguard the privacy of all patients.

We have no evidence your information was misused.

Stay alert for the signs of identity theft, such as:
• Accounts you did not open and debts on your accounts that you cannot explain.
• Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your social security number, address(es), name or initials, and employers.
• Failing to receive bills or other mail. Follow up with creditors if your bills don’t arrive on time.
• Receiving credit cards that you didn’t apply for.
• Being denied credit or being offered less favorable credit terms, such as a high interest rate, for no apparent reason.
• Getting calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

We also recommend that you regularly review the explanation of benefits statement that you receive from your health insurer. Please immediately contact your health insurer if you identify services listed on your explanation of benefits that you did not receive.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Facts You Should Know about Cyber Insurance

March 24th, 2014 by admin No comments »

Cyber

Facts You Should Know about Cyber Insurance

Cyber insurance is to protect losses against cyber threat and losses. Cyber Insurance is not a new concept but many companies don’t have cyber insurance policies still today. The growth for cyber insurance is slow because market is very complex and inconsistent.  Cyber insurance can be costly too which can go around $35,000 for a $1 million in coverage which is still less compared to costs of major breach.

It is important to know about cyber insurance and how can it benefit the organizations.

Cyber insurance is specific

Your general liability and professional indemnity insurance is not cyber insurance. General liabilities frequently cover basics like physical damage and not data breach. A simple virus can cost millions in terms of losses. Most of general liability insurer deliberately neglect the data breach clause.

All are not equal

Cyber insurance is still considered to be relatively nascent stage. It is a decade old concept to save the companies from data breach. A standard cyber insurance policy may not cover exact need of your organization. It is important to access your needs and go your proposed policy to negotiate best suitable terms.

Data loss cover

Cyber insurance policy should go beyond hacking and cover data loss. A minor data loss can cause significance damage to the company.

Example: Massachusetts General Hospital had to pay a $1 million fine to the US Department of Health and Human Services after an employee of Partners HealthCare left the records of 192 patients on a train.

Cyber insurance vs. good security

Cyber insurance is not the license to neglect security constraint of data. You have to perform assessment and audits to check the policies to secure the data.

“Being able to prove that they weren’t negligent could save organizations millions in the long-run,” explains Jamie Bouloux, a cyber insurance liability executive at AIG. “If something happens when a client loses data, they can tell the regulator that they did everything within reason to try to ensure that there was an environment of security where its employees knew how to handle client information.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach settlement costs $4 million to Stanford Hospital

March 22nd, 2014 by admin No comments »

Stanford-hospital-entrance

Data breach settlement costs $4 million to Stanford Hospital

A class action lawsuit was filed for data breach that occurred back in 2009 for which Stanford hospital agreed to pay $4 for its settlement. California’s well-known Confidentiality of Medical Information Act (CMIA) was violated after 20,000 emergency room patients’ data became viewable in 2010 on a third-party student homework website.

CMIA prevents health care service providers from making patient records public without written consent. Los Angeles County Superior Court Judge Elihu Berle tentatively approved the settlement but final decision is yet to be finalized.

Shana Springer filed the class suit in 2011 for $20 million which comes around 100$ per patient. It was observed by the Stanford that data was breached when Multi-Specialty Collection Services sent the data to a third party for a graph which eventually landed on the dormant ‘Student of Fortune’ website.  Stanford maintained their stand that it had properly encrypted the patient data. Los Angeles-based Multi-Specialty Collection Services LLC is the contractor hired by the Stanford hospital.

Information like credit card information or Social Security numbers were not disclosed in the breach but medical record numbers, hospital account numbers, billing charges, as well as emergency room admission and discharge dates were available on the website.

After the incident, Stanford has proposed many remediations to protect crucial information from breach.  It will create a program dedicated to improving its security posture by training staff members. Training will be focused on policies to protect patient privacy.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

IT companies: Ways to tackle Cloud File Sharing Threat

March 20th, 2014 by admin No comments »

Cloud computing comes to NERSC

IT companies: Ways to tackle Cloud File Sharing Threat

Many cloud file sharing companies are now slowly but steadily wiping out the traditional IT companies methods. More and more IT infrastructure and apps are moving to cloud. Trend for employees using devices like Smartphone, tab to access corporate data (BYOD) is increasing.

Current situation is also leading to increase in security threats for corporate data. Environment is such where IT departments are losing their relevance and control over data.

Adaption of the Technology

IT professionals have adapted to the phases of technological breakthroughs. It is fact that more and more IT infrastructure is moving to the cloud and best way to adapt cloud technology is to put policies and audit strategies in place to avoid data breach. Control objectives should be created for cloud usage and implementation.

Encryption

One of the efficient ways to protect data is by creating encryption. Basically with encryption one need not to worry for the data whether it is moved or stored. Relying on the encryption has its own challenges like visibility of the data for day to day usage. Also trying to encrypt and decrypt work all the time is not feasible. Policy should be in place for the strategic encryption of the data.

Access to right Cloud service provider

Organizations today understand the need and importance of moving operations to cloud but many hesitate due to security threat involved in it. When choosing a cloud vendor it is important to ensure that compliance guidelines are in line with the organizations regulations and standards.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach in North Carolina’s Cornerstone Neurology

March 17th, 2014 by admin No comments »

MSI laptop computer

Data breach in North Carolina’s Cornerstone Neurology

Information of 548 patients from Cornerstone Health Care in high Point was stolen which may lead to data breach. Incident came to notice when employees didn’t find the laptop. It contained protected health information (PHI) including patient names, dates of birth, physician names, and nerve conduction scan summaries, but did not have addresses, billing information, or Social Security numbers.

Thief was not able to access additional information as computer was not connected to the billing system or electronic security numbers. Compliance and patient safety officer said, “This wasn’t one of our laptops that our providers use to see all of our patients. Because this computer isn’t integrated into our systems, we didn’t have an easy way to figure out what patients might have been involved.” Officials believe that laptop was not stolen for the information.

Cornerstone after the incident revised its policy and procedures to restrain staff securing sensitive information. It was not clear whether Cornerstone has informed the Department of Health and Human Services (HHS) about the stolen equipment and data breach.

Excerpts of the notice from home page says,

Cornerstone Health Care values the trust placed in us by our patients and takes our responsibility to maintain the confidentiality of our patients’ data very seriously. Regrettably, this notice concerns an incident involving some of that information.

We sincerely regret that this incident occurred. To help prevent similar events in the future, we have installed new locks on all rooms in the facility that contain electronic devices, reviewed our information privacy and security policies, and provided education and training to Cornerstone staff regarding the importance of securing patient information. Please be assured that we take the privacy of our patients’ personal information seriously and that we will continue to implement improvements to protect our patients’ personal information.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Recent Update for United Healthcare fax breach

March 14th, 2014 by admin No comments »
BGFJ0R (CYBER ATTACK) ...item 2.. Watching the...

Recent Update for United Healthcare fax breach

Patient info was sent to the wrong recipient, Stephen Butler’s. A Portland, Oregon man received erroneous faxes containing protected health information (PHI) from Community Memorial Hospital patients. Fax was intended to be sent to United Healthcare, as Insurance Company but went to Butler instead.

Fax contained four patients birth dates, insurance identification numbers, and admission dates. Roper, the hospital believes that this was the only fax sent to wrong recipient. But hospital was unaware about the incident until it was contacted by the news agency. It is believed that error was mostly likely due to dialing of wrong number. United Healthcare has carried out his own investigations.

Roper St. Francis, the healthcare network released the statement,

Roper St. Francis is committed to protecting the privacy of patients. This week, Roper St. Francis leaders learned that on August 1, 2013, one fax intended for an insurance company was inadvertently sent to a wrong number. The information in the fax contained the names of four patients, their dates of birth, dates of admission, and insurance member ID numbers. Roper St. Francis leaders have personally apologized to the patients involved. The mission at Roper St. Francis is to heal all patients with compassion, faith and excellence, and this includes protecting their private information as well.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Health Source of Ohio file breach affects 8,800 patients due to Internet lapses

March 12th, 2014 by admin No comments »
STUXNET - strayed from its intended target (No...

Health Source of Ohio file breach affects 8,800 patients due to Internet lapses

Health Source of Ohio (HSO) reported a data breach of 8800 patients when the PHI information was available on Internet. PHI information contained names, addresses, phone numbers, and account numbers for each patient. Some patients also had their dates of birth, healthcare information, credit card numbers, and Social Security numbers in the file.

The Information was gathered through a web based program used by Health care accounting staff. The information was supposed to be accessible only to authorized staff – but file was available through internet searches. The file was viewed 47 times and soon after discovery of breach, HSO secured the data and disable the site access. It was not clear what actions were taken by the health centre to avoid such incidents in future.

HSO stated, “The privacy and security of patients’ personal and healthcare information is very important to HSO. Individuals who called HSO’s patient accounting staff during the time period above with questions about their account should examine their personal and financial information, such as credit card accounts and accounts with financial institutions for unusual or unauthorized activity.”

HSO listed Pair Networks as the business associate in the statement to HHS. File was hosted on the servers of Pair Networks. Pair Networks’ terms of service in their contract makes account security the sole responsibility of the customer. It does not mean that breach happened due to Pair Networks.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Data Breach in MaryLand DDA affects 9,700 clients

March 10th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Data Breach in MaryLand DDA affects 9,700 clients

Case management provider Service Coordination Inc.’s (SCI) computer systems of The Maryland Developmental Disabilities Administration (DDA) was hacked which compromised 9,700 patients’ protected health information (PHI). It contained client names, demographic information, DDA service provider, medical assistance number, Medicaid and Medicaid Waiver status and reason, Social Security numbers, and other SCI service information.

“We regret the occurrence of this unfortunate criminal incident and we apologize for any inconvenience this may have caused individuals who we work with. We continue our vigilant actions to safeguard the information of those who count on us for resource coordination services and we remain committed to supporting their needs,” said John Dumas, Executive Director of Service Coordination

SCI contacted a cybersecurity forensics team which confirmed unauthorized use. SCI also notified the FBI and U.S. Department of Justice (DOJ). It requested a delay in clients’ notification to avoid hindrances in their criminal investigations. Only after law enforcement seized the hackers account and equipment, SCI began notifying the clients.

SCI is offering one year free identity theft protection to those affected by the breach. In a website statement, SCI further added,

There is no current evidence of any misuse or further release of information by the hacker or others. To help protect affected Maryland residents from the possibility of identity theft and/or fraud as a result of this incident, SCI has engaged an identity theft protection firm, to provide affected individuals with a full year of identity theft protection services at SCI’s expense.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Mental Health Treatment Organization health data exposed

March 8th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Mental Health Treatment Organization health data exposed

Community Based Services On-Call Binder of Yellowstone Boys and Girls Ranch (YBGR) in Montana was lost or destroyed. Organization printed legal notice in the news paper informing clients of the breach.

Binder contained Protected Health Information (PHI) from clients, including names, addresses, dates of birth, parents’ names, and program and treatment professionals’ information. Financial information and Social Security number was not present in the binder.

YBGR has stopped using binders after the incident. It has notified the clients for same. New process is followed were staff members must use a new on-call system or visit a ranch office to receive information. YBGR is in the process of implementing new electronic record system to ensure security of the sensitive information. It has notified the customers to monitor credit reports. They are also advised to inform Federal Trade Commission (FTC) for any suspicious activity.

“We want to make sure that if there’s any trust lost with any of our families, with any of the people we work with, we want to regain that,” said Shawn Byrne, YBGR’s chief operating officer for community-based services.

In its public notice YBGR mentioned,

We conducted an extensive investigation and determined that the Binder was either destroyed or misplaced sometime during the summer of 2013.

YBGR has no reason to believe that any personal information was accessed or used inappropriately and we believe that the likelihood of such misuse is low. Nonetheless, out of abundance of caution, and in accordance with federal law, we are providing the media with notice of this incident, in addition to individualized notice to every client who might have been affected so that our clients might take steps to protect themselves from potential harm resulting from this incident.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Office break leads to patient information breach

March 4th, 2014 by admin No comments »
Password 'fido' ...item 3b.. Five Characters i...

Office break leads to patient information breach

The protected health information (PHI) of patients at Dr. J.M. Benson’s Sherman, Texas practice was stolen in the event of office break in which may lead to data breach. Computers and at least one hard drive were stolen from the office.

Devices contained information of patients which includes names, addresses, phone numbers, health insurance provider numbers, and Social Security numbers. Status of information whether it was encrypted or not was unavailable.

Office issued written statement and advised to check their health reports and credit reports for any illegal activity. It mentioned, “We suspect that it might be possible for the persons who stole the equipment to attempt to use the information contained therein for the purposes of committing health insurance fraud.” Office is in the process of upgrading security checks. They also said, “Sincerely apologize and regret that this situation occurred.”

Dr. Benson immediately reported the incident to the police and investigation is in the process. He further added in statement issued to the affected patients, “In addition, you should monitor your health care reports, such as your insurance Explanation of Benefit (EOB) documents, to ensure that charges included on the EOB’s are for services that are actually provided to you,”

It is possible for the person who stole the records can use the patient’s personal information for committing health insurance fraud.

The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Error in faxing causes united health care breach

March 2nd, 2014 by admin No comments »

English: Community Memorial Hospital, Ayer Mas...

Error in faxing causes united health care breach

A Portland, Oregon man received erroneous faxes containing Protected health Information (PHI) from Community Memorial Hospital patients. Patient info was sent to the wrong recipient, Stephen Butler’s.

Fax included information of patient names, dates of birth, patient ID numbers, admission dates, and discharge dates. Butler called the hospital to inform them about the error after tracing the number to Community Memorial Hospital in Menomonee Falls, Wisconsin.

Investigation revealed that breach was caused by United Healthcare. Butler initially contacted one of the patients of the hospital. Froedtert Health, which runs Community Memorial Hospital, was alerted of the breach through a patient.

“She took my name and number, said she was very thankful that I called her, and she said she was going to talk to the hospital administration immediately,” Butler said referring to the patient. Butler claims he called the hospital a half dozen times over the past year and told them to stop sending faxes. But faxes were sent erroneously even after repeated requests. He finally started calling the patients and media after which faxes stopped.

United representative issued a statement, “We were alerted by Froedtert Health about this issue earlier today, and we are working closely with them to investigate and determine the facts. We take very seriously the privacy and personal information of our members.” It was not able to determine whether breach was a result of human error or a glitch in the system.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Default IP Address, Outdated Firmware used by majority of SOHO Wireless Routers

February 28th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Default IP Address, Outdated Firmware used by majority of SOHO Wireless Routers

Tripwire has announced the results from its analysis of security vulnerabilities in small and home office wireless routers, finding that 80 per cent have exploitable flaws in their security.

Tripware conducted survey of 653 IT and security professionals and 1,009 employees who work remotely in the U.S. and U.K. Survey shows that 55 percent of IT professionals and 85 percent of employees haven’t changed the default IP address on their wireless routers.

It also came to notice that 52 percent of IT professionals and 59 percent of employees haven’t updated the firmware on their routers. Also admin password on their routers is also not changed by 30 percent of IT professionals and 46 percent of employees.

Tripware also found out that 80 percent of Amazon.com’s top 25 best-selling small office/home office (SOHO) wireless routers have security flaws.

Tripwire security researcher Craig Young said in a statement. “Unfortunately, users don’t change the default administrator passwords or the default IPs in these devices and this behavior, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious Web sites, browser plugins, and smartphone applications.” And “[T]hreats to routers will continue to increase as malicious actors recognize how much information can be gained by attacking these devices,”

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Beebe Healthcare notified 1,900 patients of a data breach through contracted employee

February 27th, 2014 by admin No comments »
CNET News - Desktop threat, still a threat (De...

Beebe Healthcare notified 1,900 patients of a data breach through contracted employee

Potential data breach came to notice when contracted employee did not show up for work. It was learned by the co-workers that the employee had previously been arrested for identity theft in Pennsylvania. Beebe healthcare of Delaware notified 1,900 patients of a data breach. It was observed that employee had worked at three Beebe offices in their network.

Beebe Healthcare has hired forensics team to conduct an enquiry into possible data breach. It was observed that no information is misused. In statement it explained, “Our investigation determined that during her assigned job duties, the contractor had access to patient medical records, which included patient names, dates of birth, Social Security numbers, health insurance information and clinical information.” Beebe Internal Medicine in Lewes, Beebe Family Practice in Millville, and Beebe Pulmonary Associates were affected location.

“Upon learning of this information, we immediately terminated the contractor’s engagement and began a thorough investigation, including hiring a national forensic expert firm. Our investigation determined that during her assigned job duties, the contractor had access to patient medical records, which included patient names, dates of birth, Social Security numbers, health insurance information and clinical information.

Based on our investigation and the work of the national forensic experts, we have no evidence that patient information was removed from Beebe or has been used inappropriately in any way. Although the staffing agency with whom we contracted performs background checks on all applicants, the report did not reflect any potential criminal activity for this individual,” Beebe further added in the statement, “We deeply regret any inconvenience this has caused our patients. To prevent this from happening in the future, we are performing our own background checks of all staffing agency employees and will no longer rely on staffing agencies to do so.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Hacked server of St. Joseph leads to data breach affecting 405,000

February 26th, 2014 by admin No comments »
STUXNET - strayed from its intended target (No...

Hacked server of St. Joseph leads to data breach affecting 405,000

St. Joseph Health System (SJHS) in Texas reported a data breach due to hacking of server. It has affected more than 405,000 patients, employees, and employee beneficiaries. Hackers from china and other locations accessed information through single server. The server has employee and patient data from St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center as per the health system. The server was taken offline as soon as breach was discovered.
Information about patient names, birth dates, Social Security numbers, possibly addresses, Medical information as well as bank information for current and former employees were present on the server. Investigators failed to determine if any information had been extracted.
“SJHS is working with the United States Federal Bureau of Investigation, which is also looking into this incident. SJHS is providing written notice of this incident to affected individuals, to the U.S. Department of Health and Human Services, as well as to certain state and international regulators.”SHJS mentioned in a release on its website.
St. Joseph stated that there has been no report about misuse of information. It has setup a confidential call center for affected people. Statement on their website further added, ‘To further protect individuals from identity theft or financial loss, we encourage patients, employees, and their families to remain vigilant, to review their account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity.

Individuals can also check their credit by obtaining a free credit report.  Under U.S. law, individuals are entitled to one free credit report every year from each of the three major credit bureaus.
SJHS have five hospitals, two long term care centers, more than a dozen physician clinic locations and a charitable foundation. It has a designated Accountable Care Organization.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

HIMSS Privacy and Security director discusses ‘Hidden Pitfalls with Cloud, Mobile Technology and Mobile Data’ at HIMSS14

February 24th, 2014 by admin No comments »

HIMSS 2010

HIMSS Privacy and Security director discusses ‘Hidden Pitfalls with Cloud, Mobile Technology and Mobile Data’ at HIMSS14

Lee Kim will review practices of healthcare organization examining vendor contracts, such as business associate agreements (BAAs) with cloud vendors maintaining HIPAA compliance. Kim assists HIMSS with government relations, federal affairs, and state affairs in terms of evaluating privacy and security laws and regulations.

She believes that organizations have been doing risk assessments to find holes in their information systems.
They’re definitely going through risk assessments for their systems and I’m predicting that organizations, including providers will be more focused on risk remediation. Its one thing to assess risk, determining high-level vulnerabilities, but the real value you get out of a risk assessment is what you do about it and take action. Providers can do this by actually mitigating those risks both inside and outside of their organizations.
Kim believes that there must be strong program to have processes in place. Kim mentioned that health industry is unique as it’s trusted with patient information and can affect patients’ lives.
Ensuring the patient information is both private as well as secure is certainly paramount. Not only do organizations need to comply with HIPAA, they need to have a holistic approach to keeping bad actors away from patient data. Unfortunately, these bad actors can be inside or outside an organization. Or it may even be an individual who doesn’t have bad intent but is exceeding the scope of their authorized access and cause a breach out of negligence.
Kim also stated that there are many cloud users who are not completely aware of it.
In terms of where we’re going with information technology, it just seems as though there’s more of a dependence on cloud-based solutions. For example, a provider may contract with a cloud provider or use a hosted EHR solution. More health IT stakeholders are seeking these outsourced solutions such as cloud.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Two Men Jailed for Identity Theft

February 22nd, 2014 by admin No comments »
Credit card and lock on laptop

Two men jailed for their involvement in identity theft at medical Lab.

Angelo Ponds, 32, of Miami Gardens, Fla., and Sean Guillaume, 31, of Miramar, Fla. were sentenced to jail for their involvement in identity theft at medical Lab. Incident was related to stolen identity tax refund (SIRF) scheme. Ponds was sentenced to 48 months in prison and Guillaume was sentenced to 94 months in prison both to be followed by three years of supervised release.

Guillaume stole medical records with names, dates of birth, and Social Security numbers, and sold data for 5,000 individuals. He worked for unidentified medical laboratory testing company .He sold this information to Ponds. He knew that Ponds would use the PII to file fraudulent tax returns seeking refunds.

According to court documents, Guillaume worked for a company that performed medical laboratory tests where he had access to medical records with names, dates of birth, and Social Security numbers (personal identity information or “PII”) of individuals in the course of his employment with that company.

According to justice records, Ponds filed other people record fake taxation earnings with Internal Revenue Service seeking refunds.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Hospitals focus on IT security audits

February 20th, 2014 by admin No comments »
English: West Virginia Universities Downtown C...

Hospitals focus on IT security audits

After healthcare organization makes decisions on security audit strategies, some aspect has to be considered such as potential impact on daily workflow and the amount of time that elapses between catching an abnormality and resolving the issue. Mark Combs, West Virginia University Hospitals Chief Information Security Officer (CISO) mentioned about the steps to find internal security threats.

Mark Combs mentioned that audit report can stop larger breach. He mentioned about the situation in Florida where a healthcare organization was alerted by federal investigators that one of its employees was filing false tax claims.

“Obviously, we’ve found instances where employees were doing inappropriate things, but we were able to catch them soon enough so that they didn’t grow into one of those larger issues,” Combs said. “Luckily, we haven’t had one yet where federal authorities alert us of an incident.” He further added organizations set their policies as best practices and they need applications in place to enforce those policies.

Combs and West Virginia University Hospitals made decision for use of Iatric Systems’ Security Audit Manager (SAM) product. Rob Rhodes, Senior Director of Patient Privacy Solutions for Iatric Systems said that the integration works well with SAM because it reaches out to any of organization’s systems with PHI and allows us to pull the audit logs and aggregate them in the SAM.

“Once it’s aggregated in SAM, we then run proactive reports and alerts,” he said. “Users can set those up so the algorithms we have go out and look for potential privacy violations. SAM has incident tracking as well.”

West Virginia recently incorporated a policy change when it switched from a legacy system to Epic HER.

We did that to comply with the HIPAA Security Rule, as we were concerned that people would use their access to look at and potentially harm the integrity of their own record if they make mistake. We put “same last name” auditing in place, which is a report that’s native to SAM. Not only were we able to use that in Epic, but for our other half-dozen or so systems as well.  As we contacted managers telling them they weren’t complying with the policy, we saw a huge reduction in people looking at their own accounts through work access.

To get perfect audit reports encryption software for laptops are essential. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Complaint filed against St. Rose Dominican Hospitals

February 18th, 2014 by admin No comments »
St. Rose Dominican Hospital, Siena Campus - He...

The Office for Civil Rights (OCR) complaint is filed against ST. Rose Dominican hospitals for allegedly compromising patient’s records

The Office for Civil Rights (OCR) complaint is filed against ST. Rose Dominican hospitals for allegedly compromising patient’s records as part of gaining advantage in a contract dispute. Dignity health which owns ST. Rose Dominican hospitals is in process of dealing with a complaint. It is complaint against violating patient privacy by using records for leverage.

According to the announcement by the Nevada Health Services Coalition, Dignity Health took access to patient records by contacting Coalition plan members. It happened when the agreements between the two agencies fell through. It is considered as violation by the Health Insurance Portability and Accountability Act, or HIPAA. U.S. Department of Health and Human Services Office of Civil Rights filed the complaint. The Nevada Health Services Coalition, a nonprofit, helps negotiates hospital contracts for discounted health care service rates for 19 member group healthcare organizations, including 230,000 Nevada residents.

Christine Carafelli, executive director of the coalition said, “It’s our position that patient data collected in the course of medical treatment should not be used to lobby or gain leverage in contract negotiations.”

After this complaint, Dignity Health released statement:

“St. Rose Dominican Hospitals upholds the highest ethical and moral principles, and honors federal, state and other regulatory guidelines related to the provision of health care. St. Rose has not, and will not, compromise patient safety or confidentiality. Like all hospitals, St. Rose values the patients it has served and regularly communicates with current and former patients regarding operational, financial or other matters related to health care services at St. Rose.”

To protect your data arising out of disputes it is better to safeguard company laptops with encryption software. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization. Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

1,100 patients of St. Vincent Hospital notified about laptop theft

February 15th, 2014 by admin No comments »
St Vincent's Hospital 9

1,100 patients of St. Vincent Hospital notified about laptop theft

St. Vincent Hospital notifies 1,100 patients of laptop theft. Letters were sent out for same. Laptop was used with an EEG machine went missing leading to potential data breach. Laptop was password protected which was connected to an EEG machine (for recording electrical activity in the brain) used for diagnostic testing was detached and stolen. Police was notified immediately after the incident. It is considered by the hospital that laptop was not stolen for the information it contained and thus there may be low risk involved in the data breach.

ST. Vincent spokesperson said that laptop was taken from euro diagnostic department of the main St. Vincent Hospital campus in Indianapolis, a unit where doctors, patients and family members of patients can usually be found.

In a statement issued by the hospital, it mentioned that laptop contained patients’ protected health information (PHI) which includes name, date of birth, gender, date of service, type of service and physician name. This diagnostic testing device didn’t contain information related to the social security numbers or financial data. Affected patients of this stolen incident were advised to request free credit reports from Experian, Equifax, or TransUnion. It is advised to the patients to get the report check for any breach.

According to the spokesperson, “St. Vincent is taking precautionary steps to avoid future incidents, and is evaluating its medical devices, and installing encryption protection software as appropriate. Also, the hospital is working to enhance its physical security measures.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Notification letter sent to 3,026 clients of Easter Seal Society

February 13th, 2014 by admin No comments »

MSI laptop computer

Easter Seal Society employee’s work laptop was stolen which caused data breach of nearly 3,026 clients

Easter Seal Society employee’s work laptop was stolen which caused data breach of its clients. Nearly 3,026 clients were affected and same were notified about the incident. Theft incident resulted in data breach because of stolen employee’s laptop along with few other belongings.

The Easter Seal Society of Superior California released a report mentioning that there was some grouping of date of birth, health care provider information, patient identification number, health care billing information and therapy notes. So data compromised didn’t consist of same information for all the clients. Easter Seal Society of Superior California president and CEO Gary T. Kasai mentioned in the notification letter, “Upon learning of this incident, Easter Seals immediately launched an internal investigation, hired specialized data security counsel to assist in the response to this incident, and retained external forensics experts to assist in determining the scope of this event.”

“Following this incident we undertook a review of our internal policies and procedures related to protected health information, as well as the enforcement of our employees’ adherence to these policies and procedures,” Kasai added in the statement. “All necessary steps are being taken to ensure that this type of event does not occur again in the future.”

Easter Seal doesn’t believe any sort of fraudulent activity has occurred till now. Its press release added ‘Easter Seals also encourages all concerned individuals to remain vigilant, to review account statements, and to monitor credit reports for suspicious activity.’ But it failed to indicate whether the laptop was encrypted or even password-protected.

Easter seal is not a healthcare provider but an organization dedicated to services and education for those with disabilities. It is likely considered a HIPAA business associate.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

University of Miami Health System patients notified about lost records

February 10th, 2014 by admin No comments »

University of Miami

University of Miami Health System patients notified about lost records

The University of Miami Health System (UHealth) one of Southern Florida’s largest health providers has lost patient records containing protected health information (PHI). It had recently begun to notify about the incident to the patients.

Information on the file contained patient names, dates of birth, physician’s name, insurance company name, medical record name, visited facility, visit number, procedures, diagnostic codes, and Social Security numbers. Uhealth didn’t disclose the number of patients affected.

“Medical records are not at risk, but in an abundance of caution, the University is notifying all individuals whose information was included in the missing records,” a written statement by the Health System mentioned.

In July, an off-site storage vendor was contacted by the Department of Otolaryngology to locate the records but was unable to find it. After confirmation they notified about the lost records. Uhealth is offering credit monitoring services for all the affected patients. It further added as patients were notified after six months of the incident, it is unlikely of misuse in coming days.

Theo Karantsalis, whose son was treated by the department said, “The one thing we expect is that your patient records are going to be kept confidential.”

According to Uhealth’s Statement it will report the incident to HHS. Below is complete excerpt of the report:

“The University of Miami Health System (UHealth) is committed to providing our patients the best possible care and to protecting the confidentiality of our patients’ health information. On June 27, 2013, the Department of Otolaryngology, while attempting to retrieve records stored at an offsite storage vendor, was notified that the vendor was unable to locate the records. After an exhaustive search, it was confirmed on August 28, 2013, that the records were not in the possession of the University or the storage vendor.

Everything we’re giving out is on the release

These records consisted of billing vouchers (documents used for internal billing purposes). Vouchers contain the name, date of birth, social security numbers, physician name, facility, insurance company name, medical record number, visit number, procedure and diagnosis codes for the patient’s visit. Vouchers are documents used for internal billing purposes ONLY. Medical records are not at risk.

At this time, there is no indication that the information has been misused in any way.

In an abundance of caution, the University is notifying all individuals whose information was included in the missing records. The University also is offering potentially affected patients complimentary credit monitoring protection and has established a website to serve as a primary source of information, as well as a toll-free number for additional questions.

Only patients who were seen at the Department of Otolaryngology may potentially be affected by the incident. Potentially affected patients will receive a notification letter.

University computer systems are completely unaffected by this incident. All patient information remains current and available on these systems.

At the University of Miami Health System, we take the privacy and security of our patients’ information very seriously. We continue to review and refine our physical and electronic safeguards to enhance protection of all patient data. We are committed to protecting all information entrusted to us, and pursuant to the Federal HITECH Breach Notification Rule, we will report this incident to the U.S. Department of Health and Human Services.

Available around the clock, the University’s incident website is http://entincident.med.miami.edu. The toll-free incident line, 866-274-4371, is available from 9 a.m. to 9 p.m. EST Monday through Friday and from 11 a.m. to 8 p.m. EST Saturday and Sunday until April 30, 2014.”

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

White Lodge Investigates Data Breach, Card Fraud

February 8th, 2014 by admin No comments »
Marriott

White Lodge Investigates Data Breach, Card Fraud

White Lodging Services, a hospitality company that manages 168 hotels in 21 states under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach. It has suspected 14 hotels along with some hotel restaurants and lounges where the possible breach happened at point of sales systems. It suspected below establishments.

  • Sheraton Erie Bayfront, Erie, Pa.
  • Marriott Midway, Chicago, Ill.
  • Holiday Inn Midway, Chicago, Ill.
  • Holiday Inn Austin Northwest, Austin, Texas
  • Westin Austin at the Domain, Austin, Texas
  • Marriott Boulder, Boulder, Colo.
  • Marriott Denver South, Denver, Colo.
  • Marriott Indianapolis Downtown, Indianapolis, Ind.
  • Marriott Richmond Downtown, Richmond, Va.
  • Marriott Louisville Downtown, Louisville Ky.
  • Renaissance Plantation, Plantation, Fla.
  • Renaissance Broomfield Flatiron, Broomfield, Colo.
  • Radisson Star Plaza, Merrillville, Ind.

Information about the breach first came to notice when security journalist Brian Krebs reported, Marriott properties operated by White Lodging Services based in Merrillville, Ind was affected by the unnamed card processors tied to fraud involving hundreds of credit cards to a number of this property. He reported location of other affected hotels as Austin, Texas, Chicago, Denver, Los Angeles, Louisville, Ky., and Tampa, Fla., among other cities.

White Lodge spokeswoman Kathleen Quilligan told The Times of Northwest Indiana, “An investigation is in progress, and we will provide meaningful information as soon as it becomes available,” White Lodge is owned by Dean White 90, whose Forbes estimation is $1.9 billion. His company manages 168 hotels under variety of brand names.

Hilton, Starwood Hotels and Resorts Worldwide Spokesperson did not immediately respond to an emailed request for comment on apparent data breach. Marriot issued a statement later about the White Lodging Data breach which includes, ‘”One of our franchise management companies has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels,” and it continued “They are in the midst of the investigation and are in close contact with the banks and credit cards companies.”

Marriot failed to share details immediately as per the statement as it says “Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide,” and “Since this impacts customer of Marriott properties, we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely.”

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Big banks and retailers lock horns over Data breach

February 3rd, 2014 by admin No comments »

English: Logo of Target, US-based retail chain

Big banks and retailers lock horns over Data breach

Target customers personal information of about 110 million was exposed during the data breach. It was notified by the Justice Department after suspicious activity involving payment cards used at Target stores. Also Neiman Marcus computer was attacked by hackers. It was notified late to the customers as company required confirmation for the breach.

Target Executive Vice President John Mulligan started his testimony before the Senate Judiciary Committee with an apology before blame game started between big banks and retailers. He stated during first part of hearing, “We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back.” According to Mulligan, company hired its own independent team of experts to conduct a forensic investigation after the breach.

Personal information like credit and debit card numbers, expiration dates, PIN numbers and codes on the cards’ magnetic strips was compromised after 40 million credit and debit card accounts of Target were breached late last year. Also non card information like names, phone numbers and email and mailing addresses of 70 million Target customers were also stolen.

Neiman Marcus computer was also affected by the breach. Michael Kingston, senior vice president of the Neiman Marcus Group said, “The malware was evidently able to capture payment card data in real time, right after a card was swiped, and had sophisticated features that made it particularly difficult to detect, including some that were specifically customized to evade our multilayered security architecture that provided strong protection of our customers’ data and our systems.”

FTC Commissioner Edith Ramierz and William Noonan, a top agent with the Secret Service’s cyber operations branch are expected to report the Senate Judiciary Committee following testimony from retailers.

With the seriousness involved in the breach data it is advised companies to put all security measures in place. Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Saint Francis Hospital Patient Data Breach

January 30th, 2014 by admin No comments »
Saint Francis University

Saint Francis Hospital Patient Data Breach

Saint Francis Hospital Patients data were stolen from independent contractor physician car in New Haven, Conn.  Vanapalli is an independent contractor physician who works in the Emergency Department at Saint Francis. There are many questions related to unsecured data presence in the car. Saint Francis Hospital and Medical Center notified patients about the breach quicker than many other organizations.

Information included patient names, dates of birth and medical record numbers. It didn’t contain information like Social Security numbers, financial information or addresses.

It shows how organizations need to keep electronic health records, as well as the risks associated with paper copies of records. The incident reinforces the need for electronic health records (EHRs). But also it shows importance of safe guard measures like encryption of laptops, desktops and policy enforcement for better security.

Saint Francis has mentioned that they have implemented internal information safeguards. Credit monitoring for the 858 patients will be provided for two years. It said it will plan to improve physical safeguards. One of the steps includes preventing physicians, especially those who are contracted, from possessing physical records and transport them. So considering incidents like this EHR systems do have certain privacy and security benefits.

Saint Francis said the breach was a violation of policy. It said they didn’t receive any information to related data misuse. John Rodis, M.D., executive vice president and chief operating officer and chief physician executive, said “Our goal has always been to help ensure adequate safeguards are in place to protect our patients’ confidentiality. Education of our staff has already been completed and we are evaluating other opportunities to strengthen our compliance program.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Healthcare compliance improving according to DataMotion security survey

January 28th, 2014 by admin No comments »
Data Security

Healthcare compliance improving according to DataMotion security survey

DataMotion’s conducted second annual survey on corporate email and file transfer habits. It helped to give insights about the perception of responding IT and business decision-makers about their organizations. It considered both advancement and ongoing issues for health care providers in securing patient as per the procedures.

More than 400 IT and business decision makers across the US and Canada participated in the survey.  Survey conducted was cross-industry but special significance was given to healthcare. According to the response from the health care companies, there is a strong effort toward improving security and compliance practices but there is still work to be done. Companies are now beginning to understand the importance to protect private and sensitive data.

“There [have] been improvements in security and compliance since last year, and healthcare in many ways is leading the way compared to other industries, but there are still serious problems to address,” DataMotion’s Chief Technology Officer, Bob Janacek said, “52 percent of healthcare respondents said their company either doesn’t have, or they are unsure if they have, a BYOD policy. There have been many incidents of mobile devices being lost or stolen that contain protected health information, potentially resulting in a HIPAA breach, and this puts organizations at great risk. Furthermore, healthcare regulations have expanded; meaning companies not previously covered, might be now.”

Study showed above average progress in privacy through emails and file transfers because of the emphasis HIPAA and the final Omnibus ruling place on policies. Some of the aspects of the reports are –

-90.4 percent of companies responded positive for security and compliance policies for transferring files electronically

- 84.8 percent mentioned their employees/co-workers capability to encrypt email

- 86.4 percent stated their policy to achieve compliance

- 32.6 percent healthcare respondents replied about co-workers inability to fully understand security and compliance policies for transferring files electronically.

- 3 out of 4 healthcare respondents replied about employees/co-workers “routinely” or “occasionally” violating security and compliance policies

- While 87.7 percent of healthcare companies permit the use of mobile devices for email, 40.3 percent d stated there is no BYOD policy.

- 11.7 percent are unsure about the policy existence.

- More that 25% promoted free consumer-type file transfer services. 30.5 percent said their company does not forbid the use of these services.

Janacek said “These survey findings give us a textured understanding that hopefully will help businesses overcome and anticipate related issues, especially in an age where security and compliance can so dramatically impact the bottom line,”

More efforts have to be made to get the compliance to protect private data. Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Enhanced by Zemanta

Data Theft Analysis, Prevention and More

January 26th, 2014 by admin No comments »
Benq laptop

Theft or loss of unencrypted laptops and USB drives is one of the leading causes of data breaches for several past months

Theft or loss of unencrypted laptops and USB drives is one of the leading causes of data breaches for several past months. There is lot more possibilities of data breach through stolen laptop today as compared to it was decade ago.

“Whether or not, in a particular instance, a thief was looking for the data on the machine, the fact that there is this market in name, address, Social Security number, phone number, credit card data and so on, makes the loss of a device which has got that data on it all the more potentially damaging,” ESET senior security researcher Stephen Cobb says.

“If there’s a difference between a laptop theft today and 10 years ago, it’s that it’s probably got saleable data on it,” Cobb states. “Something that we see in talking to organizations is that a lot of people are not yet fully aware that data about people has a value in a very structured black market.”

“You can buy a 16GB thumb drive at the drugstore for $12, and you can put information on it, the loss of which would cost you a million dollars,” Cobb mentioned.”Not enough people are looking at it like that. For $80, you can buy one that’s encrypted automatically, but they look at the difference in price and they say it’s not worth it. But when you look at the million-dollar impact, it’s a different calculation.”

Another major cause for data breach is related to employees neglect for the policies. He added “Policies and procedures often lag behind the systems that they’re supposed to protect,” he says. Policies have to ensure safety of the data.

“If I were to fault anybody in the employee error side of things, it would be upper management for not realizing the importance of keeping people up to date on these things,” Cobb says. “I’m an opponent of the stupid user theory. Yes, some people do dumb things, and there will always be that element, but an employee isn’t stupid if they haven’t been told what they should and shouldn’t do. And an organization which doesn’t have checks and balances in its processes is more stupid than the employee who makes a mistake and there’s nobody around to catch it.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Potential data Breach of 6,777 patients after unencrypted desktop stolen in Albany

January 23rd, 2014 by admin No comments »
Phoebe Putney Memorial Hospital

Potential data Breach of 6,777 patients after unencrypted desktop stolen in Albany

Unencrypted desktop owned by Phoebe Putney Memorial Hospital (PPMH) in Albany, Georgia was found missing. About 6.777 patients are vulnerable to data misuse after the incident. Information like patient names, dates of birth, addresses, dates of services, physician names, diagnoses, and Social Security numbers were present on the desktop. Computer was password protected.

Affected patients were seen between May 2010 and October 2013. PPMH sent notification about the incident and provided a copy online. It offered one year credit monitoring for affected patients.

PPMH also notified the incident to The Albany Police Department but they were not sure about computer being stolen or misplaced. They stated, “We deeply regret any concerns and inconvenience this has caused our patients. We have reviewed and enhanced our security policies and procedures and have re-enforced with all staff the importance of handling patient information with care to prevent something like this from happening in the future.”

PPMH hired computer Forensics Company to investigate the breach. Unencrypted computers are common in data breach stories so security is at high risk. So considering possible misuse involved in unencrypted computers it is recommended to get the best security.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Records stolen from CaroMont employee’s car

January 21st, 2014 by admin No comments »
Files

Records stolen from CaroMont employee's car

CaroMont Regional Medical Center’s census report paper records for 191 patients were stolen from an employee’s car in Dallas. The information was reportedly stolen from the   employee’s car during a stoppage on the way to the office. Employee notified Dallas Police Department about the theft.

Employees have been known to take patient information out but certain steps are required to be followed to protect the information according to CaroMont spokeswoman Dallas Paddon.

Patient names, dates of birth, medical record number, and the reason for the hospital visits were the information present on the report. The census report was single printed document. CaraMount notified the affected patients. They are advised to monitor their credit and contact Experian, Trans Union, and Equifax because of possible financial information misuse. CaraMount didn’t mention the reason behind it.

Donnetta Horseman, CaroMont’s corporate responsibility officer, issued a statement about the theft Wednesday, “Upon learning of the unauthorized disclosure, we conducted a thorough investigation with the staff person and appropriate disciplinary actions were taken.”

The staff member has been disciplined and staff is being reeducated on patient information disclosure and CaroMont’s Notice of Privacy Practices as per CaraMount. But it was not made clear why the employee had the report in his or her car.

Previous year information from 1,310 patients with CaroMont Medical Group was sent through an unsecured email.  Email included information names, addresses, phone numbers, dates of birth, dates of service, medical record number, diagnonses, medication, and insurance company names, as well as two patients’ Medicare numbers.

Around 80% of information theft is due to lost or stolen laptops and other storage equipment. With the critical information at stake, many companies also use encrypted laptops/computers for storing records which is also stored in binder. With the misplaced or stolen laptops same as paper record can cause serious security concerns. To secure records or computers related stringent procedures should be followed.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

US tops as Malware Hosting Nation

January 19th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

US tops as Malware Hosting Nation

Solutionary’s Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q4 2013 states that the United States was the leading malware-hosting nation. US host 44 percent of all malware which was five times more than the second-leading malware-hosting nation, Germany. Later was responsible for 9 percent of all malware in Q4 2013. Report predominantly focused on distribution and analysis of malware. SERT used cloud-based Solution Active-Guard Platform and global threat intelligence network to get the results.

Solutionary SERT director of research Rob Kraus said in a statement ,“We aren’t just talking about foreign espionage campaigns, APTs and breaches; many of these malicious activities are taking place within U.S. borders,” and continued saying, “Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier.”

Reports mentioned that over 40 antivirus fail to detect malware Researchers found that majority of malware applications are related to PUA’s i.e. potentially unwanted applications which are installed Microsoft Windows 32-bit portable executables (PE32) files.

SERT also mentioned about the malicious actors turning to cloud for malware distribution. It found that malware distributors are widely using cloud computing either by buying services directly or compromising legitimate domains. They are also hiding behind the reputed hosting providers like Google, Godaddy and Amazon to avoid geographic black listing. This type of modus operand has enabled distributors for cost effective ways of spreading malware through easily making them online.

Reports also provide recommendations to Internet Service Providers to limit the risk associated with malware distributions by sites hosted and domain name registered. Ultimately it is up to providers to take action for stopping the proliferation of malware.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Stolen Laptop may lead to security breach of 12,354 Cancer Patients’ Data

January 17th, 2014 by admin No comments »
English: This is a picture of my laptop

Stolen Laptop may lead to security breach of 12,354 Cancer Patients’ Data

Personal information may have been exposed when a laptop was stolen from an employee’s office of New Mexico Oncology and Hematology Consultants (NMOHC). NMOHC started notifying affected customers about the data theft incident. They were advised to monitor their credit reports and financial accounts for any unauthorized activity.

As 12,354 cancer patients’ data has been compromised there is possible violation of protected health information (PHI). PHI includes names, birthdates, addresses, diagnostic results or information related to treatment and insurance information. No Social Security numbers or driver’s license numbers were on the laptop.

NMOHC was not aware about any unauthorized activity related to stolen information but they are instructing customers to report same.

The organization said in a statement on its Web site. “While NMOHC hopes to recover the stolen computer and PHI, that may not be possible,” adding, “In an attempt to prevent further breaches of PHI, NMOHC has increased physical security safeguards as well as implementing additional security safeguards on all laptops. NMOHC is also strengthening other aspects of its internal HIPAA security program.”

With the important information like PHI being stolen more actions are taken by the organization to prevent data loss.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

HealthCare.gov Data Breach Notification Bill passed by the house

January 15th, 2014 by admin No comments »

House of Representatives lawmakers approved the Health Exchange Security and Transparency Act today which would require the Department of Health and Human Services (HHS) to notify individuals within 48 hours of security breaches from state and federal health exchanges. It will be routed through HealthCare.gov.

President Obama was against the bill, stating “unrealistic and costly paperwork requirements” and mentioned that bill will fail to enhance security flaws. Democratic senate is likely to oppose the bill from getting a vote. Regardless of different views, Republicans believe the approval of bill is seen as public disbelief in HealthCare.gov to keep patients data safe and secure.

The final tally was 291 to 122 as 67 democrats choose to vote in favor of bill. Democrats vote may be related to reelections. With the passage of bill, republicans are continuing policy of raising concern related to HealthCare.gov site security. They have raised concerns about technical security issues due to missed security testing deadlines during the summer.

House Republicans proposed the bill to safeguard peoples interest related to information breach. Under section 1311 or 1321 of the Patient Protection and Affordable Care Act (42 U.S.C. 18031, 18041) which is known to have resulted in personally identifiable information of an individual being stolen or unlawfully accessed, the Secretary of Health and Human Services shall provide notice of such breach to each such individual within two days.

CMS spokesman Aaron Albright said “To date, there have been no successful security attacks on Healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site,” said last week. Many democrats believe that the Republicans are over blowing the security concerns for political gain.

Reps. Elijah Cummings (D-Md.), the ranking member on the House Oversight Committee, and Henry Waxman (D-Calif.), the ranking member on the House Energy and Commerce Committee mentioned that  they believe the Republicans are just following scare tactics.

According to post, Cummings said “There have been no successful security breaches of HealthCare.gov,” and continued “Nobody’s personal information has been maliciously hacked.”

The fact that 67 democrats voted for passage of bill may be considered to have political goals but also there is chance that some of them believe that there are major security issues on HealthCare.gov.

With the steps taken by the government it is better to be sure from our end with encrypted laptop.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Data breach of 480 patients notified by Southwest General

January 12th, 2014 by admin No comments »
three ring binder

Data breach of 480 patients notified by Southwest General

Binder went missing from Southwest General Health Center of Ohio which includes information as patient names, dates of birth, medical record numbers, and clinic information related to childbirth. No financial information or Social Security numbers was present. About 480 patients were notified about the incident.

The hospital has not received any information about misuse of the missing binder. They have released a statement about it plans to prevent future incidents. The binder was used in an obstetric quality study being conducted by the hospital and the Ohio Department of Health, Office of Vital Statistics, and the Ohio Hospital Association.

Southwest General has existing policies and procedures to protect its patients’ health information. They are taking due care to maintain privacy and security of its patients and have implemented more procedures to prevent similar incidents. It is not clear whether hospital has notified law agencies or not.

Around 80% of information theft is due to lost or stolen laptops and other equipment. With the critical information at stake, many companies also use encrypted laptops/computers for storing records which is also stored in binder. With the misplaced or stolen laptops same as binder can cause serious security concerns. To secure binder or computers related stringent procedures should be followed.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Enhanced by Zemanta

South Carolina Insurance data stolen: Notofication sent after two months

January 9th, 2014 by admin No comments »
Laptop icon

State mandated health insurance program in S.C. notified customers about laptop theft which has occurred two months earlier.

State mandated health insurance program in S.C. notified customers about laptop theft which has occurred two months earlier according to website, GoUpstate.com. The laptop belonged to one of the company’s auditor and reportedly it was password protected, the laptop was stolen from individual’s car. Information about stolen laptop was notified to the police next day and the SC Health Insurance Pool.

SC Health Insurance Pool, run by the SC Department of Insurance had hired Columbia accounting firm DeLoach & Williamson to review their claims and payments. The laptop had important personal information like patient names, dates of service, provider identification numbers, and Social Security numbers as per The Post and Courier. In total 3,432 customers were affected who earlier used the program in 2011 and 2012.

Personal information may lead to data theft due to possible violation of company policy as per the Attorneys for DeLoach. It is prohibited to leave laptop in vehicle unattended which leads to theft. The pool mentioned that it does not allow employees to take customer information outside company offices.

Despite theft knowledge within week, customers were not informed. All the affected customers were mailed about the incident.

“First, we had to determine what type of information was included,” Cynthia Hutto of Nelson Mullins Riley & Scarborough said. Apparently delay was caused due to the process of information collection for mailing address and setting up free credit monitoring. Cost for same is covered for one year by the auditor and respective mailing notification is sent for same.

With the present scenario it is advisable to have security software which prevents major data loss. With the possible penalty of breach and potential loss of customers trust more stringent security measures has to be applied. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

1,100 Pediatric Patients’ Health Information breached after stolen laptop

January 7th, 2014 by admin No comments »
Cryptographically secure pseudorandom number g...

1,100 Pediatric Patients' Health Information breached after stolen laptop.

New Jersey’s Barnabas Health recently informed about an unencrypted laptop was stolen on September 24, 2013 from the Barnabas Health Medical Group’s Pediatric Specialty Center which is located in Livingston, N.J. Although the theft was discovered on the same day and police were notified for it but the laptop has not been recovered. Letters were sent to the affected customers.

The stolen laptop contained information which was attached to pulmonary function testing (PFT) equipment information on its hard drive. There is a possibility of data theft of patients’ names, birthdates, testing dates, testing results, physicians’ names, and other demographic information. More information like addresses, financial information or insurance or other identification numbers was not available on it.  Company has informed customers to report any unauthorized activity related to data breach.

Despite the laptop theft, any violation of personal information has not been reported to the company. Company stated availability of printout of PFT forms of the patients ensuring continuity of care and accessibility by the treating physician.

“Patients with questions relating to this incident should call 800-583-1191 between the hours of 9:00 AM and 5:00 PM. Barnabas Health Medical Group sincerely regrets this unfortunate incident and considers the security of patient information to be of utmost importance.” Barnabas Health mentioned in the notification to the customers.

Many measures have been added up like review of applicable safeguards and use against unencrypted laptops to avoid such incidents. Retraining of various patient privacy and security obligations and policies took place for employees of the centre.

Organizations can use encryption software like Alertsec Xpress to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Stolen laptop leads to settlement by the Accretive Health

January 5th, 2014 by admin No comments »
English: Acer Aspire 8920 (with 18.4 inch scre...

An accretive laptop containing sensitive information of 23,000 patients was stolen from employee’s car

Accretive Health working as medical billing and revenue management services vendor has agreed for settlement with Federal Trade Commission (FTC) due to allegations of inadequate data security measures which put consumer data at risk.

An accretive laptop containing sensitive information of 23,000 patients was stolen from employee’s car. FTC pointed out many discrepancies like failure to removal of unwanted data from laptop, failure of reasonable procedures in place and vulnerability of sensitive data while laptop is transported. More over they expected to have limited access to customer information by the employees.

Terms of the settlement agreed by the Accretive involved development and deploying a comprehensive data security policy that will be evaluated initially and every two years by a certified third party. Settlement will remain in effect for the next 20 years as per FTC.

To avoid such failures to take proper measures for the security may lead to penalty. To avoid such incidents it is preferred to have proper procedures along with best encryption software. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers.

Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Personal data theft fears Internet users

December 26th, 2013 by admin No comments »
Benq laptop

CCIA revealed that Internet users are highly concerned about personal and financial information theft.

A poll conducted by Computer & Communications Industry Association (CCIA) revealed that Internet users are highly concerned about personal and financial information theft and believe strongly that the federal government should do more to protect them.

Ed Black, CCIA President and CEO said “By wide margins this survey clearly shows that ID theft has touched the majority of consumers in some way, and that hacking is more worrisome to consumers than tracking, and that voters want the government to more aggressively go after cyber criminals. Safeguarding users online must become a higher priority for companies and also for the regulators and policymakers charged with protecting consumers.”

“While many surveys ask people whether they care about privacy in the abstract, we were interested in finding out both how they rate security and privacy in comparison and how that manifests in their behaviors online,” said Ross Schulman, CCIA Policy and Regulatory Counsel.

Ross further added “Are they taking steps to protect their security and privacy? What information do they share online and why do they share it? The answers may help policymakers focus on the online concerns that matter most to citizens and understand user trends in everything from social media to online shopping”.

According to the survey, 80 per cent voters say they are more worried the information they share will be hacked to cause harm or steal from them, voters are 5 times more worried about hacking than tracking while just 16 per cent are more worried that companies will use the information they share online to target advertising to them.

50 per cent say they or someone they know had their financial accounts breached online. 55 per cent say they or someone they know had their email account breached and 62 per cent report receiving a suspicious email from someone likely due to that person’s email being hacked.

Overall, 75 per cent are worried about their personal information being stolen by hackers and 54 per cent are worried about their browsing history being tracked for targeted advertising.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Data Theft by Former NATO employee

December 20th, 2013 by admin No comments »
Internet Bank Robbery

Data Theft by Former NATO employee

A former NATO employee was sentenced for seven years in jail by the German court for spying after the IT expert and copying secret data in order to sell it to a foreign intelligence service.

Identified as Manfred K., the 61-year-old man had worked for the transatlantic military alliance at the US airbase of Ramstein in Germany but left his job after a dispute.

The court found “The disclosure of the files would allow a potential enemy of NATO to gain access to the secret network of NATO”.

Court rejected Manfred’s claim that he was trying to point out security gaps when he copied the data and hid it on USB memory sticks in his kitchen and basement.

The court in the western city of Koblenz found that the man copied passwords, server locations and other information for NATO computer systems that would have enabled a cyber attack.

The IT expert, who had worked for NATO for more than 30 years, copied the data in March 2012 and failed in an attempt to obtain more in June but left NATO shortly afterward. He was been in detention since his arrest in August 2012.

Andreas Voelpel, presiding judge said that the data were the “crown jewels” and “operative heart” of the system and would have allowed a foreign power to launch a cyber attack with devastating impact.

According to the Court, Chinese or Russian intelligence services were the suspected potential takers for the data.

The defendant had earlier denied the charge, saying “I was never a traitor. I am not and never was an enemy of NATO, only of the security sloppiness of employees.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Two Horizon Blue Cross Blue Shield of New Jersey laptops stolen

December 19th, 2013 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Two Horizon Blue Cross Blue Shield of New Jersey laptops stolen, more than 800k impacted.

More than 800,000 members of Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) were sent notification letters after two unencrypted laptops were stolen from the insurance provider’s Newark headquarters. The notice was sent to alert the members that their personal information may have been compromised.

The stolen laptops were unencrypted, but what comes as a relief is that they were password-protected. Sensitive information on roughly 840,000 members was stored in the laptops, including names, addresses, dates of birth and Horizon BCBSNJ identification numbers. Social Security numbers and clinical information were also included.

“Our top priority at the moment is making sure our members are protected. We are in the process of notifying our members, who are affected, to apologize for this incident and to provide free credit monitoring and identity theft protection to those members’ whose Social Security numbers were involved” said Thomas Vincz, a Horizon BCBSNJ spokesperson.

Horizon BCBSNJ officials were informed that two laptops were stolen, despite being cable-locked to employee workstations. The insurance company began notifying affected members via mail following an initial investigation with the Newark Police Department.

Horizon BCBSNJ also hired outside computer forensic experts who determined that not all the information contained on the laptops would be accessible due to the configuration of the machines.

The laptops have yet to be recovered and an investigation is still ongoing, Vincz said. The information has not been used in any way and officials with Horizon BCBSNJ do not believe the laptops were stolen for the information the devices contained, according to a statement posted to the website.

Vincz said “Horizon is still investigating the encryption procedures and the use of member information as it relates to the two stolen computers. Horizon is also reviewing its inventory of computers and its security and encryption procedures in general. We will also be enhancing employee training with respect to the security of company property and member information”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UNC-Chapel Hill Data Breach affects 6000 people

December 15th, 2013 by admin No comments »
University of North Carolina at Chapel Hill

UNC-Chapel Hill: An online data breach of personal information affects more than 6,000 people

The University of North Carolina at Chapel Hill is a coeducational public research university located in Chapel Hill, North Carolina, United States. It is the second largest university in North Carolina.

According to UNC-Chapel Hill an online data breach of personal information affects more than 6,000 people, officials are investigating

As the files went online, they contained information belonging to some current and former employees, vendors, and students. Information contained names and Social Security or Employee Tax Identification numbers, and in some instances, addresses and dates of birth.

An information technology manager in the UNC Division of Finance and Administration was informed that some electronic files managed by the Division of Facilities Services became accessible on the Internet.

When university officials learned about the incident, they took steps to block access to the files and began an extensive investigation and the records are no longer accessible on the Internet.

the university began notifying affected individuals by mail.

The university also learned that as part of Google’s automated processes, these files were copied and made publicly accessible. The university asked Google to take the records down immediately, and Google complied.

UNC worked with a consultant to identify potentially affected individuals as soon as it had been confirmed that their personal information was included in the files.

in the notification letter sent to the affected people, Kevin Seitz, interim vice chancellor for finance and administration said “Other than Google’s activities described above, we have not been able to determine whether individual personal information was accessed by others or was misused as a result of this incident”.

“Please be assured that we continue to evaluate our computer and administrative systems and to implement appropriate measures to protect the sensitive information in our possession.”

According to Chris Kielt, vice chancellor for information technology, the university’s prompt, aggressive action underscores its commitment to protect sensitive data. Making sure the files were secured and notifying the affected people as quickly as possible were top priorities, he said in a statement.

To help protect personal information stored on campus servers, Information Technology Services (ITS) has a process in place for regularly scanning servers that have been identified by a unit’s system administrator as storing sensitive data.

“Furthermore, as part of a broader initiative to address the risk imposed by the exposure of sensitive data, ITS is working to formalize the process for identifying and safeguarding sensitive data university-wide,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Target: Credit Card Data Breach on Black Friday

December 13th, 2013 by admin No comments »
Target HQ

Target: Credit Card Data Breach on Black Friday

No organization or company would like to hear about data breach incident that may put consumer credit card information at stake. US retailer, Target is investigating a massive data breach that begin this Black Friday, the biggest shopping day in the US.

It was reported that the data breach incident occurred in the Target retail store and not online. It could potentially involve millions of consumer credit cards from all Target retail locations. The theft involves grabbing the data stored on the magnetic strip of cards.

The data stolen would allow thieves to create counterfeit credit cards by transferring the stolen data on to any card with a magnetic stripe. If the thieves were also able to capture debit card PIN data, they could create fake cards and use ATMs to remove cash from accounts.

Target consumers who shopped at their stores were asked to be alert about any suspicious activity on cards that they used at the retailer. A victim told that he and some of his friends became the target of a similar kind of breach last year at a very popular establishment in Virginia that has some outlets in US. Fortunately, security departments at banks were on the lookout and caught most illegal transactions using the fake cards. His wife was actually called by their bank while standing in line buying groceries with her debit card when a simultaneous purchase using a fake card with her information was going on in Texas.

During these situations consumer is usually protected but the process of canceling and reissuing of cards proves to be inconvenient sometimes. Lawsuits between banks, that business and insurance companies are still arguing as to who was ultimately at fault.

Most of the times companies and banks do not like to talk about these issues publicly, but if the result of breach incident proves to be accurate, it will be one of the largest consumer credit card data breaches in history.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Theft at JPMorgan

December 10th, 2013 by admin No comments »
Desk full of laptop computers

Data Theft at JPMorgan

A warning has been sent across 465,000 holders of JPMorgan prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network.

The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

JPMorgan reported the law enforcement as soon as it detected that its web servers used by its site www.ucard.chase.com had been breached.

Bank spokesman Michael Fusco said that since the breach was discovered the bank has been investigating to find out exactly which accounts were involved and what pieces of information could have been taken. He declined to discuss how the attackers breached the bank’s network.

Fusco said the bank is notifying the cardholders about the breach because it cannot rule out the possibility that their personal information was among the data removed from its servers. The cardholders account for about 2 percent of Fusco’s roughly 25 million UCard users.

The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the data breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.

The bank believes “a small amount” of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.

Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. Many states require banks to notify customers if they believe there is any chance that such information may have been taken in a breach.

The bank is also offering the cardholders a year of free credit-monitoring services.

The warning only affects the bank’s UCard users, not holders of debit cards, credit cards or prepaid Liquid cards.

Fusco said the bank has not found that any funds were stolen as a result of the breach and that it has no evidence that other crimes have been committed. As a result, it is not issuing replacement cards.

The bank said it does not know who was behind the attack, though the Secret Service and FBI are investigating the matter.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Laptop stolen from a University of Minnesota student

December 9th, 2013 by admin No comments »

In yet another campus robbery, a University of Minnesota student studying in the Carlson School of Management was forced to hand over his laptop to a man who claimed to have a gun.

University of Minnesota West Bank Campus, 2007

Laptop stolen from a University of Minnesota student

The student chased the robber as he fled and was able to retrieve the computer.

The incident pushes the total number of robberies to 27 this fall with all but four occurring off campus. Most victims were targeted for their cellphones, laptops and tablets. Unnerved students have gotten a steady stream of alerts reporting robberies, muggings and sexual assaults on and near campus, prompting petitions, legislative hearings and increased police patrols.

The robbery on Sunday occurred in the Carlson School atrium on the campus’ West Bank. Although the man robbing the student claimed to have a gun, he didn’t show it, university police said. The student gave the robber his laptop, called for help and then chased the man through the building doors that face 19th Avenue and Fourth Street.

The robber dropped the computer, and the student, who was not injured, picked it up.

The suspect is described as a black man who is 5-feet-6 to 5-feet-8 tall with a medium build, unshaven facial hair and silver caps on his lower front teeth. He was wearing a navy blue hoodie, dark colored jeans and shoes that were white on the top half and red on the lower half.

Police said the suspect appears to have had an accomplice who stood as a lookout. He is described as a black man, wearing dark clothing with a boot-style walking cast on his left foot.

Last month, an armed man confronted a female student in nearby Anderson Hall, demanding the woman turn over her laptop. She handed him an empty bag and he ran. No arrests have been made in that case.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Cottage Health System: Data of 32,755 patients exposed on Google

December 8th, 2013 by admin No comments »
STUXNET - strayed from its intended target (No...

Data of 32,755 patients of Cottage Health System of California was exposed on Google

As a third-party vendor removed electronic security protections from one of the servers, data of 32,755 patients of Cottage Health System of California was exposed on Google. The affected patients were notified about the data breach incident. Patients treated at Goleta Valley Cottage Hospital, Santa Ynez Valley Cottage Hospital and Santa Barbara Cottage Hospital between September 29, 2009, and December 2, 2013 may have been affected by this data breach.

The possible data compromised included patient names, addresses, dates of birth and very limited protected health information for some patients related to diagnosis, lab results and procedures performed. The file did not include any Social Security numbers, driver’s license numbers, health insurance numbers, bank account numbers or any other financial information.

The Cottage Health announcement stated that it quickly removed the server from service and conducted a review of all servers to ensure that appropriate security measures are in place. To avoid reoccurrence, it’s conducting a security protocol audit and implementing additional measures. The organization has offered affected patients a toll-free phone number and identity management services through ID Experts.

Steve Fellows, executive vice president, chief operating officer and chief compliance officer at Cottage said “We deeply regret this incident. Cottage takes its obligation to protect health information very seriously and is taking aggressive steps to safeguard against this type of incident in the future. We want to assure our patients that we are doing a thorough review and have systems in place to address their concerns. We understand that the security vulnerability by our vendor was unintentional and we have no reason to suspect that the limited data exposed might be misused.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Do’s to avoid damage by Data Breach

December 6th, 2013 by admin No comments »

Have you received any email from an online company informing you that your account has been hacked and that your personal information has been lost in a data breach?

If your answer is yes then you’re not alone. In the past two years, LinkedIn and eHarmony have suffered data breaches that together exposed more than 80 million accounts.

If you’re among the millions of consumers who may have been exposed by a data breach, here are some do’s for you:

  1. Make a note of exactly what kind of information was lost in the data breach, and how it was protected. Names and physical addresses are the least sensitive pieces of information, email addresses and account passwords are more sensitive, Social Security numbers
    Credit Cards

    Do's to avoid damage by Data Breach

    and credit-card numbers are the most sensitive and the most valuable to identity thieves. The company suffering the breach may tell you that even though email passwords or credit-card numbers were lost, they were encrypted and hence safe.

  2. Change the password on your account with the affected company right away, if the company hasn’t already done so for you.  If you use the same password for accounts with other companies, change those as well.
  3. Contact your bank and your credit-card issuers, explain that your accounts are at risk of fraud and ask them to alert you immediately if they detect suspicious activity on your accounts. Professional credit-card thieves will try to “bust out” stolen card numbers with many purchases in a matter of hours, often on weekends when banks are not fully staffed.
  4. Ask your country’s major consumer credit-reporting bureaus to place a fraud alert on your name. This way, if anyone tries to steal your financial identity for example, by trying to open a credit-card account in your name you will get to know.

If you’re a U.S. resident, you should also contact the Federal Trade Commission to create an identity-theft affidavit, and then file a report with your local police force. Make sure you document each phone call made, and each email message and letter sent, during your efforts.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Laptop theft at SIU HealthCare

December 4th, 2013 by admin No comments »
MSI laptop computer

Laptop theft at SIU HealthCare

A laptop containing personal and medical information for almost 1,900 Southern Illinois University HealthCare patients apparently was stolen from a doctor’s private office at Memorial Medical Center.

Southern Illinois University School of Medicine doesn’t have any indication that the information has been used by identity thieves, spokeswoman Karen Carlson said.

But all affected patients are being informed about the largest potential breach of its kind involving patient data at SIU, she said.

SIU is working with the Springfield Police Department to locate the SIU laptop, which former SIU orthopedic surgeon Dr. Mark McAndrew had been using to record data for billing purposes, according to Dr. Jerry Kruse, SIU HealthCare chief executive officer.

“SIU Healthcare understands the critical importance of personal information privacy and doctor/patient confidentiality, and we sincerely apologize that this privacy incident occurred,” Kruse said.

SIU HealthCare, the multi-specialty physician group at the Springfield-based medical school, is “reviewing security and privacy policies. The privacy of our patients is of the utmost importance to us, and we are deeply sorry this has happened” he said.

Data on the laptop may have included patients’ full names, dates of birth, ages, admission dates, medical record numbers, diagnoses, procedural codes and some health information about the treatment they received.

The laptop didn’t contain Social Security numbers, addresses, health-insurance policy numbers, credit card numbers or other financial data, Kruse said.

SIU mailed letters late last week to all 1,891 patients whose data were on the laptop.

SIU waited until now to mail the letters and inform the public because officials were beginning an investigation and trying to verify whether the laptop simply had been misplaced, Kruse said.

The laptop turned up missing Oct. 15 during a check of materials in McAndrew’s former administrative office, Kruse said. The office had remained locked on the second floor of Memorial, Carlson said.

SIU then checked with McAndrew, 60, who resigned from the faculty in mid-September to join the U.S. Army and become part of the Army’s trauma training center in Florida, but he didn’t have the laptop, Kruse said.

SIU reported the apparent theft to Springfield police and SIU police, but they have no leads on the equipment’s whereabouts or who may have taken it, Carlson said.

When the laptop was confirmed missing, SIU already had begun looking at tightening policies dealing with patient information stored on doctors’ mobile devices. The apparent theft of the laptop underscores the importance of such policies, Kruse said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

RacingPost.com website – customer data theft

December 2nd, 2013 by admin No comments »

CNET News - Desktop threat, still a threat (De...

RacingPost.com recently became a victim of a sophisticated and aggressive cyber attack

RacingPost.com recently became a victim of a sophisticated and aggressive cyber attack that resulted in customer details being breached from one of its databases.

The betting and news site said the amount of customer data exposed by the breach will depend on how much information they handed over at the time of registration and will vary from user to user.

The data lost in this data breach incident might include usernames, first and last names, encrypted passwords, email addresses, home addresses and users’ date of birth information.

As information such as customer’s credit and debit card details are not stored on the site, the company was quick to inform that such information was not accessed during the breach.

A post on the website reads “As a consequence, customers have been advised by email that they should take the precaution of changing their password on other sites if it is the same one they use for RacingPost.com”.

Although the passwords are encrypted, RacingPost.com said it is still advising users to change their login credentials because there is a risk the hackers will be able to decrypt them.

Bruce Millington, the editor of RacingPost.com, apologized to site users for any inconvenience caused, and revealed the attack on the site could be linked to others.

“Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation, we did everything in our power to halt the breach. As part of our efforts to resolve the issue, we have turned off the ability to register/log on to RacingPost.com. We are extremely sorry this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies. We thank you for your patience and understanding,” Millington concluded.

Lloyd Brough, director of cyber incident responses at NCC Group, suspects the breach was caused by the exploitation of a web application vulnerability.

Brough said “While it is positive they have been quick to disclose the breach, providing further technical details on what type of ‘encryption‘ was used for the passwords would helped further inform technical users”.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

In last three years 1,500 laptops stolen in Oxford

November 29th, 2013 by admin No comments »
Thames Valley Police station in St Aldate's, O...

In last three years 1,500 laptops stolen in Oxford

Increasing number of laptop theft cases are being reported in Oxford, as a result laptop owners have been urged to download tracking programmes and register their devices.

Police figures show that more than 1,500 laptops have been snatched in the city in less than three years.

The statistics, obtained by the Oxford Mail under the Freedom of Information Act, also show thieves took laptops from car parks, hospitals, churches and camp sites.

Last year 625 of the portable computers were taken in 479 thefts. In 2011 638 laptops were stolen during 491 thefts. Before the end of August this year, 387 laptops had been stolen in 290 thefts.

“Software can be downloaded to track computers and mobile phones. There has been variable success with them. It relies quite heavily on signal strength in the area so they are rather hit and miss.” said Former Thames Valley Police crime reduction advisor – Nick Gilbert.

Mr Gilbert, who now runs his own security consultancy in Witney, also said property – anything from cars to jewellery – can be registered for free at immobilise.com.

“If anything goes missing, providing you have all the information they need, there is a reasonable chance if it turns up anywhere in the county, it will be easy to find and recover” said Mr Gilbert.

But he said it was most important to take a note of the serial number because without it police cannot track the owner if they find the computer.

A brand new laptop worth £1,000 belonging to entrepreneur and former lawyer John Moore was stolen in Blackwell’s Bookshop cafe in September but it has not been recovered. The American lost details of a business scheme.

The Oxford resident said he wished he had known about tracking software before the theft, adding: “If I had downloaded it I definitely would have had the computer back.”

But he also said laptops should be better security protected so they were only accessible to the owner, adding: “If thieves understood that stealing a laptop is going to get them nowhere they are not going to steal them.”

Chauffeur Richard Arrandale lost photographs and a family history project when his laptop was stolen from his Kidlington home earlier this month.

He said thieves who take laptops also take sentimental information, adding: “A lot of people keep their personal stuff on their computers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

After 7 months Maricopa Colleges informs 2.4 million students of data breach

November 27th, 2013 by admin No comments »
Money at hand

It took The Maricopa County Community College District seven months to notify 2.4 million current and former students and employees about the data breach.

It took The Maricopa County Community College District seven months to notify 2.4 million current and former students and employees that their academic or personal data were compromised in a security breach.

The district’s governing board has already approved several million dollars for repairs, and agreed to spend up to $7 million more to notify everyone who is potentially affected, said spokesman Tom Gariepy.

Gariepy said that letters will be sent to current and former students, employees and vendors of the district’s 10 colleges going back at least several years to alert them that their information could have been seen.

Among the vulnerable data were employees’ Social Security numbers, driver’s-license numbers and bank-account information, he said. Students’ academic information also may have been exposed, but not their personal information. However there is no evidence that any information actually was looked at or stolen.

Gariepy also told that the FBI notified the district that it found a website advertising personal data from the district’s information-technology system for sale. The district’s website was taken down that day and stayed down for several days before being restored in stages.

Gariepy said the district didn’t release information about the event at the time because it was investigating the extent of the exposure.

“There was a tremendous amount of data, and the forensics investigation around this was very complex. They had to look at a number of different systems and servers and databases. It would have been nice to say something earlier, but we couldn’t give anyone information until we could say it with certainty, even if it’s not conclusive” Gariepy said.

At the same time, the district was repairing its information-technology system and didn’t want to publicize that it could be vulnerable. The district has installed more firewalls and security procedures. He also said some employees in the information-technology department face disciplinary action.

“We started immediate steps to make the system secure, and it’s become progressively more secure as time has gone on,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach at Kaiser Foundation Hospital

November 25th, 2013 by admin No comments »

There is not a single week which goes without a healthcare data breach incident, in which a laptop or USB flash drive is stolen. The latest data breach victim in this league is the Kaiser Foundation Hospital Orange County - Anaheim Medical Center, alerting patients that their data had been compromised when a flash drive with their information on it went missing.

English: USB Flash Drive SuperTalent Pico-C 8 ...

Kaiser Foundation Hospital Orange County - Anaheim Medical Center, alerts patients that their data had been compromised when a flash drive with their information on it went missing.

The California Attorney General did not reveal the number of patients affected, but Kaiser’s letter were released to patients and explained that patients’ names, medical record numbers, and dates of birth were included on the flash drive, however Social Security numbers were not.

Patients were not even offered the usual year of credit monitoring by Kaiser, which may be considered trite at this point but should be interpreted as a good-faith effort. Instead, it stated that it respects patients’ rights to file a complaint both with Kaiser and with the Office for Civil Rights. For an organization that still isn’t done with its ongoing, extremely-public legal battle with Surefile, it would be reasonable to expect the organization to do more than say it respects patients’ abilities to complain about their privacy being breached.

Moreover, its notification letter has very little transparency. It addition to not knowing how many patients were impacted, Kaiser is not coming up with information such as whether the data was encrypted and whether it was lost or stolen from inside or outside the organization. Kaiser isn’t a “mom and pop” shop that isn’t aware of HIPAA and the degree to which patient data safety is federally-regulated. Even if its Anaheim Medical Center is just part of the organization, in comparison to other breached organizations’ responses, some may argue that Kaiser should be able to make a better effort in notifying patients from both risk mitigation and informational standpoints.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

healthcare Organizations: Security a major concern

November 22nd, 2013 by admin No comments »
English: A candidate icon for Portal:Computer ...

2014 Audit Plan, more than 460 IT audit executives and professionals were surveyed, including 6 percent of healthcare providers and 3 percent payers.

2014 IT audit survey results released by Protiviti, a consulting firm, provided some perspective on where some healthcare organizations are at the moment in IT auditing, including security, and strengthening governance and controls, and the level in which they’re managing IT risk.

The vendor’s third-annual IT audit benchmarking study, titled From Cyber security to IT Governance – Preparing Your 2014 Audit Plan, more than 460 IT audit executives and professionals were surveyed, including 6 percent of healthcare providers and 3 percent payers. Some of the top technology challenges identified include IT security, IT governance, vendor management, big data analytics and cloud computing, among others. IT security, including data security, cyber security and mobile security, was the number one challenge for the second consecutive year.

Following are the key findings from the report:

  • Organizations should be looking to expand IT audits as one component of a broadening net of assurance to evaluate the design and operating effectiveness of management’s security risk assessment, system of controls and monitoring of the environment.
  • Organizations do not have adequate IT audit resources, and these resources are not always a formal part of the audit group.
  • Not enough companies are performing IT audit risk assessments on a regular basis, nor are they updating these assessments as frequently as they should. As a result, IT components aren’t being sufficiently reviewed.
  • Strong IT governance and controls are a priority across all industries.

Brian Christensen, Protiviti executive vice president of global internal audit in the press release said “In today’s organizations, virtually every function is technology-dependent, which means companies face a greater number of challenges to ensure an efficient, secure IT environment. Based on the study, it’s apparent that there is a tremendous gap between where most companies are and where they should be in terms of managing IT risk and strengthening governance and controls. As audit plans are developed, these technology challenges should also be top-of-mind for internal audit.”

Some of the numbers suggest that there needs to be improvement in the different industries. According to the report, 42 percent of organizations reported that they rely on outside resources to augment their IT audit departments because they lack the appropriate internal resources to fully assess potential risks. And one-third of companies with less than $100 million in revenue do not conduct any type of IT audit risk assessment.

David Brand, a Protiviti managing director and leader of the firm’s IT Audit practice said “Although there are areas that clearly need attention, it’s a good sign that more companies are working to implement IT governance policies and procedures. We have seen an uptick in the number of companies that are evaluating IT governance as part of their audit process”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Facebook alert its users following Adobe data breach

November 19th, 2013 by admin No comments »

Back in October, approximately 150,000,000 Adobe customer’s user information was compromised in a stupendous data breach. After such a massive damage to Adobe during security breach, Facebook users who use the same credentials as that of Adobe were asked by Facebook to take precaution so as to protect their information. Facebook’s security team is mining the data leaked from the Adobe breach to find users who are currently using the same password that they used for Adobe.

Facebook has locked the accounts of these users and the only way to unlock their account is by answering a few security questions and changing the compromised password. Facebook is telling such users that for their own sake, “No one can see you on Facebook until you finish.”

You may be wondering how Facebook is able to pinpoint which users are committing the security mistake of reusing passwords. The researchers at the social media website pass an Adobe

Facebook logo Español: Logotipo de Facebook Fr...

Facebook alert its users following Adobe data breach

user’s recovered password through their hashing function, allowing them to see if the result matches what they have on record for that user. These actions show how the website is being proactive and responsible when it comes to users’ security and privacy.

This alertness by Facebook perfectly illustrates the importance of having multiple passwords and not reusing passwords on different sites, especially those which may have been compromised or leaked in the past. It is also critical to create strong and unique passwords that hackers will not be able to guess easily. Following these quick and easy password precautions will ensure your security and privacy on all of your favorite websites.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

388 council-owned laptops lost

November 17th, 2013 by admin No comments »

The loss of hundreds of council laptops potentially containing council taxpayers’ confidential information has been termed as ‘not a big security breach’.

English: Laptop

The loss of hundreds of council laptops potentially containing council taxpayers’ confidential information has been termed as 'not a big security breach’.

The Observer exclusively reported an Interim Progress report from the Royal Borough’s internal Audit and Investigation Unit revealed 388 council-owned laptops were unaccounted for in a survey of council IT assets.

The missing laptops range from devices owned and used in council-maintained schools to assets kept in council buildings.

The report, which outlines risks arising from procedures and policies and any countermeasures being taken, was scrutinized at an audit and performance review panel meeting at the Town Hall, in St Ives Road, Maidenhead, on Thursday last week.

Councilor Duncan McBride, chairman of the panel, said: “I think this has come up before. It is not the first time it has come before us. It is clear from the previous meeting that this is not a major security breach.

“It is terrible that we might have lost these things but… I do not think it is a big security breach.”

However, Councilor Simon Dudley, deputy leader of the council, said: “I’m concerned about these figures, I mean you can see the headlines about the council losing 388 laptops and potentially important information being on them. I would want security processes clearly written down for staff.”

Questioning how many laptops had gone missing in the past year, Liberal Democrat Councilor George Fussey, said: “If we are losing laptops quite regularly, that would be a huge issue. It would be useful to know if we are still losing them or if this is 388 over five years or something.”

Catherine Hickman, head of audit and investigation at the Royal Borough and report author, said the missing laptops date back to 2005 and only a handful, most likely in single figures, had been lost in the 2012/13 financial year.

Mrs. Hickman added; “It could be for a variety of reasons. They may not have been stolen, they could be left in cupboards and forgotten about. We are trying to assess this.”

Councilor McBride added the fact the lost computers may have been older than five years would negate the importance of the lost information and steps have since been taken to reduce the chance of laptops with confidential information on them going missing.

However, speaking after the meeting, councilor John Fido said: “That represents a quite lackadaisical attitude. 388 laptops missing not only represents an awful lot of taxpayers’ money – you would expect a couple of hundred of pounds for each laptop – but also the information on them it puts at risk. These matters have to be treated respectfully.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Data Breach: 7100 patients notified by University Hospitals

November 15th, 2013 by admin No comments »
English: University Hospitals Case Medical Cen...

English: University Hospitals Case Medical Center, Cleveland, Ohio (Photo credit: Wikipedia)

After a third-party vendor performed updates on the computer systems of University Hospitals of Cleveland, Ohio, UH were informed of an alleged hard drive theft.

The not-for-profit medical center has been trying to find the exact nature of the information contained on the drive, since the hard drive disappeared.  According to Fox 8 Cleveland, the drives must have contained information such as names, dates of birth, home addresses, insurance provider information, medical record numbers, health information about specific patient treatment and Social Security numbers for 33 patients. The missing data was compiled from 19 computers within doctors’ offices and the hard drive had not been encrypted.

“There’s no evidence that would lead us to believe that the thief knew what was on the hard drive or could even get into it” stated hospital spokeswoman Janice Guhl. letters have been sent to patients informing them of the potential security breach. The letters contained information on fraud alert and free credit reports, and statement from the hospital stating they are, “actively engaged with an independent IT security consulting firm to strengthen [its] protocols.”

Fox 8 Cleveland stated that UH is collaborating with law enforcement for investigation on the theft at University Hospitals. UH is also working to heighten its technical safeguards and ensure that all devices are encrypted before use. UH has provided a year of free identity theft protection and credit monitoring to 33 individuals whose Social Security numbers may have been compromised because of the theft.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

1.5 million affected in Co Clare-based Company data breach

November 12th, 2013 by admin No comments »
English: A candidate icon for Portal:Computer ...

Co Clare-based Company which manages customer loyalty schemes across Europe had a major security breach in which more than 1.5 million people’s personal information was compromised.

Co Clare-based Company which manages customer loyalty schemes across Europe had a major security breach in which more than 1.5 million people’s personal information was compromised.

A Garda investigation has been launched into what is fast becoming one of the worst data breaches in the history of the State.

Credit card details of nearly 400,000 people in Europe – including almost 70,000 in Ireland - have been compromised after criminals successfully targeted the Loyaltybuild rewards company and exposed various weaknesses in its security systems.

Moreover, credit card details of more than 150,000 people was compromised while the names, addresses, telephone numbers and emails of more than 1.1 million customers of companies who were doing business with the company across Europe were also taken in this data breach incident.

The company has lodged a formal complaint to the Garda and two investigators from the office of the Data Protection Commissioner Billy Hawkes were sent to the company.

Mr Hawkes confirmed that the financial information had been stored in unencrypted form, along with the three-digit security code printed on customers’ cards.

The commissioner’s office said this evening that it had been able to establish the attack was carried out by external sources but stressed that it was too early to say where it had originated.

Loyaltybuild said “We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us”.

Around 70,000 of Supervalu customers are at a “high risk” of having their payment details accessed by an unauthorised third party with those affected having paid for Supervalu Getaway Breaks.

The company managing the rewards programme has informed the Data Protection Commissioner of the potential breach and it stressed that all payment card information it holds is encrypted.

“We immediately engaged the services of a firm of leading, international, online security experts. They are conducting a forensic investigation to help us identify whether any of our stored data was compromised, and, if so, to what extent” a spokeswoman said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Health data breach complaint filed by Milwaukee

November 10th, 2013 by admin No comments »
Official logo of Milwaukee

Health data breach complaint filed by Milwaukee

Dynacare, a clinical laboratory services company lost a USB flash drive with unencrypted patient data during data breach incident. Milwaukee handed the data over to Froedtert Health’s Workforce Health, a public health organization that had contracted with and has an ownership interest in Dynacare.

The lost flash drive contained 6,000 Milwaukee employees’ data such as names, addresses, dates of birth, Social Security numbers and gender. And it stored the names of 3,000 spouses and domestic partners as well, so there was a great amount of Milwaukee patients affected. The city’s complaint may be redundant in light of Dynacare previously reporting the breach to the Department of Health and Human Services (HHS). But here’s the statement from Milwaukee City Attorney Grant Langley.

After consultation with members of the Common Council and the Mayor, the Office of the City Attorney has decided to file a formal complaint with the federal Office of Civil Rights against Dynacare Laboratories for its admitted breach of HIPAA security requirements regarding the private information of more than 9,000 City of Milwaukee employees, their spouses and their domestic partners.

I will be taking this action on behalf of the city and its employees based on Dynacare’s recent filing of a notice of breach of unsecured protected health information, its apparent unwillingness to communicate or cooperate with city representatives or to release details of its investigation, its failure to provide information to the city in order to protect our employees and the misleading comments Dynacare provided to the media.

It is important to note that the city’s contract for its wellness program is with Froedtert Community Health/Workforce Health. That is the entity to which the city provided employee information in a secured and password-protected manner, not Dynacare. The city continues to investigate the matter, and at this time has not ruled out further litigation.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

23% Organizations faced a Security Breach in 2013

November 8th, 2013 by admin No comments »
Business

23% Organizations faced a Security Breach in 2013.

Modern technology has its positive as well as negative effect on individuals and businesses. On a positive side, it is designed to make life easier for individuals and businesses alike and the multiple ways in which it benefits all aspects of business are undeniable. But it also presents firms with challenges and data protection is one of the most serious ones.

A survey was conducted among 3,200 business executives and IT leaders from 16 countries, including the UK. According to this survey, data breaches are the most expensive IT problem that organizations can face. The poll, carried out by data management company EMC, found that on average organisations lose more than $860,000 (£530,000) per year as a result of data breaches. By comparison, any other IT problem that may occur in companies’ day-to-day business costs several hundred thousand less, EMC stated.

In today’s time, no organization is free from the risk of a Data loss incident. The survey showed that 29% of respondents reported experiencing data loss and 23% said they had faced a security breach. The most commonly listed consequences for businesses following these incidents included loss of employee productivity, cited by almost half of those polled, and loss of revenue, mentioned by 39%. In addition, one in three experienced loss of customer confidence or loyalty, while more than one in four reported loss of incremental business opportunity.

The poll conducted by EMC revealed that just 27% of all organizations reported that, in the event of incidents, data could be recovered within minutes or less. This highlights the fact that many organizations are unprepared to deal with data breaches.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Increasing number of Internet users fear Data Theft

November 5th, 2013 by admin No comments »
Internet!

Over 88% of internet users admitting their qualms about internet use and information theft.

In today’s world, majority of consumers worry that their information will be stolen with over 88% of internet users admitting their qualms about internet use and information theft.

Despite their worries, many still conduct risky behaviors such as using the same passwords across multiple accounts and websites or writing down passwords so they can remember them.

Increased security threats are perceived as the biggest governance issue at 38%, followed by data privacy at 28%.

The findings sought to examine the risks and rewards of key trends, including the Internet of Things, which refers to machines, devices, sensors, cars, cameras and other items that are connected to the Internet and often to each other such as everyday gadgets including GPS systems and smart TV’s.

Internet has the ability to collect and transmit data through the use of embedded devices or sensors that connect with networks. These devices have the potential to reap numerous rewards, such as greater efficiency and customer satisfaction.

“However, the Internet of Things poses a number of risks as well, such as more entry points for hackers, espionage and theft of intellectual property,” said Vladimiro Comodini, President of ISACA Malta Chapter.

The report uncovered that less one in five surveyed consumers are aware of the term Internet of Things, yet many admitted to using these devices among which include GPS systems, smarty TVs and electronic toll devices on their cars.

IT professionals have said that half of institutions have plans to capitalise on the internet of things while 31% say that their enterprises have already benefited from the increase access to information such tools provide.

“The rapid increase in connectivity, via the Internet of Things, is fundamentally changing the way we live, work, play and behave. What this survey clearly shows is the shift in perception about risk and privacy as the world becomes increasingly connected,” said Comodini.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach incidents remain undisclosed by Companies

November 3rd, 2013 by admin No comments »
Malware logo Crystal 128.

Data breach incidents remain undisclosed by many Companies.

According to enterprise malware analysts, half of the data breach incidents suffered by U.S. companies go undisclosed.

As per a new survey, 57 percent of malware analysts working on enterprise-related data breaches have addressed security problems that U.S. firms failed to disclose. In order to save reputations or avoid difficult questions by customers and investors, it may be that data breaches are more widespread than first believed, and businesses are far behind in the fight against cyberattackers.

Attempts of attack on security and cyberattacks have become major problems for companies all over the world. If successfully breached, a company network could become an open treasure for hackers, potentially full of customer details including telephone numbers, addresses and card details, sensitive corporate data, or information which impacts national infrastructure security. LivingSocial, Evernote and the Federal Reserve are a among those to be victims of high-profile breaches  taken place this year.

In 2013, Verizon’s Data Breach Investigations Report found that 621 data breaches were confirmed in the year 2012. However when compaired to ThreatTrack’s data which says 66 percent of malware analysts working with 500+ employee enterprises have dealt with undisclosed security problems, the confirmed 621 attack number may somehow be underreported.

“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring. Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools.” said ThreatTrack CEO Julian Waits.

To no surprise, 40 percent of respondents said that skilled help is in short supply, this is one of the most difficult aspects of their roles. In an interesting twist, many of the malware analysts said the majority of their time was taken up, thanks to the Internet habits of executives who through browsing pornography sites, clicking on phishing emails and installing malicious apps allow malware to infiltrate networks.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Adobe : 38 million accounts affected in data breach

October 31st, 2013 by admin No comments »
Logo of Adobe Systems Incorporated

Accounts and passwords of 38 million users had been compromised by cyber criminals at Adobe.

US-based Adobe Systems, which sells Photoshop and Acrobat software, told that accounts and passwords of 38 million users had been compromised by cyber criminals.

An Adobe spokesperson said “Our investigation has confirmed that the attackers obtained access to Adobe IDs and what were at the time valid, encrypted passwords for approximately 38 million active users”.

The California-headquartered firm said it has informed all the affected users and has reset their passwords.

As told by Adobe, the company faced two attacks from cyber criminals who stole credit card data of 2.9 million customers. Its security team had discovered the sophisticated attacks involving illegal access of customer information and source code of many Adobe products.

the spokesperson further added “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident regardless of whether those users are active or not”.

Products made by Adobe are used by film and video makers, web and graphic designers, creative professionals, professional publishers, enterprises and individual consumers. The products are widely used on the Internet, including reading and viewing of documents.

Adobe users avail its various offerings through accounts for which they pay a particular fee depending on the services.

“Our investigation is still ongoing, and we anticipate the full investigation will take some time to complete,” the spokesperson said.

Geographies where the accounts had been compromised have still not been revealed. Adobe has offices in about 34 countries across North America, Asia, Australia and New Zealand, Europe, Middle East, Africa and South America.

It also has a significant presence in India with R&D offices in Bangalore and Noida and sales offices in Bangalore, Noida and Mumbai.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach: Effects on Business

October 29th, 2013 by admin No comments »
STUXNET - strayed from its intended target (No...

According to a survey, two-thirds of adults in US would not return to business if their personal information was stolen.

A data breach is a traumatic experience for every person involved, and it can have negative long-term effects. Your business may deal with loss of revenue from customer turnover and brand mistrust for months or years.

According to a survey, two-thirds of adults in US would not return to business if their personal information was stolen. The survey further provides insight into what types of businesses consumers would most likely stop doing business with if their confidential information was stolen.

“With every data breach comes a cost, including lost productivity, a damaged reputation, and most importantly, decreased revenue when customers take their business elsewhere. This research confirms that by failing to make security a priority, businesses can discourage once-loyal customers from returning. It could also stop potential customers from ever patronizing your business.” said John Otten, marketing manager at Cintas.

Banking, healthcare and lawyers as being under the most scrutiny by people When asked which types of organizations patrons would stop doing business with if their personal data were compromised. More than 55% said that they would change their banks and 39% would get a new lawyer. 46% said that they would switch insurance companies, 42% would go to a different drug store/pharmacy and 40% would get a new doctor or dentist. 35% said that they would not return to their hospital.

Consumers want to know if their money is in safe hands and going to where it is intended when they give to a cause. Accordingly, 38% said they would donate to other charity/non-profit organization, while in the event of a breach, 24% said that they would no longer donate to educational institution they attended.

The survey comes as data breaches continue to be reported, and are being perpetrated via a number of vectors.

A former Broward Health Medical Center employee took documents containing the personal information of nearly 1,000 patients from the Fort Lauderdale health system. The records contained names, addresses, dates of birth and insurance policy numbers.
About 960 patients, treated at Broward Health’s main facility, were notified via letters. These simply informed them that their registration documents had been “inappropriately removed.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Seton McCarthy Clinic: Laptop stolen

October 23rd, 2013 by admin No comments »
English: Seton Healthcare Family logo

English: Seton Healthcare Family logo (Photo credit: Wikipedia)

A laptop was stolen from a Southeast Austin medical clinic, it had thousands of patients’ personal information. Now the hospital is doing damage control to make sure their patients don’t become victims of identity theft.

The laptop was stolen from the Seton McCarthy Clinic, as told by the Seton Healthcare Family. The clinic is located at 2811 E. Second St.

According to a press release from Seton, its investigation determined that the stolen laptop included demographic information about patients seen at Seton McCarthy, Seton Topfer and Seton Kozmetsky community health centers and the Seton Total Health Partners program.

“Obviously the more information exposed the greater the risk. Identity theft is one of the fastest growing crimes in the U.S. and globally, and it happens on a daily basis. So many people put information on Facebook, Twitter, LinkedIN, that even if an identity thief gets a small amount of information, they can go on to the Web and underground chat rooms and engineer the rest of the identity.” said Joe Ross, president and co-founder of identity protection company CSID.

The laptop did not have encryption software installed as required by Seton policy due to a missed technology glitch during installation, said Saton.

A letter was sent out to all patients who were at risk more than two weeks after the laptop went missing. Information is also available on Seton’s website,

Patients who receive notification letters and have questions can telephone, toll-free, (855) 724-2743.

Ross further said “We’ll monitor your credit file. We’ll alert you if there are any changes in your credit. They’re offering criminal or court record monitoring to alert you if someone has used your identity to commit a crime”.

While hospital officials don’t believe someone took the laptop with the goal of stealing identities, they’re playing it safe just in case.

Austin police are handling the case but say they have exhausted all leads and have suspended the case for now. Officials with Seton Healthcare say they have enhanced security at all facilities and so far no patients have come forward with any reports of identity theft.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Health information of 729,000 patients at risk

October 21st, 2013 by admin No comments »
MSI laptop computer

Two laptops stolen from an administration building of a Gabriel Valley-based hospital group.

Two laptops were stolen from an administration building of a Gabriel Valley-based hospital group. This laptop theft resulted in compromise of health information of 729,000 patients.

The stolen laptop contained data of patients treated at AHMC hospitals: Garfield Medical Center in Monterey Park, Monterey Park Hospital, Greater El Monte Community Hospital in South El Monte, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center.

The laptops were swiped from a video-monitored office on a medical campus that according to officials is gated and patrolled by security. The suspects broke into the office and stole two password-protected laptops.

AHMC spokesman Gary Hopkins, said the Alhambra police was called by the hospital group as soon as the theft was discovered.

The stolen laptops contained data including patients’ names, Medicare/insurance identification numbers, diagnosis/procedure codes and insurance/patient payment records, According to the information given by hospital group. Some of the files contained the Social Security numbers of Medicare patients.

As there was no evidence that the information was accessed, but that cannot be ruled out. “We regret any inconvenience or concern this incident may cause our patients” AHMC Healthcare Inc. officials said in a statement.

AHMC Healthcare had already hired an auditing firm to perform a security risk assessment and it was following the recommendations, officials said. Administrators will now follow a policy of encrypting all laptops.

“Affected patients may want to place fraud alerts on their credit files and order their credit reports to look for fraudulent activity” said hospital officials.

Under federal law, hospitals with medical data breach involving more than 500 people needs to be reported. The breach of 729,000 files would rank as the 11th largest in the nation when compared to data on the U.S. Department of Health & Human Services website. In California, two other medical groups have had larger data compromises involving more patients.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Laptop stolen: contained unfinished novel

October 18th, 2013 by admin No comments »
Apple Macbook Pro (Early 2008) 17" Trackpad

A laptop containing an aspiring novelist’s five years’ work was stolen.

A laptop containing an aspiring novelist’s five years’ work was stolen by thieves during a break-in at his Hallaton home.

Just 30 pages away from completing his novel, Remi Mowla was left devastated by the theft, his family told.

Remi is an English literature graduate and had been working on the book for five years and had written about 400 pages, the subject of which he had kept a closely guarded secret.

The Apple MacBook Pro laptop on which it was written was taken from the Mowla’s home in Medbourne Road, Hallaton.

Remi’s dad Masoud Mowla said his son was too upset to speak about losing his laptop.

He said: “Remi is absolutely devastated. He can’t cope with it, he’s so upset. I think it will take him a few months to get his head around it”.

“I’m not saying it was going to be a masterpiece but to put that much into it – it was so precious to him but is worth nothing to anyone else.”

The family has offered a £2,000 reward for any information which leads to the arrest and conviction of those responsible and the return of the laptop.

Police are appealing for information about the break-in – which happened between midday.

“The victim is very keen to get it back and is offering a reward for its return and any information which leads to the arrest of those responsible.” said Det Cons Peter Lockey.

“Two men were seen walking from the direction of Sutton Bassett into Market Harborough and one of them was wearing a hi-visibility jacket. We would appeal to anyone who saw these men or the men themselves to contact us so we can eliminate them from our enquiries.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

DaVita notifies 11,500 patients of laptop theft

October 16th, 2013 by admin No comments »
Cryptographically secure pseudorandom number g...

DaVita notifies 11,500 patients of laptop theft.

Laptop theft continues to be a major source of healthcare data breaches, as a Colorado-based kidney care company, DaVita alerted 11,500 patients and some employees of a breach.

According to a notice on the Davita website “DaVita has determined that personal information belonging to approximately 11,500 patients was on the laptop at the time of the theft. In most cases, this information included details such as name, clinical diagnoses (e.g., end stage renal disease), insurance carrier name, claims payment data and dialysis treatment information. For approximately 375 patients, the information stored on the laptop included Social Security numbers. Personally identifiable information for a very small number of DaVita teammates was also stored on the laptop. All affected individuals will receive letters with additional information”.

An unencrypted but password-protected laptop was stolen out of an employee’s car. The stolen laptop included data such as names, clinical diagnoses, insurance carrier names, claims payment data and dialysis treatment information and Social Security numbers of 375 patients’ were on the laptop. After alerting law enforcement, DaVita said that it’s in the process of notifying patients of the breach and will be providing one year of credit-protection services, including credit monitoring, identity recovery assistance and identity theft insurance through ID Experts.

“We sincerely apologize for any inconvenience or concern this incident may cause our patients. DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures” said Skip Thurman, a DaVita spokesperson.

According to DaVita, the mandated encryption on the device had been unintentionally deactivated.

How did DaVita not know that the encryption had been turned off? They could have encrypted the laptop before it was stolen, if they had proper notifications set up to monitor technical safeguards.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

16 million affected by Data Breach last year

October 14th, 2013 by admin No comments »
English: Laptop

Around 16 million people were affected by data breach incidents last year.

Around 16 million people were affected by data breach incidents last year and more than a quarter of them went on to suffer from identity theft, according to new research.

The worst hit were those who lost payment card and Social Security number data and suffered the highest rates of fraud in the retail, financial and healthcare sectors.

In America, 4.4 million people were notified that their payment card information had been compromised in a data breach, and subsequently suffered fraud on their existing credit or debit cards. In addition, 1.26 million Americans were notified that their Social Security numbers were compromised in a data breach and became victims of identity fraud.

Recent massive data breaches like the one at Adobe, in which as many as 3 million encrypted credit card details maybe have been compromised, have highlighted just how much data can be stolen in one go.

As many as 270,000 Americans who were notified that their online banking credentials had been compromised in a data breach last year also went on to suffer fraud on their financial accounts.

A further 324,000 subsequently became victims of fraud against their checking, savings or current accounts.

Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy and Research said “By breaching the data stores of businesses in the financial, healthcare and retail industries, criminals can obtain the fuel they need to execute various fraud schemes, and these crimes have crippling consequences”.

Opportunities to identify thieves has increased than ever before because of increasing moves towards digitization of patient records in healthcare, and the rise of online banking.

“Identifying and protecting the sensitive information typically stored by these industries is essential for mitigating the risk of a data breach and, therefore, the risk of financial loss to data custodians, consumers and third-party businesses,” Pascual said.

The following steps can be taken to identity theft arising from data breaches:

  • Locate and identify sensitive data.
  • Classify sensitive data accordingly.
  • Secure data based on risk profile.
  • Develop policies to mitigate future data management issues.

For now, the hunt of identity theft continues, and as long as organizations make themselves such easy and lucrative targets, we can assume the amount of data breach incidents are only going to rise.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Reduce Data Breach attacks – 3 steps guide

October 12th, 2013 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

3 steps to reduce Data Breach in your organisation.

In its 2013 Data Breach Investigations Report, Verizon Enterprise reports that 74 percent of data breach incidents in small businesses are “crimes of opportunity” – which means that the crime which occurs is because a hacker notices a weakness and exploits it. In addition, the report shows that nearly half (48 percent) of data breaches are enabled by in-house mistakes, often made by employees who have little or no familiarity with data security protocol.

Such breaches expose technology contractors, freelancers, and consultants who work with these companies to third-party cyber liability. To help tech professionals reduce the risk, TechInsurance has issued guidelines for educating clients about how to prevent data breaches.

“Most of our clients are pretty sophisticated in terms of technology, but they may not think about advising their clients on security basics. Often, that’s because they don’t realize that, even if their own security measures are top-notch, their clients’ security lapses can expose them to costly cyber liability claims.” said Ted Devine, CEO of TechInsurance. He added that, while third-party cyber liability insurance can pay for those claims, preventing them is the best way to keep premiums low and avoid the hassle of litigation.

IT professionals should take the following steps to minimize clients’ exposure to preventable data breaches:

  1. Provide training:

48 percent of data breaches are caused by employee error. Reviewing the practices for storing data, sharing files, and transporting hardware helps non-tech workers to protect their data.

  1. Encourage standard security measures:

76 percent of data breaches are possible because a hacker is able to guess a password. Remind clients to create strong passwords, update passwords regularly, use antivirus software, encrypt sensitive data, limit access to sensitive information, and have protocol in place for off-premises work.

  1. Encryption:

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Increasing tax related Identity Theft

October 10th, 2013 by admin No comments »
Internal Revenue Service (IRS)

Increasing tax related Identity Theft

A report from the U.S. Treasury Inspector General for Tax Administration (TIGTA) states that during 2011, 1.5 million fraudulent tax returns were processed, and refunds totaling $5.2 billion were issued to the wrong people.

In calendar year 2012, the Internal Revenue Service identified almost 1.8 million incidents of tax-related identity theft. This figure includes approximately 280,000 incidents in which taxpayers contacted the IRS alleging that they were victims of identity theft. As of midyear 2013, over 565,000 cases have been reported to the IRS.

In an address to tax professionals in Grapevine, Texas, on July 30, 2013, then-IRS Principal Deputy Commissioner and now IRS Acting Commissioner Daniel Werfel stated that there are more than 3,000 IRS employees working on identity theft. That’s more than double the number at the start of the 2013 tax filing season. On average, it takes the IRS approximately six months to resolve a tax identity theft issue. However, as the IRS is one of the federal government agencies that have been shut down as a result of the most recent budgetary gridlock within the Administration and Congress, the resolution of tax identity theft issues may take even longer once the IRS is reopened.

IRS is beginning to implement screening filters that help to prevent false returns from being processed. In addition, the IRS has started to issue identity theft PINs to those taxpayers who have been identified as victims of tax-related fraud.

Taxpayers who complete and file IRS Form 14039 (Identity Theft Affidavit) receive an Identity Theft Protection PIN (IP PIN) once their identity has been verified. Returns filed with the IP PIN will be processed as a legitimate return in the usual manner, meaning that even though a taxpayer previously had a tax-related identity theft problem, the use of the unique IP PIN issued by the IRS will allow future returns to be processed in a normal time frame.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Breach at Saint Louis University

October 8th, 2013 by admin No comments »
DuBourg Hall serves as the administration buil...

A health data breach at Saint Louis University (SLU) affected 3,000 patients.

A health data breach at Saint Louis University (SLU) affected 3,000 patients. Few SLU employees received a phishing scam mail and gave out their account information by mistake.

About 20 SLU email accounts were accessed by the phishing culprits. These email accounts had protected health information (PHI) of about 3,000 people and about 200 Social Security numbers as well. According to the spokesman, employees’ financial information was the main target of the scam. And while no unauthorized financial transactions occurred, 10 employees changed their direct deposit information.

Affected students were offered one year of free credit monitoring and identity theft protection and restoration to affected students.

The University discovered that some SLU employees provided their account information in response to a sophisticated phishing email scam they received.

A full-scale investigation was started immediately after the University learnt about the incident. Employees who were targeted by the email scam were notified, and their accounts were secured. While about 10 employees had direct deposit information changed, no unauthorized financial transactions occurred.

As it appeared the main target of this scam must have been the direct deposit information of these employees. However, during the investigation, the University learned that the incident also resulted in unauthorized access to about 20 SLU email accounts belonging to approximately 3,000 individuals which contained their personal health information. This was mostly limited to diagnosis, procedure and medical chart information. The email accounts contained about 200 people’s name and Social Security Numbers. At present, there is no evidence to suggest that someone accessed any of the personal information in the emails.

All individuals whose information was in the email accounts affected by the incident are being notified by the University. SLU has also notified law enforcement officials and has engaged the services of a global leader to avoid such incidents in future.

University is providing the affected individuals with one year of free continuous credit monitoring and identity theft protection and restoration. Instructions for signing up for these free services are enclosed in the notification letters.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

CorporateCarOnline: 850,000 clients information at risk

October 4th, 2013 by admin No comments »
limousine

Hackers recently gained control of the database of more than 850,000 clients.

Hackers recently gained control of the database of CorporateCarOnline, a software provider for transportation reservations, exposing credit card data and other personal details of more than 850,000 clients.

The data breach exposed the information of thousands of celebrities and well-known figures that used the service to reserve a limousine or car service in recent years. The firm said the breach was likely the result of a targeted Adobe ColdFusion vulnerability. The breach exposed credit card details and notes left for the chauffeur about the victims’ habits. These are five known victims of the limousine service data breach.

Politicians were among the list of victims of the CorporateCarOnline breach. House Judiciary Committee Chairman Rep. John Conyers booked limo service in 2011 at Indianapolis International Airport. Sen. Mark Udall, chairman of the Senate Armed Services Committee’s Subcommittee on Strategic Forces, was among the victims. He was picked up at Boston’s Logan International Airport in 2009. The breach also included former Sens. Tom Daschle and John Breaux for trips they took in 2010.

Green Bay Packers quarterback Aaron Rogers was among the victims of the CorporateCarOnline hack. The superstar flew into Kalamazoo on a private plane in June 2010, according to the exposed data. Rogers was named Green Bay’s starting quarterback in 2008.

The database exposed the details of celebrity business mogul Donald Trump, who booked car service pickup using CorporateCarOnline for a visit to the Wynn Hotel in February 2007. “Must be new car, clean, and front seat must be clear,” a note associated with his file read. Trump was overseeing construction of his 64-story luxury hotel at the time.

Movie star Tom Hanks was provided transportation courtesy of CorporateCarOnline when he visited Chicago in June to see his son Chet Hanks graduate from Northwestern University.

NBA superstar LeBron James was among the high-profile victims of the CorporateCarOnline breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Laptop Stolen: 3,541 UCSF patients information at risk

October 2nd, 2013 by admin No comments »
UCSF Mission Bay (5815)

A laptop belonging to an employee of UC San Francisco was stolen..

UCSF Medical Center is recognized throughout the world for innovative patient care, advanced technology and pioneering research. It is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care.

A laptop belonging to an employee of UC San Francisco was stolen. Some patients were informed about this laptop theft as the laptop held patient’s personal information.

The security for the protection of health information at UCSF is of utmost importance. UCSF is taking best possible caution and concern, while there is still no evidence that there has been any attempt to access the information.

Letters have been sent informing the 3,541 patients whose information was there in the laptop. The California Department of Public Health and the California Attorney General have been alerted, and federal authorities are also being notified. A special phone line has been installed to address questions from patients who receive the notification letters.

As told by UCSF an unencrypted personal laptop was stolen from the locked vehicle of a UCSF Medical Center employee who works in the Division of Transplantation. When the employee came to know about the theft, he instantly informed San Francisco police, UCSF police and UCSF officials.

To find what information was in the laptop, UCSF immediately began an extensive technical analysis. The analysis revealed that the laptop contained personal and health information of some UCSF patients, including their name and medical record number. Social Security numbers were also involved for a small number of individuals.

Paper documents of 31 patients were also stolen, some of whose information was also on the laptop. Information in the paper documents included patient names, date of birth, medical record number and some health information.

Special phone line has been set up by UCSF to provide additional assistance to all the affected individuals.

UCSF is committed to maintaining the privacy of personal information and takes many precautions to secure that information. In response to the incident, UCSF is working to strengthen educational and operational processes to safeguard patients’ health information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Adobe hack: 2.9 million customer data at risk

September 30th, 2013 by admin No comments »

Image representing Adobe Systems as depicted i...

Adobe hack results in 2.9 million customer data at risk.

As recently discovered by Adobe, it had suffered some sophisticated attacks on its network that lead to theft of 2.9 million customer’s personal information including payment card information and source code for multiple Adobe software products such as ColdFusion, ColdFusion Builder, Adobe Acrobat and some more.

Brad Arkin, chief security officer of Adobe said “Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related”.

Arkin further added “Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident”.

“Over 40 Gigabytes in encrypted archives have been discovered on a hackers’ server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe’s data occurred in early August of this year but it is possible that the breach was ongoing earlier,” Hold Security, the security firm said in a post.

Adobe’s Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the source code theft. “However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products,” he says.

All the Adobe customers who were affected by this data breach incident will be informed and adviced to change their password. Company is also alerting customers whose credit and debit card information was stolen. The news which brings some relief to the company is that the financial information was encrypted.

The company is working on “federal law enforcement” which would help them in investigation process of the hacks.

cybersecurity journalist Brian Kreb wrote on his blog, KrebsonSecurity.com, on Thursday that the two men discovered the code while investigating breaches at Dun & Bradstreet Corp, Altegrity Inc’s AGRTY.UL Kroll Background America Inc and Reed Elsevier’s LexisNexis Inc.

The hacking team’s server contained huge data of code that appeared to be source code for ColdFusion and Adobe Acrobat. Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

145K job applicants affected by Virginia Tech data breach

September 28th, 2013 by admin No comments »
Virginia Tech College of Natural Resources and...

145K job applicants affected by Virginia Tech data breach

Information of about 145,000 job applicants at Virginia Tech was revealed in a data breach by hackers. The mistake led to a cyber attack to compromise a computer server in the university’s human resources department, said Larry Hincker, Virginia Tech spokesman.

Individuals affected by this data breach incident include applicants between 2003 and 2013. The compromised data includes names, addresses, employment and education history. In the case of about 16,650 individuals, the compromised data includes driver’s license numbers.

“Faculty applicants are asked to provide minimal information on the online application, so no employment or education history was on the server. For staff applicants, employment and education history was on the server” a Virginia Tech news release said.

In a statement given by the university, no Social Security Numbers or dates of birth were compromised in the incident. Lawrence Hincker, associate vice president for university relations at Virginia Tech blamed the breach on a process failure.

“The server was placed in service without our normal cyber protection protocols,” thereby allowing illegal access to the data, Hincker said in an email.

The university said that someone illegally accessed the server and the data it contained. In many cases, such data compromises go unnoticed until the breached entity is notified by law enforcement, credit card companies or victims.

Hincker commented “Mitigation in this instance means ensuring that people with responsibility for placing equipment into service follow standard procedures”.

All victims whose driving license numbers were compromised have been notified of the breach, the university said.

Driver’s license numbers and employment data are considered protected financial information, Under Virginia law. Organizations that suffer a breach involving such data are required under state law to issue a public notification.

In recent years, hundreds of universities and millions of data records have been compromised due to what security analysts say are poor security practices. The number of data breaches involving universities and other institutes of higher education does appear to be declining though.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Organisations fear Data Theft from old laptops

September 25th, 2013 by admin No comments »
Desk full of laptop computers

Organisations fear Data Theft from old laptops

It often happens that many companies give or sell their old laptops to the computer firm from which they buy new laptops. The computer firm, such as Dell, then sells them to a firm that refurbishes laptops, which in turn sells them on eBay.

These Companies sometimes do not wipe the data from the laptops and assume that computer firm will wipe the data. But sometimes, the data wiping falls through the cracks.

That is what recently happened to U.K. film maker Glenn Swift, who returned a faulty Acer laptop to Sainsbury, where he initially bought it. Sainsbury told Swift that they needed to return the laptop to the manufacturer to have it fixed.

“But then, six days later, out the blue, I received an email from a gentleman who informed me he had just purchased a second-hand laptop on eBay. It still had my profile on it and he asked for my password to allow him to unlock it. Alarm bells started ringing,” told Swift.

Swift said “It was then I realised just how much information a Windows 8 profile can access. When you first use it you have to set up a profile. If you are an existing user your profile is automatically downloaded to the new computer–apps, settings and passwords, Facebook, Twitter, Yahoo, BlackBerry, Gmail, etc. all your information, accessible in one single place”.

Swift did not give the person the password, but contacted Sainsbury’s, who informed him that they had returned the laptop to the manufacturer for diagnostics. If the manufacturer further sold the laptop, it would first be refurbished and the data wiped, they told him.

There was a different case with Swift, Police had warned him that he was vulnerable to identity theft, so he started changing his passwords.

While Swift’s case involved an individual laptop, similar risks await for organizations that return used laptops to computer firm trusting that the data will be wiped by them.

IT security researcher, Graham Cluley advised “to prevent data from getting into the wrong hands, enterprises should ensure all laptops have hard disk encryption and that a complete erasure of data, including multiple passes across the hard drive, is performed before the used laptop is turned over to a third party”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta