Patient Privacy Violation

February 4th, 2016 by admin No comments »
Patient Privacy Violation

Patient Privacy Violation

According to the reports, a former Wayne Memorial nurse’s aide reportedly accessed 390 individuals’ records. The hospital believe that the data was not used maliciously or inappropriately.

Affected information includes Social Security numbers, diagnoses and insurance information. Patients who may have had their Social Security numbers accessed will be offered a free one-year membership in a credit monitoring service, according to the hospital.

CEO David Hoff mentioned that the employee was terminated, and that the incident had been reported to the police.

“This incident has prompted us to further review all levels of employee access to patient medical records, to enhance our HIPAA training for all employees and to research software programs that might help us better detect unauthorized access,” Hoff explained.

Hoff added that Wayne Memorial “is considering expanding restrictions for particular groups of employees.”

“Wayne Memorial Hospital was one of the first in the region to implement electronic medical records, which help reduce the potential for human error and often accelerate diagnosis and treatment,”said Hoff. “We have been ahead of the technology curve, and I can assure you that we will do all that we can to make sure something like this does not happen again.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Medical Fraud Charges Against Employee

February 2nd, 2016 by admin No comments »

The Louisiana Attorney General’s office mentioned that an individual who worked at a doctor’s office used another individual’s information to get into LHCC’s provider website. According to the reports, an individual was arrested on Medicaid fraud charges. The  stolen information is related to Louisiana Healthcare Connections (LHCC).

Culprit downloaded a list of LHCC members and gave it to another provider who should not have received it. Affected information includes names, Medicaid ID numbers, dates of birth, Medicaid effective dates, phone numbers, addresses, and in some cases, information on how current members’ are with provider visits, the number of emergency room visits, and current medical conditions. Credit card information, financial information and Social Security numbers were not included in the stolen data.

According to the statement, 13,000 Medicaid recipients enrolled in LHCC in the Acadiana region were affected.

Medical Fraud Charges Against Employee

Medical Fraud Charges Against Employee

“We appreciate the efforts of the Attorney General and local law enforcement to bring those responsible to justice,” LHCC said. “We regret any concern or inconvenience this incident may have caused and are dedicated to protecting our members’ health information. We are also reviewing existing information security protocols and taking steps to prevent this type of event from happening in the future.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Credential Misuse and Data Breach

January 24th, 2016 by admin No comments »

Brigham and Womens Faulkner Hospitals (Brigham) experienced data breach when an unauthorized user obtained an employees network credentials.

According to the reports, the credentials were used to access an employees email account.

Affected information includes full names, dates of birth, medical record numbers, provider name, dates of service, and some clinical information, such as diagnoses and treatments received. However, health insurance information, health insurance numbers, or other financial or account information were not included.

The incident caused data breach to approximately 1,000 individuals as per OCR data breach

Credential Misuse and Data Breach

Credential Misuse and Data Breach

reporting tool. Brighams patients and patient electronic medical records system were not affected. Only discrete information contained in the single compromised email account was potentially affected.

As per the statement:

We are committed to the security of the sensitive information we maintain and are taking this matter very seriously,Brigham explained in its notification letter. To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.

Although to date, we have no evidence that any patient information contained in the emails has been misused, as a precaution we began mailing letters to affected individuals on January 11, 2016, and we have established a dedicated call center to answer any questions they may have. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Affects 950K Patients

January 22nd, 2016 by admin No comments »

Centene Corporation recently experienced a potential healthcare data breach when its hard drives went missing. The incident may have affected approximately 950,000 individuals. Breached information includes names, addresses, dates of birth, Social Security numbers, member ID numbers and health information. However, financial or payment information were not on the hard drives.

Centene is conducting search for six missing hard drives after it found out that the hard drives were unaccounted for in its inventory of IT assets. It did not mention the hard drives encryption status. The data of the individuals who have received laboratory services from 2009-2015 may be present on the drives.

“Centene takes the privacy and security of our members’ information seriously,” Centene Chairman, President and CEO Michael F. Neidorff said in a statement. “While we don’t believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives. The drives were a part of a data project using laboratory results to improve the health outcomes of our members.”

According to the statement, potentially affected individuals will be receiving data breach

Data Breach Affects 950K Patients

Data Breach Affects 950K Patients

notification letters and will also be offered free credit and healthcare monitoring. Also, corporation is in the process of reinforcing and reviewing its procedures related to managing its IT assets.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Unauthorized user access and data breach

January 20th, 2016 by admin No comments »

Blue Shield of California recently suffered potential data breach when one of its vendors recently became aware of an unauthorized user access to its data systems. Potentially affected information includes names, addresses, dates of birth, and Social Security numbers.

Unauthorized user access and data breach

Unauthorized user access and data breach

As per OCR data breach output, 20,764 individuals were possibly affected.

No Blue Shield data systems were impacted. Misused log-in credentials for certain Blue Shield customer service representatives have resulted in to the incident.

“We are working internally and with our vendor to improve our overall security procedures in order to provide additional protections for your personal information,” explained the notification letter signed by Blue Shield Chief Privacy Officer Molly McCoy Esq., CIPP/US.

According to the Molly McCoy:

I’m writing to provide you information on the steps we are taking to protect you and your information moving forward.

In addition, and to help protect your identity, we are offering a complimentary one year membership in Experian’s® ProtectMyID® Alert. While we have no indication that specific personal information about you has been misused, this product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft.

Once your enrollment in ProtectMyID is complete, you should carefully review your credit report for inaccurate or suspicious items. If you have any questions about ProtectMyID, need help understanding something on your credit report, or suspect that an item on your credit report may be fraudulent, please contact Experian’s customer care team. 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop theft leads to Data Breach

January 18th, 2016 by admin No comments »

Montana-based New West Health Services d/b/a New West Medicare recently suffered potential healthcare data breach following a laptop theft.

New West announcement did not specify how many individuals were potentially affected by the incident. According to the OCR data breach reporting tool, the impacted count stands at 28,209.

New West in a statement explained that the password-protected laptop was stolen from an off-site location. It contained information on past and present New West customers.

Affected information includes customers’ names, addresses, and in some cases driver’s license numbers and Social Security numbers

Laptop theft leads to Data Breach

Laptop theft leads to Data Breach

or Medicare claim numbers. Limited information related to some individuals’ Medicare premium payments, including electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and CVV (Card Verification Value) number) may also have been on the laptop.

New West mentioned that the information has not been used inappropriately. It is offering one year of complimentary credit monitoring to affected individuals. New West is also taking steps to prevent this type of incident from occurring in the future. It is installing additional security on company laptops, increasing employee education, and strengthening data security policies.

According to the statement:

The privacy and security of members’information is a top priority. Moving forward, we are committed to taking steps to prevent this type of incident from occurring in the future. These steps include installing additional security on all company laptops, enhancing education for our employees, and strengthening our data security policies and practices. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Thumb Drive and Data Breach

January 16th, 2016 by admin No comments »
Thumb Drive and Data Breach

Thumb Drive and Data Breach

St. Luke’s Cornwall Hospital (SLCH) suffered a potential healthcare data breach after a USB thumb drive was stolen from its facility. Potentially affected information includes patient names, medical record numbers, dates of service, types of imaging service received, and “administrative–type information used for internal business purposes.”

SLCH conducted internal investigation. It found out that the thumb drive “appears to have included a file” that held certain patient information on it. Social Security numbers and electronic medical records were not included.

“SLCH values the privacy and security of its patients’ information and is taking steps to prevent this type of event from happening in the future, including requiring password and encryption protection for all of its USB thumb drives, and the implementation of new systems that do not require the use of thumb drives or other mobile media devices,” SLCH explained.

SLCH did not list how many individuals were affected. According to the OCR data breach reporting tool, 29,156 individuals as being affected.

Many other data breaches occur due to missing storage drives.  Advantage of encrypting storage drive includes -

  • Controls how these device are used
  • Enforces encryption policies on all data transfer
  • Limits the data to be transferred
  • Prevents Data Leakage
  • Provides flexibility as per the usage and working environment

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

A missing storage device and data breach

January 14th, 2016 by admin No comments »
A missing storage device and data breach

A missing storage device and data breach

IU Health Arnett suffered data breach due to missing storage device. The incident potentially affected nearly 30,000 individuals. The device was unencrypted which went missing from its emergency department.

The hospital has yet to find the device. Facility mentioned that they are continuing their search for the device. They also said that there is currently no reason to believe that the information stored on it has been misused.

According to the reports, the device contained spreadsheets with limited health information belonging to emergency department patients. NPRs Chris Morisse Viza reports that those spreadsheets accounted for approximately 30,000 IU patients.

Affected information included patient names, dates of birth, ages, home telephone numbers, medical record numbers, dates of services, diagnoses, and treating physicians. These spreadsheets did not contain any Social Security numbers, financial information, or medical records.

IU Health Arnett maintains that patient privacy is one of its largest concerns. It also mentioned that they will be reassessing security procedures to ensure that incidents such as this do not occur in the future.

IU Health Arnett takes very seriously its obligation to maintain patient information secure, and we appreciate the trust our patients place in us,the hospital explained in a press release. We are taking steps to enhance the protection of portable storage devices and are reviewing policies and procedures to minimize the chance of such an incident occurring in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach at Washington Hospital Healthcare

January 12th, 2016 by admin No comments »
Data breach at Washington Hospital Healthcare

Data breach at Washington Hospital Healthcare

Washington Township Health Care District (the District) mentioned that unauthorized access of a computer associated with the Washington Community Health Resource Library may have resulted in data breach. According to a Washington Hospital statement signed by Washington Hospital Healthcare Systems Chief of Compliance Kristin Ferguson, MSN, MHA, BS, RN CHC, the device in question is used to maintain library identification cards.

Upon learning this, we immediately initiated a comprehensive internal review to determine what information may have been accessed,Ferguson explains. We also retained an outside computer forensic firm to assist in our investigation. That investigation is now complete.

Affected information includes individualsnames, addresses, and drivers license numbers. However, Social Security numbers and health information were not affected. As per the healthcare statement, there is no reason to believe that the information was used inappropriately. The affected computer was not connected to the Districts network.

Potentially affected individuals are provided with a complimentary, one-year membership to identify protection services.

To help prevent something like this from happening in the future, we are taking additional steps to strengthen and enhance the security of information on our network, including conducting a comprehensive review of our information security policies and procedures,the letter explained.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach at New Mexico Department of Health

January 10th, 2016 by admin No comments »

The New Mexico Department of Health reported that an employee’s laptop was stolen from the employee’s vehicle. The incident potentially compromised patient PHI.

According to the reports, the vehicle was parked at St. Joseph on the Rio Grande Church, where several other burglaries took place that same day. Affected information includes patient first and last names, dates of birth, facility unit and medications. In some cases, diagnosis data may have been exposed.

“The laptop and certain files were password

Data breach at New Mexico Department of Health

Data breach at New Mexico Department of Health

protected,” the department explained. “The Department of Health has no evidence indicating that any individual’s protected health information has been accessed or utilized.”

Department mentioned that patients who may have been affected would have visited the New Mexico Behavioral Health Institute in Las Vegas, New Mexico between June of 1997 and September of 2013 or the Sequoyah Adolescent Treatment Center in Albuquerque between 2013 and 2015.

Around 561 individuals are affected by the incident. According to the statement:

  • The Department of Health has established a call center with ID Experts to answer questions and help the affected individuals enroll in the no-cost credit monitoring.
  • The Department has notified individuals impacted in writing and has set up a year’s worth of no cost credit monitoring.
  • The Department of Health has no evidence indicating that any individual’s protected health information has been accessed or utilized.
  • The Department of Health is working with law enforcement, but at this time, the laptop has not been recovered.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Employee sent files to personal email

January 8th, 2016 by admin No comments »

California-based child welfare agency Hillsides suffered data breach when an employee sent internal files to a personal email address. Facility notified certain individuals that they may have been the victims of a PHI data breach after the incident.

Hillsides mentioned that the employee sent unencrypted files to his own personal email address on five separate occasions. Affected information included names, Social Security numbers

Employee sent files to personal email

Employee sent files to personal email

, home address and phone numbers for 468 members of Hillsides staff. The files also included names, dates of birth, gender, medical identification numbers, therapist names, and rehabilitative therapists’ names for 502 Hillsides clients.

“We sincerely apologize for the inconvenience and concern these incidents may have caused to our staff and clients, whose privacy is very important to us,“ Hillsides CEO Joseph M. Costa said in a statement. “We will continue to investigate the incident, to reduce harm to potentially affected individuals, and to protect against future similar occurrences.”

Employee was terminated from his position upon discovery of the incident. Hillside believes that there has been no evidence of misuse of information. But it has been unable to recover the files from the email account or verify if the files have been deleted.

Hillsides is strengthening its safety measures to avoid such incidents.

“The agency is working with its legal counsel to ensure all appropriate steps and notifications are being followed,”the agency said in its statement. “They are also implementing an employee re-training program to reduce the risk of future occurrences and improve its internal security awareness procedures.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Incorrect attachment sent out in a mass email

January 6th, 2016 by admin No comments »

The dermatology office of Dr. Mary Ruth Buchness, PC suffered data breach when an email was sent to certain patients which included a spreadsheet with patient demographic information. The email was sent out to take a survey.

Incorrect attachment sent out in a mass email

Incorrect attachment sent out in a mass email

Affected information included names, Social Security numbers, dates of birth, gender, dates of last service and next appointment, telephone numbers, addresses, email addresses, marital status, head of household, employer/occupation and race/ethnicity.

Around 14,000 patients were recently notified about the incident.

As soon as the error was discovered we notified our network administrator, who immediately shut down our email server in order to minimize the number of recipients who received the incorrect attachment,Buchness said in her notification letter. Nevertheless, although we have not yet determined the exact number of recipients, it appears that approximately one hundred thirty emails were sent.

Buchness added that of the 130 emails sent, 60 were successfully delivered and received. Notification letter failed to specify number of affected individuals. But the OCR data breach reporting database listed the number at 14,910.

A privacy and security consultant has been hired to help prevent future data breaches, Buchness stated, and will also help with implementing additional technical safeguards to prevent sending protected health information unintentionally through our e-mail system.

Office is providing additional HIPAA training to the employees. Also, there is temporary ban on sending emails to multiple recipients until the necessary procedures are followed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Passwords and Future

January 4th, 2016 by admin No comments »
Passwords and Future

Passwords and Future

The survey conducted by SecureAuth and Wakefield Research found below -

  • Eighty Five percent of respondents say employees frequently contact the help desk regarding forgotten passwords
  • Thirty Seven percent say employees do so “all the time”
  • Ninety Seven percent of respondents believe new authentication techniques such as fingerprint scans or two-factor authentication are reliable
  • Eight One percent feel that those authentication methods are prohibitively challenging to implement because they require the latest technology and software.
  • Sixty six percent of respondent already leverage authentication methods beyond passwords
  • Fifty Nine percent of respondents said their company experienced a data breach in the previous 12 months
  • Ninety Five percent said they expect their company to increase security spending in the coming year
  • Eight-seven percent of cyber professionals say their company is frequently forced to choose between user experience and improved security, though 62 percent of respondents acknowledged that managing the consequences of data breaches costs their companies more than protecting against them.

“This survey very clearly indicates there is an appetite for multi-factor authentication solutions beyond the traditional password,” SecureAuth CEO Craig Lund said in a statement. “Advances in adaptive authentication have brought to market a number of options that help users stay both secure and productive by layering multiple methods, such as device recognition, analysis of the physical location of the user, or even by using behavioral biometrics to continually verify the true identity of the end user.”

“Integrating these types of solutions may take a little time, and a redirection of budget — but I’m hard-pressed to think of a worthwhile cybersecurity endeavor that doesn’t,” Lund added. “In this day and age, proactivity is much more important than reactivity.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Human behaviour and Security Threat

January 2nd, 2016 by admin No comments »

In-depth interviews were conducted with 28 corporate security officials. According to the survey,  93 percent of respondents said human behavior presents the biggest threat to their organizations’ security.

“Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices,” was written by Ari Kaplan Advisors and sponsored by Nuix.

The report states that -

  •   Seventy-one percent of respondents said their organization has an insider threat program policy
  •   Fourteen percent said they allocate 40 percent or more of their budget to insider threats
  •   Ninety three percent of respondents said they were able to identify their critical value data
  •   Sixty nine percent said they knew what people did with that data after accessing it
  •   Ninety percent have designated a senior official to provide oversight
  •   Seventy percent offer their employees training to minimize risk

“There’s been a shift in allocation toward looking internally, rather than at the perimeter,” one respondent said.

“We’re seeing a lot more hands-on training, employee monitoring, and testing to address the issue,” report author Ari Kaplan said in a statement.

According to other survey conducted by Cybrary of 435 senior level technology professionals, 68 percent of respondents believes that there’s a global shortage of skilled cyber security professionals.

  • Eighty percent of respondents said they always or sometimes have trouble recruiting skilled cyber security professionals
  • Forty Seven percent of respondents said their company plans to hire between one and 10 cyber security
    Human behaviour and Security Threat

    Human behaviour and Security Threat

    employees in 2016

“Companies with pressing cyber security needs are finding that there’s a major lack of qualified professionals to fill their positions, which makes them vulnerable to cyber attacks,” Cybrary co-founder Ryan Corey said in a statement.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Hyatt Hotels suffers data breach

December 24th, 2015 by admin No comments »

Hyatt Hotels detected malware on the computer system. According to the reports, the system used to process payments for its hotels. The report didn’t mention the extent of damage done by the breach.

Hyatt Hotels suffers data breach

Hyatt Hotels suffers data breach

The actual number of customer data actually stolen, the time of malware presence on the system and number of affected properties are not known. Company’s operates 627 facilities in 52 countries.

Brands operated by the Hyatt Hotels Corporation include Hyatt, Park Hyatt, Andaz, Grand Hyatt, Hyatt Centric, Hyatt Regency, Hyatt Place, Hyatt House, Hyatt Zilara, Hyatt Ziva, Hyatt Residences and Hyatt Residence Club.

“As soon as we discovered the activity, we launched an investigation and engaged leading third-party cyber security experts,” Hyatt global president of operations Chuck Floyd said in a statement.

“We have taken steps to strengthen the security of our systems, and customers can feel confident using payment cards at Hyatt hotels worldwide,” Floyd added.

All Hyatt customers are being encouraged to review their payment card accounts.

“Hotel chains are prime targets for hackers since they store and process a treasure trove of sensitive customer data,” IDT911 chairman and founder Adam Levin told eSecurity Planet by email. “Consumers should immediately check their accounts for any suspicious activity and sign up with their bank, credit union, or credit card company for transactional monitoring so that they are notified any time there is activity in their credit or bank accounts.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hello Kitty Data Breach

December 22nd, 2015 by admin No comments »

The online community for Hello Kitty, Badtz-Maru, My Melody and other Sanrio characters, was recently exposed online through database from SanrioTown, According to the reports, the database, which was discovered by researcher Chris Vickery, held 3.3 million accounts and included full names, birth dates, genders, countries of origin, email addresses, unsalted SHA-1 password hashes, and password hint questions and answers. The database included information on 186,261 people under the age of 18.

Users of hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th and mymelody.com are also affected. Vickery said the data was

Hello Kitty Data Breach

Hello Kitty Data Breach

n’t exposed by hackers, but via a misconfigured MongoDB installation.

“We are conducting an internal investigation and security review into this incident; at this time we have no indication that users’ personal information was stolen by malicious parties,” Sanrio said in a statement published on December 22, 2015.

All users are being requested to change their passwords.

“Given that many organizations have not adjusted their cyber security stance to take into account today’s multi-level attacks, the Hello Kitty breach highlights yet again that organizations should be focusing on making sure sensitive data remains protected – and leveraging strong encryption with access control is critical to achieving this,” Vormetric CSO Sol Cates told eSecurity Planet by email.

“This is yet another case of an organization that has failed to put in place these security controls,” Cates added. “Protecting data and passwords using ‘hashing’ techniques is simply not enough.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Wis. Clinic suffers data breach

December 20th, 2015 by admin No comments »

A Wisconsin counseling center sent data breach notification to affected individuals. The data breach incident may have exposed mental health records for approximately 500 individuals.

According to the reports, data breach

Wis. Clinic suffers data breach

Wis. Clinic suffers data breach

at Wisconsin counseling center may have included mental health records. The incident was the result of stolen laptop. Fox River Counseling Center had an “unsecured laptop” stolen. Outpatient mental health records of clients were reportedly on the computer. Wisconsin Disability Determination Bureau psychological evaluations were also included on the device.

Clinic psychologist Dr. Scott Trippe mentioned that client names, addresses, dates of birth, Social Security numbers, medical histories, mental status interviews, results of psychological testing, diagnoses and statements of work capacity were all included on the laptop.

The Wisconsin center did not specify how the computer was unsecured. It mentioned that it was an older model and has not yet been recovered. Since the incident the center reported that it “upgraded security, including encryption software.

Fox River Counseling Center reported the burglary to the Oshkosh Police Department. Laptop is still missing. A police spokesman did not immediately respond to a request from for information about the status of the investigation.

According to the statement:

For more information about identity theft, visit the website for Wisconsin’s Office of Privacy Protection at privacy.wi.gov.

Anyone who thinks their information might have been compromised may call one of the three major credit bureaus to put a fraud alert on their credit report. 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Medical records found on the Street

December 18th, 2015 by admin No comments »

Florida-based Radiology Regional Center suffered data breach when its Medical records were found scattered on the street.

Chief Operating Officer Brad Reid explained that the records were at least 10 years old. Affected information present on the documents reportedly included financial accounting statements, old phone bills, invoices and front desk registration information.

“Even if it’s just your name, people can get a lot of info about you, because of the way the computer age is nowadays,” he said.

Reid added that the documents were supposed to be transported to the

Medical records found on Street

Medical records found on Street

city incinerator. It was likely they fell from the back of the truck.

“Apparently they picked up that shipment container, I’m assuming sometime early this morning, and along the way they didn’t check the back doors on it,” Reid said.

The container used to transport documents for disposal is supposed to be double-locked, he explained, adding that Radiology Regional has a contract with the city to handle such disposals.

Radiology Regional is reaching potentially affected individuals, but it failed to mention the number of affected individuals.

A county spokeswoman says they are aware of the situation, and in a statement said, “standard operating procedures were followed. in light of this incident, solid waste staff will be reviewing its operating procedures.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Employee Theft and Data Breach

December 16th, 2015 by admin No comments »

Oregon-based Northwest Primary Care (NWPC) sent data breach notification to approximately 5,300 patients. As per the report, personal information was inappropriately accessed by a former employee. Former NWPC employee stole patient names, dates of birth, Social Security numbers, and credit card numbers.

“Northwest Primary Care will not tolerate any violation of our patients’ privacy,” NWPC Administrator Michael Whitbeck said in the press release.  “The former employee in connection to this violation deliberately and criminally chose to violate established clinic policies, the trust of our patients and the law.  We deeply regret that this crime has occurred and for any burden that this incident may cause.

Whitbeck added that this type of data security breach

Employee Theft and Data Breach

Employee Theft and Data Breach

“is unacceptable,” and that NWPC will support the law enforcement investigation into the incident.

The organization mentioned that additional changes will be made to NWPC’s approach to security. It will expand its technology monitoring capabilities and employee training. Specifically, employee training “on safeguarding and accessing patient records to further bolster privacy safeguards.” Moreover, technical precautions will also be added, in an effort to better ensure patient privacy.

As per the statement:

NWPC is an Oregon Family Practice medical clinic that serves the Milwaukie, Clackamas, Sellwood, and Oregon City area. The practice performs reference checks on all employees.  Additional background checks are performed for highly sensitive positions, including positions with access to financial data. NWPC has comprehensive policies and procedures, as well as a Code of Conduct, which prohibit employees from accessing patient records when there is not a work-related reason to do so.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Centegra Health System Data Breach

December 14th, 2015 by admin No comments »

Centegra Health System sent data breach notification to 2,929 patients. According to the reports, mailing error may have exposed some of their personal information.

Medical bills detailing “limited” personal information of 3,000 Centegra Health System patients recently were sent to the wrong addresses because of a mail room error at a third-party contractor, a Centegra spokeswoman said.

At the vendor MedAssets, automatic mail filing equipment was accidentally changed.

Centegra Health System Data Breach

Centegra Health System Data Breach

This led to two Centegra billing statements to be put in one envelope.

“Centegra Health System and MedAssets apologize for this error and are committed to fully protecting patient privacy,” Green said. “Centegra is working closely with MedAssets to ensure it has taken every step necessary to address the incident.”

Affected information included patient names, addresses, account numbers, original account balance, third-party payment, billing discounts and adjustments, and the amount owed. Hospital service dates, a summary of services provided and related charges were also included.

Green mentioned that even though 6,000 Centegra patients were affected by the error, half received two billing statements – One for  their own hospital service and the second for detailed another patient’s service.

There is no reason to believe that the exposed information was inappropriately used, she said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Security Tech Procurement Tips

December 12th, 2015 by admin No comments »

Ricardo Lafosse, CISO for Cook County, Ill said that procuring enterprise security

Security Tech Procurement Tips

Security Tech Procurement Tips

technology is an involved process that requires numerous steps to ensure it goes smoothly. He also offered below tips for CISOs.

Ask Yourself Why

Lafosse  mentioned that before purchase, identify why you need the technology and how you came to that conclusion.

“You always want to buy the shiny new toy,” he said. “They look cool, but you don’t just go out and buy it.”

Ask Peers

“What’s really key are your peers,” he said. “I cannot stress this enough. Everyone deals with these [security] issues. In the Chicago area, we have a lot of great resources. We have our CISO group and a multi-state group. It is key to be a part of it because you can bounce ideas off everyone in an informal process. You get that actual first-hand experience from your peers.”

Analysis

Start with a needs analysis before going out to the market, Lafosse said.

Consider Staff, Integration Requirements

Ensure that the new technology provides a good operational fit, he said.

Budget

“Unfortunately, we have a lot of examples,” he said. “Use those to your benefit as much as you can from a budgetary perspective. Demonstrate operational efficiency when looking for a new product. For example, if you are going to implement product X, you will reduce the help desk time to re-mediate by 20 percent. Having those rough numbers goes a long way.”

Business Case

“Re-emphasize why you are making this purchase,” he added. “For us, we used the figure from Ponemon of $154 per breach. The network access control was also going to allow people to self-service.”

The self-service capability was critical because Lafosse has only three people in his department.

“One of the key attributes for any new procurement is automation,” he said. “The security controls need to share information with each other. The more automation, the easier us for us to protect our network.”

Guidelines

“Be candid with vendors. If you don’t like the solution, tell them,” Lafosse said. “Don’t waste your time, don’t waste their time. Offer clear-cut guidelines. It’s not fair if you don’t set rules of engagement upfront. If you are seeing everything move south, let the vendor  know right away.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Five Tips for Stronger Encryption

December 10th, 2015 by admin No comments »

The recent example of NSA whistle-blower Edward Snowden’s revelations has put security of many encryption

Five Tips for Stronger Encryption

Five Tips for Stronger Encryption

products into doubt.

Please find the below methods to safeguard your data.

Encryption Ciphers

Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says that organizations should stop using older encryption algorithms like the deprecated DES (Data Encryption Standard), and even its relative Triple DES, which is simply DES applied three times to each data block.

“In the last 30 years, no one can prove that the NSA did more than influence minor changes in their development. The bottom line is that in most cases the NSA appears to have actually improved the math.”

Longest Encryption Keys

Use the maximum key lengths possible to make it difficult for those who don’t have access to a back door to crack your encryption. “Today AES 128 is strong, but I say go to 512 or the highest key strength you can implement using what you have today,” Former says.

External Factors

External factors over which companies have very little control can compromise the security of encryption systems.

Encrypt in Layers

“I say if there is a way to encrypt, then encrypt. That means in your database encrypt each field, each table, then the whole database. You have to make it so hard for an attacker that it is not worth the effort,” he advises.

Encryption Keys

“If you can implement an encryption system where you control the keys to the data stored in the cloud, then that is going to be much more secure,” says Dave Frymier, chief security officer at IT services company Unisys. Devices such as cloud encryption gateways that handle the encryption to and from the cloud automatically can help companies achieve this sort of security.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI Sharing and Cloud Security

December 8th, 2015 by admin No comments »

CloudLock investigated a total of eight IT security industries and numerous case studies. It found out that personally identifiable information (PII) and a surplus of data sharing are vital concerns to the industry.

  • Around 72 percent of practices concentrate most heavily on preventing excessive sharing in the cloud
  • Around 38 percent of organizations concentrate on protecting PII
  • Other concerns for organizations include diagnosis, financial information, medical condition, Social Security number, and diagnosis.

CloudLock suggested below steps to further secure the information.

  1. Organizations should monitor and identify cybersecurity issues, taking care in selecting who is in charge of these tasks.
  2. Organizations should intervene on potential hacks immediately. Following remediation efforts, healthcare organizations should reeducate their users. According to CloudLock, reeducation is key in ensuring adverse cyber security
    PHI Sharing and Cloud Security

    PHI Sharing and Cloud Security

    events do not occur in the future.

  3. Organizations should schedule routine checkups to ensure security efforts are continuing smoothly. During these checkups, IT workers should readjust certain strategies and fine tune cyber security efforts.

“Healthcare organizations take special care in assessing the compliance controls of cloud services, but employees can also introduce cloud services into the workplace, creating ‘shadow IT,’ which are services not known by the IT department,” the report’s authors explained.

According to another study conducted by Netskope, healthcare industry has the highest rate of cloud data loss prevention violations of any other tested industry.

“By better understanding where and how policy violations commonly occur, enterprises have a detailed picture of cloud app ecosystems and their respective industries to better mitigate risk,”said Netskope CEO and co-founder Sanjay Beri.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

MaineGeneral Health suffers data breach

December 6th, 2015 by admin No comments »

MaineGeneral Health suffered healthcare data breach recently. It is now sending notification letters to individuals who fell victim to the cyberattack.FBI notified that much of MaineGeneral Health data was on a website not affiliated with the system.

MaineGeneral and a third-party forensics team found that personal information had been breached for patients who were referred by a treating physician to radiology. Some MaineGeneral employee information was also breached along with personal information for potential donors.

Affected information includes names, addresses, and telephone numbers. MaineGeneral confirmed that no Social Security numbers, patient medical or health information, health records, driver’s license numbers, or financial information had been disclosed.

Data breach

MaineGeneral Health suffers data breach

MaineGeneral Health suffers data breach

could include patients at all of MaineGeneral’s subsidiary clinics, including MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care, MaineGeneral Retirement Community, and MaineGeneral Community Care.

Fraud Prevention Tips

MaineGeneral encourages everyone to remain vigilant against incidents of identity theft, especially this time of year. 

  • Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers.  If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.
  • Contacting the IRS at www.irs.gov to request a PIN to file your taxes, so that no one can use your information to submit a fraudulent tax return. The IRS will begin offering PINs in mid-January 2016.

Ordering and monitoring your credit reports for suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

UCHealth and Data Breach

December 4th, 2015 by admin No comments »

UCHealth, Colorado is notifying approximately 800 patients of an internal healthcare data breach. According to the reports, an employee inappropriately accessed electronic patient files. The incident was discovered during one of the hospitals precautionary HIPAA audits.

The auditors discovered the breach and determined that the employee was accessing electronic patient records out of personal curiosity. There is no reason to believe that the employee has shared the accessed information with anyone else.

Affected information includes patient names, addresses, phone numbers, dates of birth, insurance information, and descriptions of care and treatment plans received during visits. The employee did not access Social Security numbers

UCHealth and Data Breach

UCHealth and Data Breach

or other financial and billing information.

According to the statement:

UCHealth takes its obligations to protect healthcare information very seriously. This staff members employment with UCHealth has been terminated. Re-training has been given to all employees to re-emphasize that staff can only view health records of patients for whom they are actively providing care.  All employees also will continue to receive annual training on how to properly access healthcare information.

About UCHealth

UCHealth is a Front Range health system that delivers the highest quality patient care with the highest quality patient experience.  UCHealth combines Memorial Hospital, Poudre Valley Hospital, Medical Center of the Rockies, Colorado Health Medical Group, and University of Colorado Hospital into an organization dedicated to health and providing unmatched patient care in the Rocky Mountain West.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Cottage Healthcare Data Breach

December 2nd, 2015 by admin No comments »

Cottage Health in California suffered data breach which affected nearly 11,000 patients. Outside IT security contractor found out the breach while testing the providers data systems. The contractor has since shut down the server. Potentially affected information includes patient names, addresses, Social Security numbers, and health information such as diagnosis or procedure. No other financial or billing information was included in the breach.

Affected Individuals include those receiving care at Goleta Valley Cottage Hospital, Santa Barbara Cottage Hospital, and Santa Ynez Valley Cottage Hospital. Hospital has also offered those individuals a free, one-year subscription to a credit monitoring service.

Individuals are advised to put a fraud alert on their credit files due to the fact that Social Security numbers had been compromised.

Cottage Health mentioned that receiving a data breach

Cottage Healthcare Data Breach

Cottage Healthcare Data Breach

notification letter does not necessarily mean that an individual has been the victim of identity theft. Hospital believes  that it has no reason to believe that the information has been misused.

As per the statement:

Identity Protection and Credit Monitoring Services

For the individuals potentially impacted, we are offering identity theft protection services through ID Experts to provide FraudStopPHI Edition at no cost. ID Experts holds the American Hospital Association’s exclusive endorsement for breach response services. The provided services include:

12 months of recovery services

Healthcare Identity Protection Toolkit

Exclusive educational materials, and

Access to fraud resolution representatives.

How to Detect Identity Theft

According to the FTC, the best way to detect identity theft is to monitor your accounts and bank statements each month, and check your credit report on a regular basis.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Lahey Hospital Agrees to HIPAA Settlement

November 27th, 2015 by admin No comments »

Lahey Clinic Hospital, Inc. (Lahey) agreed to an OCR HIPAA settlement resulted due to an incident where an unencrypted laptop was stolen. It potentially compromised the PHI of 599 individuals. The settlement costs Lahey Hospital $850,000 and must also enter into a Corrective Action Plan (CAP), which includes “a comprehensive, organization-wide risk analysis of the security risks and vulnerabilities to the ePHI created, received, maintained or transmitted by Lahey.”

The device was taken from an unlocked treatment room “off of the inner corridor” in the hospital’s radiology department.The OCR investigation found that Lahey failed to implement the necessary physical safeguards for a workstation that houses ePHI, and that it “failed to conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of its ePHI as part of its security management process.”

OCR also mentioned the following results from its investigation:

Lahey Hospital Agrees to HIPAA Settlement

Lahey Hospital Agrees to HIPAA Settlement

  • With respect to the workstation, Lahey failed to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI into and out of its facility, and the movement of these items within its facility
  • Lahey failed to assign a unique user name for identifying and tracking user identity with respect to the aforementioned workstation
  • Lahey did not implement a mechanism to record and examine activity on the workstation at issue in this breach
  • Lahey impermissibly disclosed the ePHI of 599 individuals for a purpose not permitted by the Privacy Rule
  • Lahey must also provide proper training to workforce members who access ePHI, ensuring that they are aware of all policy and procedures in place to keep it safe.
  • Lahey must also keep a record of the “receipt, removal, and disposition of hardware and electronic media that maintain ePHI into and out of” the hospital, as well as the movements within the facility.
  • Lay should develop a risk management plan to address and mitigate any security risks and vulnerabilities following the risk analysis.The risk analysis report must be sent to HHS within 270 days of Lahey being asked to send it, OCR writes.

“Upon receiving HHS’s notice of required revisions, if any, Lahey shall have ninety (90) days to revise the risk analysis and risk management plan accordingly and forward to HHS for review and approval,” the settlement reads.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Faxing Error and Data Breach

November 24th, 2015 by admin No comments »

Quest Diagnostics suffered data breach due to improper fax number input. The incident resulted into class-action lawsuit following a fax-related healthcare data breach.

According to the reports, several hundreds of health files were allegedly sent to a New York-based marketing firm rather than to Quest for approximately one year. Human error caused the breach in which individuals from several providers incorrectly provided Quest’s fax number, thus inadvertently sending the medical files to the marketing firm APS Marketing Group.

This healthcare data breach came to light when a representative from APS Marketing Group, Gabby Klotzman, reported it to the I-Team at NBC News. Affected information included patient names, phone numbers, dates of birth, and in some cases, Social Security numbers.

Klotzman reportedly contacted Quest Diagnostics immediately, to which the healthcare company explained it would remedy the issue and contact potentially affected individuals.

However, the faxes allegedly continued to come, prompting Klotzman to contact the Department of Health and Human Services (HHS), but to no avail.

After several months of receiving these medical files via fax, Klotzman contacted NBC’s I-Team, who contacted a handful of the individuals whose medical records had been compromised.

Upon those follow-ups, Quest explained that it did not know the magnitude of the health data breach. According to Quest, it has added a revised fax number to account for any practices who may have input the original number incorrectly.

Newman Ferrara LLP announced a class-action lawsuit against Quest due to its reportedly inadequate handling of the situation.

“That Quest was on notice of this massive data breach for perhaps a year or more, and yet failed to take any responsible or required action, amounts to an egregious dereliction of duty,” stated firm partner Jeffrey Norton in the press release. “Through this lawsuit, we intend to make sure something like this does not occur again.”

The plaintiffs allege that Quest did not take adequate action to prevent the health data breach

Faxing Error and Data Breach

Faxing Error and Data Breach

.

“Although Quest was alerted early on to the breach, the company did nothing to prevent the continued transmissions, failed to alert medical providers and patients, and failed to report the breach to authorities. As a result, the personal and sensitive medical information of hundreds of patients was disclosed to unauthorized third-parties, putting their security and privacy at great risk,” the press release explains.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Starwood Hotels & Resorts cyber attack

November 20th, 2015 by admin No comments »

Starwood Hotels & Resorts suffered data breach when undisclosed amount of customer payment card data may have been accessed. The incident happened when the point of sale systems at 54 of its hotels in North America were infected with malware.

“Promptly after discovering the issue, Starwood engaged third-party forensic exper

Starwood Hotels & Resorts cyber attack

Starwood Hotels & Resorts cyber attack

ts to conduct an extensive investigation to determine the facts,” the company said in a statement. “Based on the investigation, malware was detected that affected certain restaurants, gift shops and other point of sale systems at the relevant Starwood properties.”

“The affected hotels have taken steps to secure customer payment card information and the malware no longer presents a threat to customers using payment cards at Starwood hotels,” the company added.

Affected data collected by the malware includes cardholder names, payment card numbers, security codes and expiration dates.

“Quickly after we became aware of the possible issue, we took prompt action to determine the facts,” Sergio Rivera, Starwood President, The Americas, said in a statement. “We have been working closely with law enforcement authorities and have been coordinating our efforts with the payment card organizations. We want to assure our customers that we have implemented additional security measures to help prevent this type of crime from reoccurring.”

According to the reports, all those affected are being offered one year of free access to identity protection and credit monitoring services from AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Android vs iPhone Security

November 18th, 2015 by admin No comments »
Android vs iPhone Security

Android vs iPhone Security

Apple/iOS

Pros of Apple’s iOS include the fact that it is proprietary, closed-source and more secure “by fault” with a single user per device,” said Jason Van Zanten, information security lead at JAMF Software. “The Apple App Store is tightly controlled, and the global partnership between Apple and IBM (IBM MobileFirst for iOS) empowers enterprise users.”

Jason also mentioned that Apple Push Notification service (APNs) for mobile device management, configuration profiles with device settings, app distribution, and remote management commands (lock, wipe, etc.) helps for security.

But some are cautious with above approach.

“While Apples approach is often seen as stronger in terms of security by providing a managed and controlled transaction environment, no system can truly be 100 percent fixed and closed off,” said Sam Rehman, chief technology officer for Arxan Technologies. “At times this could provide a false sense of security which emphasizes risks of certain weaknesses.”

“The Apple ecosystem has a lot to offer its users – except for the reality that there is no possibility of a truly secure brand or data control in any meaningful way,” agreed Andrew McLennan, vice president of the mobile security division, of INSIDE Secure. “The phone user is entirely in the hands of Apple and if there is a major breach it could be catastrophic.”

Android: a Popular Target

“Android offers much more freedom and control, and it is easily possible to get hardware-like security protection using software fixes with native languages such as C++,” McLennan said. “With the Android platform, you can control your own security destiny, particularly if using a mobile solution that also deals with device fragmentation.”

While this makes Android “generally a much better place to be than with the Apple platform,” he said, this is not true if Java is employed for sensitive code. “Java is completely useless for code that needs security, as it takes mere minutes to influence or subvert this code.”

James Quin, CDM Media senior director of content and c-suite communities, said studies show that as much as 97 percent of all mobile malware targets Android while iOS “suffers from functionally none.”

Android’s ubiquity accounts for much of its popularity with hackers, he said. “When malicious code writers sit down to develop threats, theyre going to do so in the manner that gives them the most attack surface, and that always comes from attacking the most populous platform.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hospital suffers data breach

November 16th, 2015 by admin No comments »

OH Muhlenberg, LLC recently suffered a keystroke logger cyberattack, which lead to a health data breach. Affected information includes patient names, addresses, telephone numbers, dates of birth, Social Security numbers, drivers license/state identification numbers, health plan information, financial account numbers, payment card information, and employment information.

After the FBI notification, hospital conducted a large-scale investigation. OH Muhlenberg found that

Hospital suffers data breach

Hospital suffers data breach

a malicious software, called keystroke logging, had been installed on several of the hospitals computers.

The health data breach also affected hospital employees and contractors which includes providers who worked in OH Muhlenberg. Exposed information for them includes credentialing information, Drug Enforcement Administration numbers, National Provider Identifiers, and state license numbers.

According to the hospital, it is not possible to know which patients have been affected by this security breach.

Unfortunately, we cannot determine the type of information that may have been accessed during the incident because it is impossible to determine exactly what information was inputted into the infected computers,OH Muhlenberg wrote in a frequently asked questions document regarding the breach.

OH Muhlenberg expressed regret for this situation. Statement also mentioned its commitment to protect sensitive patient information.

The Hospital is committed to maintaining the privacy of its patients, employees, and providers, and takes precautions for the security of personal and medical information,said thehospitals director of privacy and security DeAnn Tucker, RHIA, CHPS, CCS. We sincerely regret any inconvenience this incident presents to you.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Health Care CyberSecurity

November 14th, 2015 by admin No comments »

The Institute for Critical Infrastructure Technology (ICIT) Co-founder and Senior Fellow Parham Eftekhari had the discussion with HealthITSecurity about Cybersecurity

Health Care CyberSecurity

Health Care CyberSecurity

Awareness.

According to Eftekhari, its currently imperative for organizations to understand that theyll never be able to prevent breaches from happening.

The best way to protect their organization is to focus on detect and response strategies, and create as many roadblocks and obstacles as possible so network administrators can quickly identify unauthorized access or suspicious activity on the network,he explained. [It will] slow down the attackers ability to successfully exfiltrate data and really give the network administrator time to stop the attack.

According to Eftekhari, behavior analytics, dual-factor authentication, and encryption are critical pieces when it comes to creating a virtual tar pitenvironment within the network to slow down the attacker.  

The other key takeaway for Cybersecurity Awareness is the human factor, he explained.

[ICIT] acts as an educator for the legislative community, federal agencies and critical infrastructure sector stakeholders because they need access to cutting edge research and knowledge of cyber trends.Eftekhari said. In that same context, we also need to guide our children and our families, and of course consumers and employees, in cybersecurity best practices without being Orwellian about it. Thats how were going to become a more cyber conscious nation and ultimately improve security.

Montana Williams, Senior Manager, Cybersecurity Practices, ISACA mentioned that it is important that everybody in an organization understand their role in increasing the resiliency of that organization.

Cybersecurity has evolved slowly because technology has outpaced the security aspect of cybersecurity,Williams stated. So it has struggled to keep up with the newest technical advances. The security aspect has struggled to keep up with the threat vectors, and then also it has struggled from an awareness perspective because I believe people are still very naive about the threat of cybersecurity.

Employee training as a whole is the most critical thing for organizations, according to Williams.

The technologies exist out there that can do a great job against a threat, but that training component doesnt exist because the professionals who are managing those technologies dont know how to integrate them the most effective way on their enterprises against that threat thats out there,Williams said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Email and health data breach

November 12th, 2015 by admin No comments »

The University of Cincinnati Medical Center suffered data breach which potentially compromised the PHI of 1,064 individuals. The medical center has experienced nine such incidents in past of emailing private patient information to the wrong email addresses.

Affected information includes patient names, dates of birth, medical record numbers, dates of services, physician names, and diagnosis information. UC Health did not report the disclosure of any Social Security numbers

Email and health data breach

Email and health data breach

or other private financial information. Financial and billing information was not compromised. UC Health have no reason to believe that the information has been misused

The incident happened when the emails intended to employees within the hospital network was inadvertently sent to someone potentially not within the hospital system.

UC Health takes very seriously our role of safeguarding the personal information of our patients and using it in an appropriate manner and we apologize for any concern or inconvenience this situation may cause,the hospital said in a statement.

Notification letters to all potentially affected individuals are also sent. UC Officials encourage potentially affected individuals to open a fraud alert on their credit cards and to enlist the services of a credit monitoring agency. UC Health has also created a block on any emails sent to affected domain name in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Unencrypted email and data breach

November 10th, 2015 by admin No comments »

An unencrypted email resulted in potential health information data breach for over 500 patients in North Carolina. The North Carolina Department of Health and Human Services (DHHS) has experienced a health data breach second time due to an unencrypted email. Earlier, the incident involved the health data breach of 524 state Medicaid patients.

DHHS mentioned that the email that compromised the information was sent to the correct recipient but was unencrypted which is against the policy. Affected information includes Medicaid patients, including patient names, addresses, Medicaid recipient ID numbers, genders, ethnicity, race, insurance information, provider names, Social Security numbers, and dates of birth.

Unencrypted email and data breach

Unencrypted email and data breach

DHHS has plans to overhaul the email encryption process by updating email software. The said software will block any email containing patient information from being sent until the information has been encrypted. DHHS believes that software eliminates the risk of human error.

We take very seriously our responsibility to secure the personal information entrusted to us,said Dave Richard, DHHS deputy secretary in charge of Medicaid. This technology adds a safety net and a layer of protection that goes beyond the human element. This is an important, necessary addition to our workflow.

DHHS also suffered health data security issues back in 2014. DHHS officials believes that it was the agencys responsibility to protect patient information.

I deeply apologize for the impact that this has caused to the citizens of the state,DHHS secretary Aldona Wos explained at the time. First and foremost, I firmly believe as secretary, that it is my obligation to ensure that the children and families we serve receive their health care in a protected and secure environment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Retaliatory agenda leads to data breach

November 8th, 2015 by admin No comments »

Employee retaliatory agenda leads to theft at Childrens Medical Clinics in Texas. As per the report, an employee took paper patient records from the healthcare facility. The employee also used his credentials to log into electronic patient records, taking screenshots of the records and sending it to another former clinic employee.

Clinic believes that there is no reason to believe the former employee planned to use the patient records to do any harm to the patients, but rather sought to cause damage to its reputation.

Affected information includes patient names, dates of birth, diagnostic information, and treatment information. The notification letter did not indicate that Social Security numbers

Retaliatory agenda leads to data breach

Retaliatory agenda leads to data breach

or other billing information were disclosed.

Clinic has not issued credit monitoring services to potentially affected individuals but advised its patients to monitor credit and register for fraud alert. It also provided a free hotline and online portal that potentially affected individuals may use if they have any questions or concerns.

Childrens Medical Clinics expressed regret.

Childrens Medical Clinics of East Texas prides itself on its dedication to not only high quality medical care for your children, but also with federal and state compliance with the security and privacy of your medical records,they wrote. Childrens Medical Clinics of East Texas sincerely apologizes for any inconvenience and concern this incident has caused to you.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Two Separate Healthcare Data Breaches Expose Patients’ PHI

November 6th, 2015 by admin No comments »

A California healthcare organization suffered two separate healthcare data breaches.

First Data Breach

Incident happened when some small glass laboratory slides and paper records were disposed of in a way that did not conform to Huntington Medical Research Institutes (HMRI) policies.

Affected information includes patient names, dates of birth, clinical information such as diagnosis, treatment, tissue sources, specimen information, specific tests ordered, and referring physician information. Some billing information may also have been included. However, Social Security numbers and financial information were not included in the slides and paper records.

HMRI is diligently following up on this incident and taking reasonable actions to prevent similar incidents in the future,HMRI explained in a statement on its website, adding that there is no reason for patients to take any action. Among other actions, HMRI is reinforcing the training of staff who have access to patient health information, and strengthening data security.

Second Data Breach

The second healthcare data breach was reported after former HMRI employee potentially took some ePHI.

Affected information includes patient names, some demographic information such as date of birth, clinical information such as diagnosis, treatment, tissue specimen source, other specimen information,  and specific tests ordered were all included. Moreover, referring physician information and some billing information were also potentially exposed.

HMRI statement mentioned that there is no action that patients need to take, and that it once again plans to reinforce staff training for employees to have access to PHI and also strengthen the facilitys data security

Two Separate Healthcare Data Breaches Expose Patients’ PHI

Two Separate Healthcare Data Breaches Expose Patients’ PHI

.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Stolen laptop leads to data breach

November 4th, 2015 by admin No comments »

A New York City medical and mental health center recently suffered a potential PHI data breach after a laptop containing patient information was stolen. Affected information includes patient names, medical numbers, test results, and brief clinical notes. The statement made no mention of Social Security numbers and other medical billing information.

Woodhull Medical and Mental Health Center, a part of the New York City Health and Hospitals Corporation (HHC) owns the laptop. Laptop was securely locked and password-protected but was not encrypted. However, HHC mentions that it has no reason to believe that the laptop was stolen for PHI. It was possibly for the market value of the laptop.

Around 1,581 potentially individuals were affected and the notifications about the health data breach

Stolen laptop leads to data breach

Stolen laptop leads to data breach

was sent via letters. New York City Police Department was also contacted.

Woodhull is implementing several safeguards by -

  • Examining its current security measures to identify weak spots in need of improvement
  • Looking into additional security measures to implement
  • Readministering security awareness training for all staff to underscore the importance of health data security
  • Enlisting the services of Kroll, a third-party identity theft protection agency, to provide identity theft protection services to potentially affected individuals

Woodhull expressed regret that the incident happened.

“We at Woodhull take our role of safeguarding your personal information and using it in an appropriate manner very seriously,” the provider said in its notification letter. “Woodhull apologizes for the concern this incident may have caused and assures you that we are doing everything we can to prevent an incident of this nature from reoccurring.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

API and Security Risk

November 2nd, 2015 by admin No comments »

What is API?

In computer programming, an application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types.

How it is accessed?

Mobile devices, smart televisions, games consoles and even nodes in the Internet of Things

API Security and Expert Review

APIs present a real security risk, and that hackers steal data by finding easy loopholes.

“What we have seen is applications being broken down into micro-services, and when you do that you are creating many more interfaces and exposing those interfaces. So of course the attack surfaces are much larger,” said Subra Kumaraswamy, head of product security at Apigee, a California-based API security platform vendor. “Hackers

API and Security Risk

API and Security Risk

no longer attack one application; they can look at lots of services. So there is a bigger risk that they can get access to data.”

API is itself new module which needs extra attention.

APIs present an extra headache to organizations because of their power, Kumaraswamy said. “Before, hackers had to sit behind a console and try different things to find vulnerabilities. But because APIs are programmable, they can program attacks. They can write a system that automates their attacks and tries different things.”

API has become a significant part of business.

“APIs are often made as part of an initiative like mobile, and businesses measure success by user engagement or user adoption,” Kumaraswamy said. “Sometimes that means they don’t pay attention to the security aspects of the API. Businesses need more agility, and security sometimes comes second.”

Security Product and API

Security products are extremely useful for API. Most businesses are belatedly waking up to the API security problem. The market is still relatively immature, though, and only 5 percent to 10 percent of organizations offering APIs use such products, Kumaraswamy estimates.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

EHN suffers data breach

October 31st, 2015 by admin No comments »

El Paso-based Emergence Health Network (EHN) suffered data breach when its computer servers was assessed by an unauthorized user. Affected information includes first and last names, addresses, dates of birth, Social Security numbers,

EHN suffers data breach

EHN suffers data breach

case numbers, and information indicating that individuals accessed services from Life Management Center/ El Paso MHMR/Emergence Health Network.The incident caused PHI data breach for around 11,100 individuals.

“EHN quickly disconnected the computer server from the internet when the suspicious activity was discovered,” the statement read. “EHN is taking steps to keep this from happening again by using more secure methods for transmitting, maintaining, and safeguarding your protected health information. EHN is cooperating with state and federal agencies to report this breach.”

EHN reports suggests that no information is misused.

“EHN has also already taken appropriate steps to avoid the threat of future data security compromises and is cooperating with officials in minimizing the potential effects of this incident,” explained the second statement.

EHN is sending breach notification to affected individuals.

“We are sorry for any inconvenience this incident may have caused you,” the facility said. “EHN is doing everything we can to fix this and not have it happen again.”

As per the report – What EHN is doing?

EHN quickly disconnected the computer server from the internet when the suspicious activity was discovered. EHN is taking steps to keep this from happening again by using more secure methods for transmitting, maintaining, and safeguarding your protected health information. EHN is cooperating with state and federal agencies to report this breach. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Bon Secours St. Francis Health System suffers data breach

October 29th, 2015 by admin No comments »

Bon Secours St. Francis Health System in Greenville, South Carolina came to know about data breach when several employees were receiving unpaid balances for an antibiotic cream, and others were reporting their health insurance companies being charged for the antibiotic creams. After investigation, St. Francis Health found out that a hospital employee was responsible for the incident.

According to the statement, the employee accessed the patient information of approximately 1,997 individuals. Affected information includes patient names, dates of birth, drivers license numbers, insurance information, clinical information, and potentially Social Security numbers

Bon Secours St. Francis Health System suffers data breach

Bon Secours St. Francis Health System suffers data breach

.

St. Francis Health mentions that it will take several measures to avoid such incidents.

The training will remind our employees that inappropriate use, access or disclosure of patientsinformation will result in serious consequences up to and including termination and, where applicable, the involvement of law enforcement,St. Francis Health explained.

Notification letters are sent to all potentially affected individuals and free credit monitoring services is offered to them.

According to the statement:

We deeply regret that this has happened. Bon Secours St. Francis takes its responsibility for protecting our patientspersonal information and using it in an appropriate manner very seriously,the hospital said in a statement. Please know that our employees work hard every day to provide excellent care to our patients. Words cannot express how deeply disappointed we are that this has occurred.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Unsecured Email leads to data breach

October 27th, 2015 by admin No comments »

Arkansas-based Nephropathology Associates, PLC (Nephropath) suffered data breach when one of its employees sent an unsecured email to a vendor that included PHI and de-identified information. Nephropath stated in a letter that the PHI should not have been included even though the vendor in question was the intended email recipient.

Nephropath mentioned that the vendor was notified and told to destroy all copies of the information. Affected information includes first and last names, patients’ ages at the time of treatment, Nephropath accession numbers, referring physicians, and pathology diagnoses. Addresses, financial information, and Social Security numbers

Unsecured Email leads to data breach

Unsecured Email leads to data breach

were not included.

“As a result of this incident Nephropath is reviewing its policies and procedures to protect against future incidents of this nature,” stated the letter, which was signed by Practice Coordinator and Compliance Officer C. Aaron Nichols, MHSA, CMPE. “As part of this process we will be providing additional training to our workforce and the responsible employee.”

According to the reports, 1,260 individuals were affected by the incident.

Nephropath added that the vendor sent written assurance that the information was destroyed and and there is no reason to believe that any physical or digital copies were kept by any parties.

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Center for Disability Rights suffers data breach

October 24th, 2015 by admin No comments »

Center for Disability Rights (CDR) suffered potential data breach when protected health information (PHI) of individuals with disabilities was allegedly stolen.

An employee of Angels in Your Home, a home care agency serving individuals with disabilities in New York, allegedly stole patient information to take with him to a new home care agency. As per the report Angels’former CEO Marco Altieri, obtained permission from individuals to take their PHI. CDR maintains that this was done fraudulently and without their knowledge.

CDR did not mentioned the specification of health and other personal information disclosed in the breach. But stated that misuse of PHI, including names and contact information of clients was done.

CDR came to know about the incident after being contacted by one of its clients. CDR also states that there is potential to pursue fraud charges.

“Second, giving false pretenses, misrepresenting information, or lying to an individual in order to convince them to switch providers is fraud,”Darling stated. “In the case of using fraud to convince an individual to switch services paid by Medicaid, it is also Medicaid Fraud and consumer fraud.”

CDR is taking legal action related to this incident.

“Every party involved in this appalling situation has secured legal representation, except for the individuals whose protected health information has been compromised, misused, or stolen,”CDR’s Director of Advocacy Stephanie Woodward said in a statement. “We’re committed to assisting the people who have been impacted the most by this breach

Center for Disability Rights suffers data breach

Center for Disability Rights suffers data breach

- disabled people and their workers.”

This is a very personal situation for CDR, according to Darling, because the organization is run by individuals with disabilities.

“Because we are run by people with disabilities, our organizations take the duty to protect personal information of disabled people and their attendants very seriously. Misuse of such information feels personal –because it is,”he says. “No one should experience this, but because we have disabilities we are most at risk for this to occur. And frankly, this has been a growing trend locally that must stop.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Not-for-profit Community suffers data breach

October 22nd, 2015 by admin No comments »

California not-for-profit Community Catalysts of California, Inc. recently mentioned that a flash drive containing certain client information was stolen from an employees residence. The affected information includes names, addresses, diagnoses, dates of birth, ages, and gender and/or telephone numbers for certain current and former clients. However, drivers license information, state identification

Not-for-profit Community suffers data breach

Not-for-profit Community suffers data breach

, health insurance or financial account numbers were not included.

We take the privacy and security of the information in our possession very seriously and we deeply regret these circumstances and are committed to keeping impacted individuals informed,read a Community Catalysts statement.

Physical safeguards and administrative safeguards are essential to keep patient information safe and secure.

Community Catalysts provides services and advocacy for people with disabilities and Veterans.This includes assistance in several areas, such as mental health support, recreation, client advocacy, education, healthcare support, housing, and employment.

We have taken steps to prevent this type of event from happening again, including retraining our employees on using encrypted device, as required by our company policy,Community Catalysts explained. We are also reviewing our data retention practices to ensure that we are not retaining any documents longer than necessary in order to provide services to our clients.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Medicaid Data Breach in North Carolina

October 20th, 2015 by admin No comments »
Medicaid Data Breach in North Carolina

Medicaid Data Breach in North Carolina

 

Affected information includes a spreadsheet with Medicaid recipientsPHI. Information having first and last name, Medicaid identification number (MID), provider name and provider ID number, and other information related to Medicaid services. Approximately 1,615 individuals had their data compromised, but DHHS added that only two Social Security numbers were compromised and no dates of birth.

Gerlach explained that the delayed data breach notification was because DHHS was investigating thoroughly to ensure that there is full understanding before determining next steps.

There has also been no signs that the spreadsheet was intercepted by unauthorized users.

DHHS says affected patients may take steps to protect themselves by putting a fraud alert on their credit files and by keeping an eye on their bank statements and credit card bills for any unusual or unauthorized activity.

This is not the first Medicaid data breach reported by DHHS.

I deeply apologize for the impact that this has caused to the citizens of the state,DHHS secretary Aldona Wos explained at the time. First and foremost, I firmly believe as secretary, that it is my obligation to ensure that the children and families we serve receive their health care in a protected and secure environment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

OU Medicine Suffers Data Breach

October 17th, 2015 by admin No comments »

As per the reports, OU Medicine suffered data breach when a laptop potentially storing a spreadsheet containing limited patient information was stolen from a former OU physician. The spreadsheet  in the laptop contained limited information for approximately 9,300 pediatric patients.

Affected Health information includes patient name, diagnosis, treatment code, date of treatment, date of birth, description of urologic medical treatment or procedure, medical record number, and physician name. According to OU Medicine, no addresses, Social Security numbers

OU Medicine Suffers Data Breach

OU Medicine Suffers Data Breach

, or other billing information was included.

The hospital took precautionary steps by notifying the 9,300 potentially affected individuals via data breach notification letters even though it was not sure whether spreadsheet was present on the laptop. OU Medicine stated that it will provide one year of free credit monitoring to potentially affected individuals.

The physician who owned the stolen laptop had left the department prior to the laptop being stolen. The hospital also mentioned that it does not allow physicians to take medical documents with them after leaving the facility.

The University has policies that generally prohibit the removal of documents that contain patient information from its premises and that require employees to protect patient information on laptops at all times, including by storing it securely,OU Medicine said in its statement.

Facility also expressed regret for the situation.

The University of Oklahoma takes patient privacy seriously,OU said in its statement. The Department is taking additional steps to help prevent similar incidents from occurring and is providing additional training to employees on the importance of securing patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

 

Employee Access and Patient Data Security

October 14th, 2015 by admin No comments »

Recent research shows that some organizations have loopholes in data access which can cause patient data security issues.

Highlights of the research by IS Decisions are -

63 percent of healthcare staff are still able to logon to different devices and workstations concurrently.

49 percent of surveyed healthcare employees are required t

Employee Access and Patient Data Security

Employee Access and Patient Data Security

o manually logoff

30 percent do not have unique logins

46 percent stated that they believe their actions on the employer’s network can be attributed to them

57 percent of US healthcare staff said their organizations had formal agreements to security policies in their contracts

29 percent of surveyed healthcare professionals did not receive any security training when they were employed

55 percent of existing employees stated they received IT security training

34 percent of US healthcare staff are aware of their organization conducting regular security audits

73 percent of health and pharmaceutical employees said they have access to sensitive or confidential patient information

41 stated that they and their co-workers can see “a lot of” sensitive data

56 percent of IT practitioners said they believe their organizations place just a moderate to low priority on protecting company data, or no priority at all

“To take the standard of security training beyond the base level in on-boarding staff, it is sensible to include adherence to security policies within employee contracts,” the report stated. “This ensures a level of responsibility on the part of the employee, providing a line of culpability in the event that they take action to subvert a policy.”

IS Decision survey has lead to awareness among employee access.

“Healthcare organizations need to protect the patient’s right to privacy while ensuring healthcare professionals get the necessary access to provide the best treatment for their patients,” IS Decisions CEO Francois Amigorena said in a statement. “Information of this critical and confidential nature should only be accessible by authorized users and it really should not be a complicated process.”

Amigorena added that this goal could be achieved by properly implementing and combining access control policies, user identity verifying, and user activity auditing.

“The damage can be greatly reduced by managing data access permissions, making sure employees only have access to the data they need to do their jobs, and by monitoring for unusual activity,” explained Varonis Co-Founder and CEO Yaki Faitelson.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Mailing Error leads to data breach

October 12th, 2015 by admin No comments »

A Florida health plan suffered potential data breach after a mailing error. The incident caused some members to receive the personal information of other members.

A machine that was programmed to insert two premium statements per envelope led to some statements to be mailed to the wrong individual. Normally, just one statement should have been included in each envelope.

According to the reports, 1,400 individuals received data breach notification from CarePlus. Affected Information potentially includes names, addresses, and CarePlus identification numbers. Social Security numbers were not included in the statements.

As per CarePlus, there is no reason to believe that the disclosed information has been used inappropriately. Extra security measures are added by CarePlus to ensure quality assurance in the mail

Mailing Error leads to data breach

Mailing Error leads to data breach

room.

Company has notified the individuals about the incident.

According to the statement:

CarePlus is monitoring all claim activity to reduce the possibility of medical identity theft. Any members who have any questions should call CarePlus at 1-800-794-5907, from 8 a.m. to 8 p.m., seven days a week.Anyone who believes their information is being used by someone else is urged to contact CarePlus at once.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Affinity Health Plan data breach

October 9th, 2015 by admin No comments »
Affinity Health Plan data breach

Affinity Health Plan data breach

As per the report, AHP members received reminder letters for renewing Child Health Plus for their children which also contained letter in a different language addressed to a different Affinity member.

Due to a printing error that we discovered on Friday, August 14, 2015, the back of the letter you received included a renewal reminder in another language that was mistakenly addressed to a different Affinity member,the letter said. As a result of this error, another Affinity member received a letter mistakenly addressed to you on the back of their August 4, 2015 letter.

Affected information included the childrens names, addresses, and AHP identification numbers. No childs health information was disclosed, nor were Social Security numbers or any billing information. Also, no information regarding the potentially affected children can be accessed via the AHP identification numbers.

AHP expressed regret for the situation as per the company statement.

We sincerely apologize for this error,stated the letter, which was signed by AHPs Retention Department Director Wendy Mezquita. We value you as an Affinity member and look forward to continuing to provide health care coverage for your family.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Illinois theft compromises sensitive information

October 6th, 2015 by admin No comments »

Illinois and North Carolina Barrington Orthopedic Specialists recently suffered data breach which reportedly affected 1,009 individuals. The PHI was compromised following the theft of a laptop and EMG machine.

Affected information includes patient names, dates of birth and EMG results and reports. The statement did not specify how many individuals were affected, but the Office for Civil Rights breach reporting tool states that 1,009 individuals had their information involved in the incident.

The Illinois facility mentioned in a statement that the health data breach

Illinois theft compromises sensitive information

Illinois theft compromises sensitive information

was discovered on August 18, 2015. The incident is believed to have taken place sometime between August 14 and August 18.

Barrington Orthopedic Specialists, Ltd. has reported the theft to the police and they are investigating,the statement read. We have also acquired additional equipment so that transportation of units is no longer necessary. Data sets will no longer be maintained on the laptops associated with the EMG machines. They will be maintained only on our internal server system.

Barrington mentioned that it does not believe that affected patients are at risk of financial identity issues as stolen items didnt contain the same. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

BCBS facility suffers data privacy breach

October 3rd, 2015 by admin No comments »
BCBS facility suffers data privacy breach

BCBS facility suffers data privacy breach

 

The affected information for first incident included names, addresses, internal BCBSNC account numbers, group numbers, coverage dates and premium amounts due. The internal BCBSNC account numbers printed were not the BCBSNC member identification numbers.

BCBSNC explained in a statement that a printing error caused some members’ billing invoice information to be printed on the backs of other members’ invoices. BCBSNC mentioned that its printing vendor has reviewed standard operating procedures and implemented a new quality control process.

Second data breach occurred when some BCBSNC members received payment letters that included incorrect information. A spreadsheet error reportedly led to the wrong information being printed. A new quality review process has been put into place.

Affected information for second breach that was sent to the wrong members included health plans purchased, effective dates, health insurance marketplace identification numbers, payment amounts, telephone numbers and payment identification numbers.

BCBSNC regrets these situations and any inconvenience they have caused,the statement read. Letters to affected individuals regarding the incidents were mailed on September 10, 2015.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Health Records exposed on the Internet

September 29th, 2015 by admin No comments »
Health Records exposed on the Internet

Health Records exposed on the Internet

Affected information includes patient names, addresses, dates of birth and admission, telephone and fax numbers. E-mail addresses, medical information, medical record numbers, health plan data and beneficiary numbers were also included. Social Security numbers, State License numbers and full face photographic images were included in a few cases as well, the letter stated. Financial information, security codes, and passwords were not part of the exposed information.

California based Silverberg statement letter did not specify how the information appeared online, but simply mentioned that the document scanning device “inadvertently exposed some patient health records to the internet.” The information was immediately taken down upon the exposure discovery, according to the letter.

“We have undertaken an extensive investigation of the matter, including hiring a forensic specialist security firm to assist us in conducting a full investigation of the incident,” Silverberg Surgical and Medical Group explained. “We have taken steps to secure any data that was involved in this incident and we have notified the appropriate state and federal authorities, including the Federal Bureau of Investigation.”

According to the Silverberg. potentially affected individuals will receive complimentary identity monitoring services for one year.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

False medical claims leads to data breach

September 27th, 2015 by admin No comments »

Unauthorized individuals posed as physicians to file false medical claims and the incident is related to New Jersey-based health insurer. Claims may have led to data breach for some patients.

Horizon Blue Cross Blue Shield of New Jersey announced the incident on its website explaining potential healthcare fraud was detected.. A special investigation’s unit at the insurer find out that these unauthorized individuals obtained Horizon BCBSNJ member identification (ID) numbers, and potentially other personal information.

Approximately 1,100 customers were affected by the incident, and Horizon BCBSNJ stated that it is working with the FBI and the US Attorney’s Office.

Affected information includes names, dates of birth, gender and member ID numbers. However, medical information, financial information and Social Security Numbers

False medical claims leads to data breach

False medical claims leads to data breach

were not accessed or disclosed, according to the insurer’s statement.

Data breach notification letters began to be sent out to potentially affected individuals.Horizon BCBSNJ’s Special Investigations Unit would have already reached individuals by phone if their member ID or address were used to file false claims.

“Horizon BCBSNJ has no reason to believe that the personal information obtained was used for any purposes beyond submitting false claims by these specific perpetrators,”the statement read. “The information accessed can only specifically be used to submit claims to Horizon BCBSNJ.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Identity theft and data breach

September 25th, 2015 by admin No comments »
Identity theft and data breach

Identity theft and data breach

 

Affected PHI included full name, CVS ID, CVS ExtraCare Health Card number, Rx plan number, Rx plan state, and plan start and end dates.

Molina Healthcare mentioned that this health data breach may lead to identity theft. It also advised all potentially affected individuals to put a fraud alert on his or her credit file. The health insurer also decided to provide the importance to carefully inspecting credit reports.

According to the statement:

Look at your reports when you get them. Look for accounts you do not remember opening. Look requests from creditors that you do not know about. Check for any medical bills that you do not about. Look at all your personal information. Make sure it is correct. Call the credit agency if you any questions about your report.

 If there is something wrong with your report, call your local police or sheriffs office. File an identity theft report. Get a copy of this report. You may need to give a copy to other creditors. This will help clear your records.

If your credit report is OK, you should still check your credit. Check your credit report every three months for the next year. Call one of the numbers above to get your report.

Keep a copy of this letter for your records. It can help if you have future problems with your medical records. You may want to ask for a copy of your medical records from your healthcare providers. It good to have a copy that you can look at in case you ever have problems. You can also get a copy claims or other PHI held by Molina Medicare Options Plus HMO SNP (Molina Healthcare). To get it please call our Member Services department at the toll-free number listed below.

Molina Healthcare regrets this problem. CVS is replacing CVS ExtraCare Health Cards for affected individuals who are current Molina Healthcare members with an OTC benefit, unless your CVS ExtraCare Health Card was already replaced due to a change in your benefits plan. To further help protect your identity, we are offering you a free one-year membership of identity theft protection. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Email hacking leads to potential data breach

September 22nd, 2015 by admin No comments »

Oakland Family Services is dealing with a potential PHI data breach after one of its employees email was reportedly hacked. The organization reported that an unauthorized individualgained access to an employee email account and possibly viewed patient PHI. According to reports, EMR databases and other agency email accounts and databases were not affected.

Statement mentioned that 16,000 clients will be sent data breach notification letters and 173 had a Social Security number present in the affected email account.

Affected information includes client names, internal client ID numbers, dates of service and types of service provided. Oakland Family Services added that in a few cases, the emails also included dates of birth, telephone numbers, addresses, diagnoses, health plan ID numbers, insurance numbers and Social Security numbers

Email hacking leads to potential data breach

Email hacking leads to potential data breach

. Financial information was not included in the email account, the provider added.

An internal investigation has shown that the rogue user had access to the account for 23 minutes, it is believed with the intent of perpetuating a phishing scheme,Oakland Family Services explained in a statement. Following a phishing email sent to the employees email contacts, none of which were clients, the hacker exited the account.

The incident was discovered on the same day that the hack took place. Oakland Family Services explained that it immediately terminated the hackers access to the account.

Oakland Family Services Director of Information Technology David Partlo said in a statement that the provider maintains an extensive security program to safeguard clients PHI.” This includes annual staff trainings, regular third-party audits of the Oakland Family Services security protocol, and strong passwords.

We took action within 15 minutes of the intruder gaining access to block him or her from the affected email account and based on this incident, even stronger email protocol has been implemented,” Partlo said. “We feel reassured by the fact it doesnt appear the person gained access in search of PHI, but simply to perpetuate the phishing scheme, based on the amount of time the hacker spent in the account and the actions we know he or she took.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Embarcadero Media Group Attacked by ‘Anonymous’

September 21st, 2015 by admin No comments »

The websites of Palo Alto Weekly, The Almanac, Mountain View Voice and Pleasanton Weekly were all reportedly attacked at about 10:30 p.m. Thursday. The company temporarily took the websites offline and it is distributing news content through its social media platforms.

After being hacked, the websites featured a message and an image of Guy Fawkes, a symbol typically associated with the hacker group Anonymous. The message explained that the company, “failed to remove content that has been harmful to the well-being and safety of others,” warning that, “failure to honor all requests to remove content will lead to the permanent shutdown of all Embarcadero Media Group websites.”

See our US President, Ebba Blitz being interviewed on Channel4 as hackers took control of the five news websites of Embarcadero Media Group on Thursday night, according to the media outlet.

Sutter Health suffers data breach

September 15th, 2015 by admin No comments »

According to reports, a former employee reportedly emailed patient information without proper authorization. Around 2,582 patients are potentially affected, and that with the exception of two patients, no Social Security numbers, financial information or drivers license data were included.

A thorough review of the former employees email activity and computer access led to the discovery of the incident. Affected information includes name, date of birth, insurance identification number, date of service and billing code included in the emailed information. One patients California drivers license number was included, while another patients Social Security number

Sutter Health suffers data breach

Sutter Health suffers data breach

and California drivers license number were included.

The employee worked for Sutter Physician Services (SPS), which handles billing for Sutter Healths physician medical foundations, the statement explained.

Our patients trust us to provide their care and protect their privacy,Sutter Health Chief Medical Officer Stephen Lockhart, M.D., Ph.D., said in a statement. We believe protecting patientshealth information is the responsibility of every employee. We require employees to sign confidentiality agreements. In addition, we train them to follow privacy and information security policies and regulations. We deeply regret this incident occurred.

Sutter Health mentioned that there is no evidence that any of the information was used inappropriately. patients who receive a notification letter mailed September 11 will be offered free credit monitoring services for one year.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Stolen laptop and data breach

September 12th, 2015 by admin No comments »
Stolen laptop and data breach

Stolen laptop and data breach

Affected information includes patient names, dates of birth, dates of treatment, descriptions of patientsconditions, treatments, and outcomes, lab test results, radiological and ultrasound images, medical record numbers, and diagnosis and treatment information. However, Social Security numbers and financial data were not stored on the laptop.

Dr. Christopher Roth, Assistant Professor of Urology, said that the laptop was in his car, parked outside of his house. Information on the laptop was not saved to LSU Health Sciences Center New Orleans server. Data was saved to the laptops hard drive, so the school cannot access specific data stored on the device.

The process to reconstruct and ready notifications took nearly eight weeks to complete,LSU Health explained. It is unknown whether any specific patients data were on the stolen laptop, however those patients the university suspects may have been affected will receive individual notification by mail, along with information about protecting against identity theft.

Dr. Roth patients from July 2009 to July 16, 2015 who did not receive a notification letter are encouraged to reach out to the university.

According to the statement:

The policy was not adhered to in this instance, and appropriate disciplinary action will be taken at the conclusion of the investigation. In addition, the university is reviewing its information security policies and procedures to determine if improvements can be made to further reduce the risk of such a breach in the future. Any changes will be included in the information security training that all employees and students are required to complete.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cyber crime attack at BCBS

September 10th, 2015 by admin No comments »
Cyber crime attack at BCBS

Cyber crime attack at BCBS

Cyber criminals gained unauthorized access to Excellus Information Technology (IT) systems. BCBS added that it has also notified the Federal Bureau of Investigations (FBI) and the data was not removed from the Excellus BCBS systems.

This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS,Excellus BCBS explained. Individuals who do business with us and provided us with their financial account information or Social Security number are also affected.

Excellus BCBS sent out the data breach letters.

Protecting personal information is one of our top priorities and we take this issue very seriously,Excellus BCBS CEO Christopher Booth said in a statement. Were making a broad range of services available today for our members, our employees and other impacted individuals to help protect their information.

Company believe that no information is misused.

We sincerely regret the frustration and concern this incident may cause,Excellus BCBS said on its website. We want you to know that protecting your information is incredibly important to us, as is helping you through this situation with the information and support you need.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ohio provider reports missing padlock

September 7th, 2015 by admin No comments »

Ohio-based Endocrinology Associates reported a potential data security incident which affected 1,400 individuals. Incident came to notice when a POD containing patient information was missing its padlock.

According to the reports, the provider is currently renovating its location, and is storing patient charts in a rented POD on-site. Endocrinology Associates realized on the mornings that the POD padlock had been removed and started inventory search. Internal investigation found that no patient information was missing, the provider explained that it cannot confirm with certaintythat no charts were opened, reviewed, or copied.

Facility also mentioned that enhanced security measures are implemented to ensure this kind of incident is not repeated.

According to the statement:

As for the content of the physical charts, we do not maintain financial information of our patients in the charts,the statement read. However, some charts did contain social security numbers. To date, we have not received any indication, notice, or response from any patient that their personal health information has been stolen or compromised in any fashion.

We notified our patients by mail of the situation.  We request that any patient report directly to us if they are aware of any information concerning the improper use or access of their personal health information.

Get your personal as w

Ohio provider reports missing padlock

Ohio provider reports missing padlock

ell as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Missing employee notebook leads to data breach

September 5th, 2015 by admin No comments »
Missing employee notebook leads to data breach

Missing employee notebook leads to data breach

 

Department of Health and Human Services (HHS) data breach reporting database listed 1,426 individuals affected. CCNW didnt mention the count.

CCNW mentioned that affected patients will receive a data breach notification letter via first class mail. CCNW statement did not mention about identity or credit protection services but recommended that affected patients contact credit bureaus and place Fraud Alerts on their credit report.

CCNW stated that it would take extra measures to properly train employees to handle PHI.

Cancer Care Northwest takes very seriously our role of safeguarding your personal information. We have therefore required all of our employees to receive additional training on the proper handling of protected health information.  We are also reminding our employees that all protected health information is to be kept only in our electronic medical record and have asked that they not use personal notes or notebooks to record patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Employee reportedly stole patient information

September 3rd, 2015 by admin No comments »
Employee reportedly stole patient information

Employee reportedly stole patient information

According to the Merit Health Northwest Mississippi, an employee removed patient information from the facility without authorization. The facility was notified by law enforcement on July 1, 2015 that one of its employees was under investigation for identity theft. Notification are sent to affected patients. Merit Health has also setup free credit monitoring and identity theft resolution services.

According to the reports, the employee was removing hospital documents from February 2013 to June 2015. Affected information includes patient names, addresses, dates of birth, Social Security numbers, health plan numbers and clinical information. Data related to other individuals responsible for payment of care may have been included in some cases. The statement on the website did not specify how many individuals were potentially affected by this incident.

“In order to prevent any further removal of documents or unauthorized computer access by the employee, the Hospital terminated the employee’s access to buildings and computers and suspended the employee,” the statement explained. “The person is no longer employed by the Hospital. The Hospital is cooperating with law enforcement in its ongoing investigation.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Boston University suffers hacking incident

September 1st, 2015 by admin No comments »
Boston University suffers hacking incident

Boston University suffers hacking incident

Affected information includes names, Social Security numbers, dates of birth, medical record numbers, and dates relating to the research. The data related to personal information was immediately removed from the server.

Three affected individuals were listed as having Maryland addresses. The individuals had participated in a research study for Edward Bernstein, MD. The university is taking steps to prevent similar incidents from happening in the future. It is also notifying the US Department of Health and Human Services Office for Human Research Protections.

According to the reports, it was determined after a month-long investigation that a third-party had infiltrated the server and then installed a hacking toolkit.

“At this time, Boston University does not have any knowledge that your information has been used for any unauthorized purpose,” stated a copy of the data breach notification letter sent to potentially affected individuals. “Therefore, this letter is not a notice that you are a victim of identity theft; it is a notice that there may have been unauthorized access to your information, not necessarily that it was accessed or has been used. Nevertheless, we are notifying you in accordance with applicable laws, as required by the IRB in accordance with federal law, and in an abundance of caution.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen laptop leads to data breach

August 28th, 2015 by admin No comments »
Stolen laptop leads to data breach

Stolen laptop leads to data breach

The affected information for first group included patient names, medical numbers, dates of birth, ages, patient account numbers, the name of any inpatient procedures done, and the admission and discharge dates of that inpatient procedure for the first group of individuals,. The first group of affected individuals includes those who received treatment at OU Outpatient Surgery Center or the Presbyterian Tower between January 1, 2009, and December 31, 2014.

For the second group, potentially disclosed information included patient last name and first initial, ages, pregnancy-related information, lab results, medications, delivery dates, and problems and allergy lists. The affected individuals included patients for high risk delivery at OU Medical Center from September 24, 2014 until May 31, 2015.

Social Security numbers or addresses were not present in the laptop.  OU Physicians has no reason to suspect any of this information has been mishandled. Notification letters are sent to affected individuals, and organization is offering them a free one-year subscription to credit monitoring. OU Physicians employees are also being re-educated on proper practice for handling patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Non-employee sees Backus Hospital patient information

August 26th, 2015 by admin No comments »

The breach occurred when an employee brought patient records home with her in an attempt to finish some work remotely. Those records stayed in her home until few days, and may have been seen by non hospital personnel.

Shawn Mawhiney, a spokesperson for Backus Hospital, mentioned that the employee responsible for this breach

Non-employee sees Backus Hospital patient information

Non-employee sees Backus Hospital patient information

is being properly disciplined and reeducated on proper handling of patient information.

“The employee took the records home and they are not supposed to do that,” Mawhiney told the news source. “The records then had the potential to be seen by someone in her home. As a health care institution, we take this kind of incident very seriously.”

Patient Kenneth Keely Jr. was shocked at the mishandling of his personal information, according to The Norwich Bulletin.

“I was completely shocked – this came out of nowhere,” Keely said. “Then I read it and it made no sense. First, ‘disciplined’ for what? Why did they have the records for six months and who read it?”

The affected information includes included patient names, medical record numbers, dates of treatment in the emergency room, diagnoses, and treatment information. While Backus has no reason to believe this information was misused in any way, the hospital said it still decided to send out 360 letters to individuals potentially affected by this incident.

According to the Backus Hospital statement:

“We have appropriately disciplined the employee, including reinforcing education regarding our policies and procedures in maintaining the confidentiality of patient information,” the letter states. “We have no indication that your information was used improperly. However, out of an abundance of caution, we wanted to notify you regarding this incident and assure you we take it very seriously.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Akron Children’s Hospital suffers data breach

August 24th, 2015 by admin No comments »

Akron Children’s Hospital sent PHI data breach notification letters to over 7,600 patients and families. The health data breach involved a misplaced device containing information about medical transports. According to the reports, backup drive went missing which contained voice recordings of conversations between dispatchers and hospital workers during the medical transport of Akron Children’s Hospital patients.

Affected information includes patient names, ages, gender, dates of birth, medical record numbers, location, medical transport times, physician, and chief medical complaints. Only patients who received a medical transport between the nine-month period listed above were affected by this breach. No Social Security numbers

Akron Children’s Hospital suffers data breach

Akron Children’s Hospital suffers data breach

or financial information was disclosed in the breach.

Akron Children’s Hospital maintains that there is no reason to believe that the information has been used maliciously.

“We truly regret this situation and value the trust you and our other patient families place in us to care for your children,” the hospital states. “Akron Children’s Hospital is committed to maintaining our patients’ health information in a secure and confidential manner.”

As per the reports, the device was stored in a locked location on the Akron Hospital campus. Akron Children’s Hospital mentioned that it will be encrypting all of their mobile devices and will no longer use mobile devices to store transport voice recordings.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Mobile security in the connected network as per the experts

August 21st, 2015 by admin No comments »

In recent times more healthcare organizations implement and use connected devices. According to Institute for Critical Infrastructure Technology (ICIT) fellow Michael McNeil – From a mobility perspective, there are a number of different challenges.

“What used to be a stationary or contained type of a device or tool that would be used, now has mobility attached to it,” said McNeil, who is also the global product security

Mobile security in the connected network as per the experts

Mobile security in the connected network as per the experts

and services officer for Phillips Healthcare. “Because of the mobility and its interconnections, the integrity of that data and the accuracy of the information could be at risk.”

McNeil mentioned that healthcare organizations should ensure that they are in alignment with the appropriate legal and regulatory efforts.

“When you look at the fact that there’s clinical data, the transmission of that data, the flexibility of that data, and certain individuals could intercept or manipulate that information, that creates some of our biggest risk and or complexities that hit the dynamics of the ecosystem,” he said.

McNeil also mentioned that healthcare organizations do not always look beyond their own contained network.

“Because organizations typically look at infrastructure of a hospital or a particular setting, traditionally they have stated, ‘Because that is contained in somebody else’s network and environment, our liability and vulnerability and chances of any activities is very low,’” McNeil said. “And because it’s in someone else’s contained network, they sort of push the potential direction of the potential risk off into other parts of the ecosystem.”

McNeil explained that the “ecosystem” includes everyone from medical device manufacturers to healthcare providers, and even regulators.

“The better that we can align with other types of industries, and other types of standards,  making sure that we are deploying solutions within this space, then we also have the ability to make sure that from a mobile perspective it’s designed with the security of their products and solutions,” he said. “That needs to be key.”

The mistake comes when mobile devices, and even connected systems themselves, are not designed with the larger picture in mind, he said.

“That is more of a fallacy of the past that needs to be corrected in terms of the future,” McNeil stated.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Letters sent to incorrect households

August 19th, 2015 by admin No comments »

According to the reports, protected health information (PHI) of 1,622 Colorado residents was sent to wrong recipients. Letter contained sensitive patient information, and may have included names, addresses, state identification numbers or Medicaid ID numbers, family member names, employers’ names, income, amount of Advanced Premium Tax Credit (APTC), and whether or not residents were approved for various state healthcare programs. Dates of birth for approximately 50 individuals were also disclosed.

Press release mentioned that none of the letters disclosed Social Security numbers. Affected individuals received benefits through the Department of Human Services. The Department has issued notification letters to all affected individuals and provided free credit monitoring. Deloitte was contracted by the state to conduct these mailings that were mishandled, and therefore will be paying for the credit monitoring.

The Department mentioned that there is no evidence to suggest that the disclosed information was mishandled.

“The Department and its partners take the privacy of our members’ information very seriously and is notifying those impacted by this breach

Letters sent to incorrect households

Letters sent to incorrect households

,” said Susan E. Birch, MBA, BSN, RN, executive director. “The Department in partnership with its vendors, has taken additional steps to prevent future errors.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Disciplinary action against employees

August 17th, 2015 by admin No comments »

Carilion Clinic, a not-for-profit clinic located in Roanoke, VA took disciplinary action or fired 14 employees for looking at a high-profile patient file that they had not been given access to.

Chris Turnbull, a clinic spokesperson, did not identify the employees or the patient whose information was breached

Disciplinary action against employees

Disciplinary action against employees

. But he did explain that patient files tend to be handled by many people in the clinic and that the clinic has compliance officers who monitor the file activity.

As per the internal security measures, whenever an employee accesses the file, the filing system documents the activity and tracks whether the employee had viable cause to access the file. Compliance officers are in charge of tracking privacy concerns by accepting complaints or monitoring high-profile patients.

Carilion Clinic is a HIPAA-covered entity and adhered to appropriate disciplinary standards in properly punishing employees or terminating their employment. Under HIPAA, these employees may also face criminal prosecution, a $50,000 fine, or a one-year prison sentence.

Carilion prohibits employees from accessing information for patients with whom they are not directly working in accordance with HIPAA. Clinic employees are also required to receive annual security training.

“Carilion takes its obligation to protect patient privacy very seriously,” said Vicki Clevenger, Chief Compliance Officer at Carilion. “When Carilion discovers potential issues, an immediate investigation is launched. Aspects of an investigation vary, but may include a review of the electronic medical record(s) in question and interviews with individuals involved.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Phishing Attacks: Easy, But Successful

August 14th, 2015 by admin No comments »

Companies spent millions of dollars to avoid harm from virus and hacking but mostly ignore the possibility of phishing attacks

Phishing Attacks: Easy, But Successful

Phishing Attacks: Easy, But Successful

. Example of phishing attack can be considered as below:

Emails are sent mentioning that a high-ranking official or a friend wants to move money out of Nigeria or some other foreign country. They offer a percentage of the proceeds to the mark as long as he or she first sends a significant sum of money to pay certain fees. The money first promised is never transferred to the victim.

“There’s a perennial appeal to offers of large amounts of money with significant liquidity,” said Stephen Cobb, senior security researcher ESET North America. “All of us at various times have thought that a lot of our troubles would be solved if we only had cash.”

Scams asking for money not only successfully con people, some are conned multiple times by the same scammer, according to Cobb. “A person who puts money in has a vested interest in believing that [the offer] is real. So the scam artist will often try to hit the person a second time, saying there was a roadblock so he needs more money. He (the scam artist) isn’t out any additional money.”

How to detect scam mails:

  • Change Request of Password
  • Request for money
  • All caps in header
  • “Re” in an email that is not a response to another e-mail
  • Messages from overseas, particularly anything from a country one has never visited
  • Request for personal information
  • Offer of a free gift.
  • “click here,” particularly to see a video, picture or article
  • Emails from a known person addressing you differently than they have before

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Health data breach due to missing flash drive

August 12th, 2015 by admin No comments »

Lawrence General sent breach notification after flash drive containing health information went missing. According to the reports, facility immediately began a thorough investigation. Lawrence General determined that the flash drive contained very limited patient information.

Lawrence General Hospital stated that this breach is very limited in scope and there is no reason to believe that the information has been misused. It is still working to minimize the scope of the situation.

Lawrence General is reeducating staff members and ensuring they understand how to properly handle patient data. Flash drive contained lab testing information such as patient names, lab testing codes, and slide identification numbers. Hospital mentioned that no Social Security numbers, dates of birth, or clinical and financial information have been compromised. The number of affected individuals is not known.

Lawrence General Hospital expressed regret that the incident occurred. It also emphasized its ongoing commitment to health data security and patient privacy.

“We at Lawrence General Hospital value the importance of protecting the privacy and confidentiality of our patients, employees and others who entrust us with their personal information,” the hospital wrote in its press release.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Health data breach due to missing flash drive

Office break-in leads to data breach

August 10th, 2015 by admin No comments »

Dr. Olartino Dyoco sent data breach notification letters to patients after certain information was potentially exposed following an office break-in. According to a copy of the breach notification letter, physician office was burglarized and several computers were stolen. Affected information includes patient names, dates of birth, telephone numbers, insurance numbers, treatment codes, and billing information.

“The circumstances that resulted in this breach were unforeseeable, and Dr. Dyoco assures you that he has heightened procedures and safeguards to prevent a recurrence of this situation,” stated the letter, which was dated July 13, 2015. “He added levels of encryption to his computer systems, and advised his staff with regard to security training anything to avoid this situation in the future.”

The incident was reported to the Fresno, California police department. Individuals having questions are encouraged to contact the medical office’s attorney.

The data breach notification letter failed to specify number of patients affected. Also it was not clear whether computers were encrypted. However, the letter did say that patients’ “security, confidentiality, integrity and privacy of patient personal information are highly valued by Dr. Dyoco.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Office break-in leads to data breach

Office break-in leads to data breach

 

Medical records found in dumpster

August 7th, 2015 by admin No comments »

Personal documents including medical records were found in a dumpster in Taylorsville, Utah. The incident may cause potential data breach. According to the reports, the records appear to have come from Positive Adjustments, an out-of-business drug and alcohol rehabilitation clinic.

Dr. Scott Cold, DDS, mentioned that his contractor found the documents in a dumpster being used for construction waste.

“These documents for these records were complete with patients names, addresses, phone numbers, dates of birth, Social Security numbers

Medical records found in dumpster

Medical records found in dumpster

, court documents, treatment documents, all dumped in my dumpster illegally,” Cold said.

As per the other tenants in the building where Positive Adjustments was located, the clinic has been empty for about six months. Cold notified police after finding the documents, but law enforcement said that it would be difficult to pursue charges beyond illegal dumping.

It is essential that PHI security remain a top priority even when a facility changes location. While a specific disposal method is not outlined in the HIPAA Privacy and Security Rules, putting PHI – in any form – in easily accessible areas is not acceptable.

“Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal, and develop and implement policies and procedures to carry out those steps,” according to HHS. “In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the form, type, and amount of PHI to be disposed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Urology clinic suffers data breach

August 5th, 2015 by admin No comments »
Urology clinic suffers data breach

Urology clinic suffers data breach

A Montana urology clinic storage unit that housed patient records was broken into and patient data was possibly accessed. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) online breach reporting database shows that 6,500 patients were affected.

Practice manager Tanna Darling mentioned that Urology Associates have sent data breach notification letters to patients. Darling said that “over a few thousand” letters were sent out.

Urology Clinic officials reported that the break-in occurred at the clinic’s storage unit having gated facility. There is possibility that the unauthorized individual was renting a separate storage unit at the facility and therefore had access to the first gate.

“Everything was in disarray, but it honestly didn’t look like they took anything,” Darling said.

Kalispell Police Department Captain Scott Warnell said that the incident is part of a larger trend that is happening across the county, and that the department is making extra patrols on storage units to ensure that unauthorized individuals are not in the area. Patients whose information was possibly accessed will receive one free year of credit monitoring from Urology Associates.

Montana data breach notification law was updated last year.

“Upon discovery or notification of a breach of the security of a data system, a state agency that maintains computerized data containing personal information in the data system shall make reasonable efforts to notify any person whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person,” the law states.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Prima Care suffers data breach

August 3rd, 2015 by admin No comments »
Prima Care suffers data breach

Prima Care suffers data breach

Prima CARE, P.C. recovered a binder containing personal information from the bushes in a parking lot on May 25, 2015. The document contained information of 1,651 patients. Potentially breached information includes names, addresses, phone numbers, dates of birth, medical record numbers, hospital account numbers, insurance numbers, treatment date and certain clinical information. Patients who received care from Prima healthcare providers between 2007 and 2012 were affected.

“The binders were promptly returned after being discovered and are now safely in Prima CARE’s possession,” the statement read. “An investigation determined that the binders were created by a former Prima CARE employee who used the information to track work performance, but had failed to appropriately file or discard the documents following their use.”

Prima mentioned that the improper disposal was done without its knowledge or consent, and was in violation of its practices.

“We take the privacy and security of our patients’ information seriously and have taken steps to mitigate the potential for any harm to result from this incident and to prevent a similar event from occurring in the future,” Prima explained.

According to the statement, Prima Care will review its policies and procedures. It will also review its employee training programs to ensure that a similar incident does not happen again.

“We understand the concerns of patients involved in this incident,” Orlando Health reportedly said in its letter. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

OhioHealth’s flash drive goes missing

July 31st, 2015 by admin No comments »
OhioHealth’s flash drive goes missing

OhioHealth’s flash drive goes missing

OhioHealth has issued health data breach notification letters after misplacing an unencrypted flash drive. Flash drive has not yet been recovered and the OhioHealth mentioned that there is no reason to believe that the missing flash drive was stolen or has been misused.

The affected information includes patient names, medical record numbers, names of insurance companies, physician names, addresses, dates of birth, referral and treatment dates, the type of procedures conducted, and in a few cases, clinical information and Social Security numbers.

As per the OhioHealth statement, few numbers of patients are affected. Specifically, only patients who were to receive valve replacements or those who participated in valve replacement studies at Riverside Methodist Hospital between July 2010 and December 2014 may have been affected by the health data breach.

The OhioHealth statement did not mention the number of affected patients. According to an article by The Columbus Dispatch, there were 1,006 patients affected and potentially 30 Social Security numbers compromised.

OhioHealth believes the flash drive has simply been misplaced by an employee.  It has still decided to send out data breach notification to all those who may have potentially been affected.

“OhioHealth is deeply committed to the sacred trust that we hold in providing quality care to our patients and families, including as it relates to the protection of their confidentiality,” OhioHealth said in a statement. “We sincerely apologize and regret that this incident has occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Healthfirst suffers data breach due to cyber attack

July 29th, 2015 by admin No comments »

Healthfirst’s online portal was attacked by cyber criminals. The health insurance company is notifying approximately 5,300 individuals that their PHI may have been compromised.  No Social Security information was disclosed in the data breach.

Healthfirst was first informed that it was a victim of fraud by the US Department of Justice (DOJ) and from there prosecuted the perpetrator and continued a joint investigation with the DOJ. After the investigation, the two organizations discovered that the culprit who also gained access to Healthfirst records, and that a PHI data breach

Healthfirst suffers data breach due to cyber attack

Healthfirst suffers data breach due to cyber attack

had occurred.

Affected information includes patient names, dates of birth, addresses, health insurance plan information, description of missing services, physician numbers, Healthfirst member ID numbers, patient ID numbers, Medicare and Medicaid ID numbers, claim numbers, and diagnosis codes.

Healthfirst also notified the proper government channels such as the US Department of Health and Human Services (HHS).  Healthfirst is also taking preventative measures to keep this from happening in the future which includes revising its security policies and its online portal securities.

According to the statement:

“Healthfirst sincerely regrets that this incident occurred,” the company said in its statement. “Healthfirst takes the privacy and security of its members’ health information very seriously. Healthfirst values the trust its members have placed in it as their health plan and it is Healthfirst’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Georgia Divisions of Aging Services suffers data breach

July 27th, 2015 by admin No comments »

According to a statement by the Georgia Department of Human Services (DHS), the Georgia Divisions of Aging Services data breach affected approximately 3,000 clients. The breach, which affected individuals in the Community Care Services Program (CCS) has minimum impact and has been completely resolved.

Georgia Divisions of Aging Services suffers data breach

Georgia Divisions of Aging Services suffers data breach

The reason of the breach was an accidental email sent to one of the program’s contracted providers. According to the reports, email contained information regarding patient diagnoses. Sensitive data like contact information, Social Security numbers, or Medicaid numbers were not included in the email. All individuals affected have been notified in accordance with federal mandates.

Despite the small impact, the Department of Aging Services is still taking measures to improve its security systems. The Department has added new safeguards to their data systems, and also implemented new training practices for members of the department.

Officials from the Department expressed regret for the incident. They also emphasized that patient safety and security are of the utmost concern.

“While we are confident that this data breach was limited in nature and resolved almost immediately, we are obligated to ensure that our clients and the public can trust the integrity of our programs,” said Georgia’s Human Services Commissioner Robyn A. Crittenden. “We take client privacy very seriously, and it is important that the public is fully aware of this situation and aware of our efforts to prevent such an event in the future.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

UPMC suffers second data breach

July 25th, 2015 by admin No comments »

Recent data breach in University of Pittsburgh Medical Center (UPMC) Health Plan affected 722 patients. This is the second health data breach at a UPMC facility in just under two months. The incident involved emailing of a data file with certain PHI to the incorrect address.

The affected information includes patient names, member ID numbers, dates of birth, phone numbers, name of the primary care physician’s office, and insurance plan types. Social Security numbers or information about medical histories were not disclosed.

UPMC Health Plan Director of Public Relations Gina Pferdehirt mentioned in an email response that “in context the breach is very minor,” but added that the healthcare organization

UPMC suffers second data breach

UPMC suffers second data breach

was taking the incident seriously.

The data breach occurred when  a former MML employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

“MML takes this matter very seriously and terminated this employee after being informed of this criminal investigation,” according to a Medical Management statement. “MML is cooperating with federal law enforcement authorities in their criminal investigation.”

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause our members,” Chief Compliance Officer of the UPMC Insurance Services Division William Gedman said in a statement. “Based on our ongoing investigation, we will make all changes necessary to further enhance our already stringent privacy protections. UPMC Health Plan is committed to doing our utmost to minimize the chance that this type of issue will occur again.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach in Mayo Clinic Health

July 23rd, 2015 by admin No comments »

The Mayo Clinic Health System in Red Wing, Minnesota reported data breach when 601 patient records were inappropriately accessed by an employee. According to the Mayo Clinic Public Affairs Manager Asia Zmuda – “an employee accessed patient records beyond the scope of authorized access and assigned job responsibilities.” The employee is no longer employed at the health system, according to the emailed statement.

“An internal investigation was immediately launched and a detailed analy

Atrium inside Mayo Clinic Gonda Building, Roch...

Data breach in Mayo Clinic Health 

sis of the individual’s access yielded no evidence that financial information was accessed or that any health information was further disclosed,” Mayo Clinic explained. “Mayo Clinic will continue the proactive monitoring of patient records to prevent further incidents from occurring. Mayo Clinic takes this matter very seriously and is committed to maintaining the highest levels of integrity and trust for those it serves.”

Mayo Clinic is currently in the process of notifying patients who were affected by this incident, according to the organization’s statement. It was not specified what type of information was accessed, but Zmuda underlined the fact that financial information was not involved and that health information was not further disclosed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two computers stolen from Arkansas Blue Cross

July 21st, 2015 by admin No comments »

Arkansas Blue Cross Blue Shield members sent out potential data breach notification letters after its computers were stolen. Computers belonged to Treat Insurance Agency, which solicits applications from individuals for insurance coverage through multiple insurers which includes Arkansas Blue Cross.  ABCBS did not reveal the details of information present on the computers.

“Treat Insurance Agency very much regrets that theft from their offices has affected Arkansas Blue Cross members and applicants,” Arkansas Blue Cross Senior Vice President Ron DeBerry said in a statement.

“To reduce the risks that any similar thefts might affect our valuable customers, we will request independent insurance agents to protect their computer records by using encryption

Anthem Blue Cross-Blue Shield office in Denver.

Two computers stolen from Arkansas Blue Cross

technology on all computers storing any applications for Arkansas Blue Cross.”

The computers contained sensitive information of 560 Arkansas Blue Cross applicants. According to the reports, affected individuals by this incident will receive one year of complimentary identity protection services. The details of the theft are not known.

“The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation,” the legislation states. “Notification under this section is not required if after a reasonable investigation the person or business determines that there is no reasonable likelihood of harm to customers.”

As the device is stolen, ABCBS explained that there is no way to determine if an unauthorized person attempted to access the patient information. Also, it did not specify if the stolen computers were encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Howard University Hospital suffers data breach

July 18th, 2015 by admin No comments »

Howard University Hospital in Washington, D.C. suffered data breach when more than 1,400 patients received letters intended for other individuals. The letters included names, account numbers, and dates that other individuals visited Howard University doctors. Social Security numbers, dates of birth, and other personal information were not included

According to the reports, data error reportedly caused letters to go out to people with the right surnames, but the wrong addresses. Howard University explained that California Healthcare Medical Billing, Inc. and JP Recovery Services, Inc. had been hired to mail letters to patients who had not yet paid their bills.

University said that they become aware of the incident on May 11 and will notify affected individuals.

Similar incident includes the breach at Virginia Commonwealth University Health System. The incident involves employee taking CDs which were no longer needed for the organization’s services and donating them to assist with children’s art projects. The affected information includes names and one or more of the following for 1000 patients: home addresses, dates of birth, medical record numbers, clinical information and health insurance information.

“This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients,” said John Duval, CEO of MCV Hospitals and Clinics.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

English: Howard University Hospital located at...

Howard University Hospital suffers data breach 

Medical document found in confetti

July 15th, 2015 by admin No comments »

The incident involves confetti during the world cup victory parade of U.S. Women’s soccer team. According to the New York news station, some of the confetti used in the victory parade for the US Women’s soccer team contained medical information.

The incident came to notice when a reporter tweeted a photo with confetti strips which made up an entire prescription after pieced together. Affected information includes patient names and the doctor’s office address.

The incident could be a case of official confetti versus confetti made by local businesses and residents. In similar incident during year 2012 Thanksgiving Day, the official confetti supplied by Downtown Alliance was just colored paper while police department reports mention documents ended up as confetti containing information. Also, Downtown Alliance reported that it provided two tons of confetti in 2012, yet its cleaning crew picked up 34 tons of confetti.

In the current incident, news station also reported that Atlas Packaging Company provided two tons of strip cut, blank, news roll which can be considered as the official confetti for the victory parade. It seems that good intentions like victory parades potentially led to health data security issues, which is not entirely uncommon.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Français : Documentation photographique d'une ...

Medical document found in confetti 

Cyber War

July 9th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Cyber War 

Cyber war is soon becoming a reality. Recent attack on Sony is just the beginning. Security expert Bruce Schneier mentioned the possible destruction caused by cyber war in his address at the recent InfoSec Europe security conference in London.

“We are in the early years of a cyber war arms race,” he said. “We have seen China attack Github, we have seen countries attacking companies, and I think we are going to see much more of that in the future.”

He also mentioned that countries like North Korea have a natural advantage in this type of cyber warfare because of the basic level of technical infrastructure that they possess.

“North Korea has natural cyber-defenses in that it only has about 1,000 IP addresses, and it has only very few computers so its ‘terrain’ is very defensible. By contrast the U.S. is extremely vulnerable because it has lots of computers and Internet infrastructure.”

Also, some cyber warfare attacks may be carried out by groups (such as terrorist organizations) rather than countries.

“We are living in a world now where we can be attacked and not know if the attacker is a foreign government or just a couple of guys, and that is freaky,” Schneier said. “Technology is spreading capabilities, and the same weapons and tactics are available to everyone.”

In the real world scenario it is difficult to understand who is behind the attacks. Schneier mentioned one incident where Israeli war planes attacked and destroyed a nuclear facility in the Middle East 10 years ago.

“Four years later the Israelis and the U.S. attacked an Iranian uranium enrichment facility plant (at Natanz) using a cyber-weapon (Stuxnet). But the Iranians didn’t know that they had been attacked, let alone who did it,” he said. “Attribution can take weeks or months.”

Types of Cyber Attacks

  • Low focus, low skill attacks – Carried out by newbie
  • Low focus, high skill attacks – Involves identity theft and credit card breaches
  • Low skill, high focus attacks – It generally includes bypassing security measures
  • High focus, high skilled attacks- Most advanced

“To defend against low focus attacks you just need to be more secure than the guy next to you,” said Schneier. “With highly focused attacks this relative security is irrelevant; your security has to beat the attacker’s skill. With a high focus, high skill attack, a sufficiently skilled attacker will always get in. We are all vulnerable.”

Without the ability to attribute attacks, Schneier pointed out that it is also impossible to distinguish between computer network exploitation, a classic data breach where an attacker exploits vulnerabilities to steal things, and computer network attacks, where the attacker’s motivation is to cause damage. It’s the difference between copy *.* and delete *.*, in other words, he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Cloud more secure, says Amazon CTO

July 7th, 2015 by admin No comments »

With the rising cloud penetration in the IT world, there is more focus on the security

Cloud more secure, says Amazon CTO

Cloud more secure, says Amazon CTO

aspect because of its nature of shared environment usage.  Multiple organizations make virtual use of same physical infrastructure.  But Amazon CTO believes that Amazon Cloud is more secure than OnPrem.

During Amazon Web Services (AWS) Summit, Amazon CTO Werner Vogels mentioned – ‘But far from being insecure, the cloud will improve the security postures of most organizations’.

“You can actually move to the cloud to improve your security, compliance and governance,” he said.

There are various aspects in the statement by Vogels.

  • Increase in Amazon’s level of investment in and focus on security in AWS cloud security.
  • Investment in  intellectual property as well as human capital to make sure its infrastructure is secure for users

Amazon has achieved  “a very broad range of accreditation’s and certifications”  in its data centers.

  • The certifications include PCI-DSS and U.S federal government certifications like FedRAMP.
  • Amazon CTO is especially proud of Amazon’s certification for HIPAA (Health Insurance Portability and Accountability Act).

“HIPAA is a really important certification as it allows health care applications to be built on top of AWS,” he said.

Amazon has also built a whole range of tools for users to secure their applications and data including AWS’ own secure infrastructure. The tools help provide granular visibility into the usage and resources consumed by AWS cloud deployments.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

UC San Francisco suffers data breach due to stolen laptop

July 5th, 2015 by admin No comments »

UC San Francisco is alerting the individuals about the burglary which led to potential breach. Unencrypted laptop which belonged to a faculty member in the Cardiac Electrophysiology & Arrhythmia Service was stolen. UC San Francisco mentioned that it contained some sensitive information of about 435 patients.

After the theft, UCSF promptly began an extensive technical analysis to identify what information was on the laptop. The analysis revealed that the computers contained some personal, research and health information.

The affected information includes names, dates of birth, medical record numbers, and health insurance ID numbers. However, Social Security numbers were not included. The computer was taken from the employee’s office. UCSF police and UCSF officials were immediately notified after the incident.

“UCSF deeply regrets any inconvenience this incident may cause,” UCSF said in the statement. “The university is committed to maintaining the privacy of personal, research and health information, and has taken additional steps to secure that information, including strengthening administrative, technical and physical processes for information security.”

As per the UCSF statement, there is no evidence of attempted access or misuse of the information on the laptop. Individuals who are potentially affected are being notified and the California Department of Public Health has also been alerted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UCSF Medical Center and Sutro Tower behind it....

UC San Francisco suffers data breach due to stolen laptop 

Orlando Health suffers potential data breach

July 2nd, 2015 by admin No comments »
Winnie Palmer Hospital for Women & Babies

Orlando Health suffers potential data breach

Orlando Health employee accessed 3,200 patient medical records which were out of job responsibilities. The incident has caused a potential health data breach at Orlando Health. The breach was discovered during routine patient record access audit.

According to the company statement, nursing assistant had inappropriately accessed patient records which includes patient names, dates of birth, addresses, medications, medical tests and results, other clinical information, and the last four digits of Social Security Numbers.

There were also “a limited number of patients” who may have had their insurance information accessed as well, Orlando Health reported.

The employee has since been terminated along with revoking all the access.

“We are continually evaluating and modifying our practices and the practices of our employees to enhance the security and privacy of all confidential and protected health information entrusted to us,” the statement read. “We are also re-educating our workforce members and increasing our already vigilant program of auditing and monitoring of patient record access.”

Orlando Health mentioned that only certain patients treated at Winnie Palmer Hospital for Women & Babies, Dr. P. Phillips Hospital and a limited number of patients treated at Orlando Regional Medical Center, from January 2014 to May 2015, potentially had their information accessed.

“We take this incident very seriously, and we are committed to protecting patients’ health and personal information,” Orlando Health Corporate Director of Compliance and Information Security Steve Stallard said in a statement. “We deeply regret any concern or inconvenience this may cause our patients or their family members.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Software update leads to potential data breach

June 27th, 2015 by admin No comments »
Software update leads to potential data breach

Software update leads to potential data breach

Affected information includes first and last name, Social Security Number, Blue Shield identification number, date of birth, and home address. Financial information was not exposed, according to the letter, and users who had unauthorized access to PHI confirmed to Blue Shield that they did not keep copies. Moreover, those users said they deleted the information and returned any records to the company.

The website is used by authorized users but the software provided unintended result.  It was found out that three users, who logged into their own accounts at the exact same time as another user, were able to view member information associated with the other individual’s account.

According to the Blue Shield Statement:

This issue was reported to the Blue Shield Privacy Office on May 18. The Website was promptly taken off line to identify and correct the problem. The Website’s faulty code was identified and corrected and the Website was returned to service on May 19. Our investigation revealed that this was the result of human error on the part of Blue Shield staff members, and the matter was not reported to law enforcement authorities for further investigation.

The notification letter did not say how many individuals were affected, but Blue Shield added that those potentially affected will receive a free, one-year membership to identity protection services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Routine audit reveals data breach

June 25th, 2015 by admin No comments »
Routine audit reveals data breach

Routine audit reveals data breach

A Maryland medical center discovered that a PHI data breach had taken place, affecting approximately 1,000 patients during routine audit. Affected information includes patient names and demographic information, such as dates of birth, ages, gender, medical record numbers and health insurance information in a few cases. Clinical information, such as treatment and/or diagnosis information, may also have been included.

According to the reports, Meritus Health was running routine compliance and self-audit efforts. It found out that an employee at one of the company’s vendors may have accessed patient information outside of normal job functions.

The company added that few patients may have had their Social Security number accessed but believes that financial information, such as credit card or bank account numbers, was not affected.

“We deeply regret any concern this may cause you,” Meritus said. “To help prevent something like this from happening again, we are working to further strengthen controls related to vendor access to patient information and we are enhancing our existing system monitoring capabilities with regard to vendor access.”

Meritus Health spokeswoman Mary Rizk mentioned that there is no evidence of information misuse.

“The letters were prepared and sent as quickly as possible; as soon as the incident was discovered by our security/privacy audit and a thorough investigation conducted to determine any individuals who may have been affected,” Rizk said. “As soon as the investigation was complete, and the names of potentially affected individuals determined, the letters were prepared and sent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

 

Phishing Attack Top Data Security Motivator – HIMSS Survey

June 23rd, 2015 by admin No comments »
Phishing Attack Top Data Security Motivator – HIMSS Survey

Phishing Attack Top Data Security Motivator – HIMSS Survey

The key findings after interviewing 297 healthcare leaders and information security officers across the industry of the survey are –

  • Two-thirds of respondents experienced a significant security incident in this year
  • Healthcare organizations also reported using an average of eleven different technologies to secure their environments
  • More than half said that their facilities have hired a full-time professional to manage the information security functions.
  • Eighty Seven percent reported that their information security had increased as a business priority at their organizations over the past year.
  • Many believes that current security tools will not be sufficient to protect the industry against the types of security threats their organizations expect to face in the future

“The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cyber security threats,” HIMSS Vice President of Technology Solutions Lisa Gallagher said in a statement. “Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks. This means implementing threat data, incorporating new tools and sophisticated analysis into their security process.”

Other finding included –

  • 87 percent of those surveyed said antivirus/malware tools have been implemented to secure their healthcare organizations’ information security environment
  • 80 percent reported using network monitoring to detect and investigate information security incidents
  • 64 percent said that a lack of appropriate cyber security personnel is a barrier to mitigating cyber security events
  • Internal security teams identify more than 50 percent of information security threats

“Indeed, respondents were widely likely to indicate that more innovative and advanced tools are required to secure their environments in the future,” HIMSS stated. “Furthermore, they indicated that healthcare organizations must operate from a perspective which presumes their organization’s perimeter has already been breached.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Unencrypted Flash Drives goes Missing

June 20th, 2015 by admin No comments »

South Carolina EMS patients may suffer data breach after unencrypted flash drives and hard disk were discovered to be missing from the storage facility. The flash drive contains information which includes names, addresses, and Social Security numbers of patients who rode in an ambulance between 2004 and 2014. Medical details about each call were also included on the back-up drives.

According to the reports, Lancaster County employees found that a safe containing two flash drives and two hard drives were no longer in a storage room in the basement while cleaning out a storage facility.

“Of course, we hate that it happened,” Lancaster County Administrator Steve Willis told the news source. “We are taking steps to make sure that doesn’t ever happen again.”

The statement fails to mention number of individuals affected by this incident

English: Transcend USB flash drive

Unencrypted Flash Drives goes Missing

but WSOC reported that the country EMS ran approximately 13,000 transports in 2014. The news source concluded that potentially 100,000 records could have been exposed.

“I think it (the safe) was most likely just inadvertently discarded at that time,” Willis added. “We have no reason to believe anyone’s information was compromised.”

Lancaster County mentioned that the drives have not yet been discovered.

“We deeply regret any inconvenience this may cause,” read a statement on the Lancaster County website. “To help prevent something like this from happening again, we will be using encrypted devices for storing EMS information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Unauthorized access leads to data breach

June 18th, 2015 by admin No comments »
English: no original description

Unauthorized access leads to data breach 

UC Irvine Medical Center announced data breach when one of its employee viewed thousands of patient records over a four-year period which not included in the job-related purpose. The incident potentially compromised the information of 4,859 patients.

The affected information includes names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, medications, employment status, and the names of patient’s health plans and employers. However, Social Security numbers, driver’s licenses or state ID card numbers, and credit or debit card information were not accessed.

Hospital spokesperson John Murray mentioned that there is no evidence that the records were downloaded or distributed via e-mail. A copy of notification letters being sent to patients was posted on the California Office of Attorney General website. UC Irvine explained the reason behind the notification letters.

“Due to its on-going investigation, local law enforcement asked us not to notify patients right away, because sending out notifications could have interfered with its investigation. Local law enforcement has now informed us that we are free to notify patients.”

The notification letter also mentioned that the hospital has hired independent experts to conduct a thorough investigation. Also, affected patients will also be offered one year of free credit monitoring and identity theft protection.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

PHI exposed after cyber attack

June 16th, 2015 by admin No comments »
PHI exposed after cyber attack

PHI exposed after cyber attack

The breached information includes Indianapolis, Gynecology Center, Inc. Fort Wayne, and Rochester Medical Group. Patient names, mailing addresses, email addresses, and dates of birth. Some patients may have also had Social Security numbers, lab results, dictated reports, and medical conditions exposed. The company mentioned that it does not collect or store financial information or credit card information, so that data would not have been affected in the incident.

“Medical Informatics Engineering immediately began an investigation to identify and remediate any identified security vulnerability,” the statement explained. “Medical Informatics Engineering’s team, including independent third-party forensics experts, has been working continuously to investigate the attack and enhance data security and protection.”

MIE referred to the incident as a “sophisticated cyber attack”.

“On June 2, 2015, we began contacting and mailing notice letters disclosing this incident to affected NoMoreClipboard clients,” the company explained. “Affected individuals for whom we have a valid postal address will also be notified of this incident through U.S. mail. We will also be disclosing this incident to certain state and federal regulators.”

According to the statement, MIE will provide complimentary credit monitoring and identity protection services to affected individuals for two years.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records mistakenly posted online

June 13th, 2015 by admin No comments »
Medical Records mistakenly posted online

Medical Records mistakenly posted online

The breached information includes included names, residences, mailing addresses, dates of birth, Social Security and Medicaid numbers, and medical diagnoses or treatment information.

DADS came to know the incident on April 21, 2015 that the information was accessible through a web application meant for internal use only. The company added that it “immediately took down the website and launched an investigation, which is ongoing.”

“DADS has no reason to believe any of the information has been misused,” the statement explained. “DADS has strengthened its policies, procedures and web-application security in an effort to prevent such a breach from occurring again.”

Department spokeswoman Cecilia Cavuto mentioned that it is possible the data was posted when its handling was transferred to another department last fall.

“I don’t think we have the answer to what exactly caused this breach just yet,” Cavuto said. “It looks like the application was developed without the appropriate security. It was supposed to be an internal application, which points to human error.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Facility notifies data breach months later

June 11th, 2015 by admin No comments »

New York health system suffered data breach when Texas-based firm that had contracted to process and collect payments had five laptops stolen. Global Care Delivery (GCD), Inc. mentioned that laptops were unencrypted. According to the statement by New York Health System, GCD had been contracted with North Shore-LIJ Health System, but did not notify the health system of the incident until months after the breach.

The affected information for approximately 18,000 North Shore includes first and last names, dates of birth, internal account numbers, diagnosis and procedure codes, and insurance identification

Facility notifies data breach months later

Facility notifies data breach months later

numbers. Around 2000 patient’s social security were also included in the breach. However, financial information and credit card were not affected.

As per the reports, laptops have not been recovered, but both facilities said they are not aware of any misuse of the data. The affected individuals are asked to remain alert by obtaining a credit report from one of the major credit to minimize the risks of such incidents in the future, including the encryption of all laptops, reporting agencies and monitoring any accounts for unauthorized activity.

“We are taking all appropriate steps servers and electronic devices maintaining North Shore-LIJ patient information.” stated the notification letter sent to patients.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Email sent to wrong recipient

June 9th, 2015 by admin No comments »
English: Looking north from Jersey Avenue at J...

Email sent to wrong recipient 

Jersey City Medical Center employee accidentally emailed patient information to an unintended recipient. The email potentially exposed approximately 1,400 individuals. The affected information includes patient names, health insurance payors, dates of admission and discharge, a one-word description of the medical service department from which the patient received services, and patient Medical Center account number.

The email was intended for internal use which included attached spreadsheet with some patient information. The email did not include any patient social security numbers

, dates of birth, any credit card or banking information, health insurance identification numbers, or patient addresses.

According to the statement:

The unintended recipient informed the Medical Center of the mistake on the same day that the email was sent,” the medical center explained. “The Medical Center attempted to obtain official confirmation that the email was completely deleted and the information was not further disclosed. Unfortunately, such confirmation has not yet been received.

The Medical Center is currently reviewing its e-mailing policies and technological processes, and is retraining staff to minimize the chance of other such incidents. The Jersey City Medical Center sincerely regrets this unfortunate incident because we consider the security of patient information to be of the utmost importance. Patients with questions relating to this incident should contact representatives.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Laptop stolen from employee car

June 6th, 2015 by admin No comments »

Laptop was stolen from U.S. Healthworks employee car. According to the reports, the device was unencrypted but was password protected. Affected information includes employee names, addresses, dates of birth, job titles, and Social Security numbers.

The statement failed to mention the place of theft and the number of affected patients. U.S. Healthworks are offering one year membership of Experian’s ProtectMyID Alert. This product helps to detect possible misuse of personal information and provides superior identity protection services.

Data Breach

Laptop stolen from employee car

“We deeply regret any inconvenience this may cause you,” the statement read. “To help prevent something like this from happening again, we are enhancing our procedures related to deployment of laptops and full disk encryption.”

U.S. Healthworks mentioned that they are working with law enforcement to locate the laptop. Also, facility believes that they have no reason to believe that any of patients’ information has been accessed or used improperly.

Theft forms important factor in data breaches. So, for BYOD employee the use of encryption software is beneficial. Incident above leads to data breach which can be avoided using encryption software.

Encryption converts the original form of the information into encoded text which can be opened only using authorized codes. Unauthorized person will not be able to translate the data for their own.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unity Recovery Group suffers data breach

June 4th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Unity Recovery Group suffers data breach

Unity Recovery Group, Inc. announced the data breach but failed to specify the cause of breach. It just mentioned that it “involved the disclosure of [patients’] personal information to one or more unaffiliated recovery and/or rehabilitation service providers, without [their] prior written consent.” Affected information includes names, addresses, dates of birth, addresses, telephone numbers, Social Security numbers, email addresses, insurance information, and/or certain health-related information.

“To protect against future incidents, we have undertaken additional technological security measures and implemented additional training of our employees to ensure compliance with Unity’s Policies,” Unity said. “We have also hired outside legal counsel to assist us with our investigation and Forensic Data Services, Inc., a technology forensics firm, to enhance the security of our IT systems.”

The breach also affected affiliated companies which include Starting Point Detox, LLC, Lakeside Treatment Center, LLC, Changing Tides Transitional Living, LLC, and Unity Recovery Center, Inc.

According to the statement:

  • We are complying with our regulatory notice obligations and continue to investigate how this breach happened in light of our Privacy Policy, Client Confidentiality Policy, Conflict of Interest Policy, and IT security policies (together “Unity’s Policies”).
  • At Unity, we take patient privacy very seriously and it is important to us that you are made fully aware of a potential privacy issue that may affect you.
  • While we have not received any indication that the information disclosed has been accessed or used for any other purpose, we are required to obtain your prior written consent before disclosing your personal information, with limited exception.
  • In keeping with our commitment to patient privacy, we have arranged for a complimentary one year subscription for you to ID Experts®, a leading identity and credit protection service. Unity is not affiliated in any way with ID Experts, however, their services have come highly recommended. If you seek the benefits of their services, ID Experts will also assist you with placing a “Fraud Alert” on your credit reports.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Heart Group suffers computer breach

June 2nd, 2015 by admin No comments »

 

Laptop icon

Heart Group suffers computer breach

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Beacon Health attacked by phishing scam

May 30th, 2015 by admin No comments »
Downtown South Bend Indiana 02

Beacon Health attacked by phishing scam 

Beacon Health System in South Bend, Indiana suffered a data breach when it was attacked by sophisticated phishing attack and unauthorized individuals gained access to employee emails. The affected information includes patient names, doctor names, internal patient ID numbers, and patient status (either active or inactive).  According to the reports, Social Security numbers, dates of birth, driver’s license numbers, diagnoses, dates of service, and treatment and other medical record information could also have been accessed for some individuals.

“Beacon continued an extensive review to determine if sensitive information was affected,” Beacon explained in the statement. “On May 1, 2015, Beacon was advised that protected health information was contained in the affected emails. While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, Beacon confirmed that patient information was located within certain email boxes.”

Notification letters are sent to the affected individuals. According to beacon, there is no evidence of attempted or actual misuse of information. The statement fails to mention the number of people affected by the incident.

“Beacon is reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again,” the health system explained.

According to the statement:

Individuals are encouraged to regularly review any Explanation of Benefits statements received from insurers for suspicious activity. If an individual does not receive a regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report.Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

CareFirst database breached by cyber attackers

May 27th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

CareFirst database breached by cyber attackers 

The database which is used for members and other individuals to access CareFirst’s websites and online services was breached when cyber attackers gained access to it. The attack was discovered by the CareFirst IT security team. The company mentioned that it is working with Mandiant for IT examinations. The attack likely led to “limited unauthorized access to a database.

The affected information includes member-created user names created by individuals to access CareFirst’s website, members’ names, dates of birth, email addresses and subscriber identification numbers. Social Security Numbers, medical claims information and financial information were not affected.

“Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords,” the statement read.

Affected individuals will receive notification with an activation code to safeguard their accounts from further damage.

“We deeply regret the concern this attack may cause”, CareFirst President and CEO Chet Burrell said in a statement. “We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New York facility suffers data breach

May 22nd, 2015 by admin No comments »

A former employee at HHC Jacobi Medical Center in the Bronx improperly accessed and transmitted files containing PHI to her personal email account. According to the reports, the incident has put the PHI of 90,000 patients at risk.  Apart from that, the employee also sent the information to her email account at her new employer, New York City agency.

Affected information includes patient names, addresses, dates of birth, telephone numbers, medical record numbers, treatment dates and types of services, and limited sensitive health information. Information related to health insurance identification numbers, which may have included Social Security numbers

Laptop icon

New York facility suffers data breach 

, were also potentially exposed for some patients.

“The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization,” the statement read.

HHC believed that there is no evidence showing that the data was misused in any way, or that it was viewed or sent to anyone other than the former employee.

“HHC has taken immediate measures to prevent the recurrence of this incident, including the automatic blocking of communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network other than for legitimate business purposes,” the organization said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical billing company suffers data breach

May 20th, 2015 by admin No comments »
English: A wing of UPMC Shadyside, the co-flag...

Medical billing company suffers data breach

University of Pittsburgh Medical Center (UPMC) suffered a data breach when third party working with the facility reported that approximately 2,200 UPMC patients may have had their records exposed by an employee.

After the incident, a Medical Management LLC employee, no longer works for the company. It was found that the employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

Affected information includes names, dates of birth and Social Security numbers. Statement mentioned that there is no evidence that information about medical histories or treatments was disclosed.

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause for our patients,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners.”

“UPMC has been informed by law enforcement authorities based on their ongoing investigation that more employee information was stolen than they originally knew,” Gloria Kreps, a UPMC spokeswoman, wrote in an email to the Pittsburgh Post-Gazette. “This new information has indicated that employee names, Social Security numbers, addresses, salaries, bank account numbers and bank routing numbers may have been accessed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Computer infiltration by malware

May 18th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Computer infiltration by malware 

Cleveland’s MetroHealth System suffered a data breach when its computers were infiltrated by malware. According to the reports, 981 patients were notified that their PHI may have been compromised. The affected information includes patient names, dates of services, dates of birth, height, weight, medications administered during procedures, medical record numbers, case numbers (limited to only to that procedure), and cardiac catheterization raw data such as tracings of EKG and oxygen saturation.

Three computers in the facility’s Cardiac Cath Lab had malware, according to The Plain Dealer. The facility came to know about the breach on March 17, and patients who had procedures in the lab between July 14, 2014 to March 21, 2015 will potentially be affected. Financial information were not affected by the breach.

“MetroHealth has no evidence that the malware is used to obtain medical information,” MetroHealth said. “We sincerely apologize and regret that this situation has occurred.”

According to the statement:

In investigating the breach, the health system found that a business associate disabled antivirus software on the computers to facilitate a software update. There is no evidence that any health information was accessed.

The health system recommends that affected patients monitor account statements and any Explanation of Benefits statements related to the procedures.

In response to the breach, MetroHealth said it has strengthened procedures to protect patient privacy, including increased monitoring for malware and added antivirus update reviews, and revised software update procedures for the Cath Lab computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical records found in residential driveway

May 15th, 2015 by admin No comments »
A medical record folder being pulled from the ...

Medical records found in residential driveway 

An Orlando facility suffered a data breach after medical records were found in a residential driveway. According to the reports, Florida resident John Henderson received a letter from Orlando facility informing that a list of patients and their information was found in a neighborhood driveway. Henderson also mentioned that his son’s information was on the found patient list.

The affected information includes patient names, medical record numbers, account numbers and even diagnoses. The notification letter added that Social Security numbers and insurance information were not included on the papers. Facility mentions that one of its employees reportedly took the patient list home by mistake, and it is believed that it fell out of the employee’s car

“It just don’t make sense, it don’t make sense,” Henderson told the news source. “And I can’t believe Orlando Health is this irresponsible.”

Orlando Health said that notification letters were sent to 68 patients “out of an abundance of caution,” and that it does not believe that any harm will come from the incident.

“We understand the concerns of patients involved in this incident,” Orlando Health said in its letter, according to the news reports. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Improper disposal of paper documents leads to Lawsuit

May 12th, 2015 by admin No comments »
Laptop icon

Improper disposal of paper documents leads to Lawsuit

A lawsuit was filed against a Chicago area storage company, after it allegedly exposed sensitive patient information by dumping paper records in a public dumpster. Illinois Attorney General Lisa Madigan filed a lawsuit when improper disposal of paper records breached patient names, dates of birth, Social Security numbers and other sensitive personal information.

FileFax Inc. “failed to provide safe, secure and proper collection, retention, storage and destruction of Suburban Lung records, Madigan explained.

“This company brazenly violated the law and jeopardized the personal information and privacy of thousands of Illinois residents,” she said.

Earlier, Suburban Lung Associates had contracted with FileFax to maintain and destroy patient medical records. Affected individuals had been patients at Suburban Lung Associates. The facility operates in numerous north and northwest suburban Chicago locations.

According to Madigan, FileFax violated Illinois’ Personal Information Protection Act. The act was passed to ensure consumers’ personal information protection in the state. The lawsuit states that the company violated Illinois’ Consumer Fraud and Deceptive Business Practices Act. According to the lawsuit statement, in some instances, FileFax disposed of Suburban Lung records in an unlocked garbage dumpster outside of its facility that was accessible to the public.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Document goes missing in Florida

May 6th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Document goes missing in Florida

The Florida Department of Health allegedly suffered a data breach affecting five patients when sensitive document was stolen from the car. A department employee had documents in his car, which was broken into on March 31. According to the news source, the papers were in a secured briefcase.

One of the affected patient, Chris Kibodeaux claims that he was not notified until May 7. He said that his name, Social Security number, address, phone number and diagnosis were included in the stolen documents.

“Someone could’ve definitely had enough time to do what they were going to do, and if there is damage it’s already been done,” Kibodeaux said. “I’m going to have to pull my credit report and I’m going to have to try to figure out if someone has done something with my name.”

Chris does not want personal information of HIV Positive status in someone else’s hands.

“HIV is still a stigma,” said Kibodeaux. “It’s different me telling my status because it’s my personal tellings, but for someone to have that in the open, it’s not right.”

The facility mentioned that it is still in the process of notifying all affected patients, and that it will offer identity protection services to those individuals.

According to the reports, the letter Kibodeaux received said the employee was put on administrative leave while the incident is investigated, but the Department of Health said they could not comment on personnel issues.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Records accidentally sent to wrong recipient

May 5th, 2015 by admin No comments »
UT Southwestern

Records accidentally sent to wrong recipient 

Immunization records for approximately 1,000 patients at the UT Southwestern Medical Center were mistakenly sent to a confidential Texas registry.

“UT Southwestern notified us of the issue, and we deleted the records from the ImmTrac system,” department spokeswoman Christine Mann told the news source. “It appears it was an error and the issue has been resolved.”

The registry is used by physicians, health departments and school districts. The facility mentioned that the system is “subject to strict confidentiality requirements” and that all data transmitted is done with “high-strength encryption.”

Letter to patients, signed by Pamela Bennett, UTSW’s interim privacy officer mentioned that there is a very low probability that the information disclosed was compromised.

According to UTSW, the issue was due to a computer glitch that occurred during “a routine upgrade to the system”.

“We corrected the electronic issue in our system the same day it was discovered,” UTSW spokesman Russell Rian said in a statement, according to the news source. “And we worked diligently…to prevent any future occurrence.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Flash Drive and Data Exposure

May 4th, 2015 by admin No comments »
English: A Sandisk-brand USB thumb drive, SanD...

Flash Drive and Data Exposure 

According to the reports, a lost flash drive containing “limited patient information” rendered a hospital to send out notification letters. As per the statement, Roper St. Francis Hospital mentioned that the flash drive did not contain Social Security numbers, dates of birth or financial information. Affected information includes patients’ names, ages, diagnoses, and dates of procedures.

After conducting a thorough investigation, hospital spokesperson stated that Roper St. Francis does not believe that the information was inappropriately accessed or used in a malicious way.

The story was covered by South Carolina news station, WCSC. It did not state how the flash drive went missing, or if Roper St. Francis was making efforts to adjust its physical, technical, or administrative safeguards.

As per the mail to the security news website-

“A USB flash drive for a computer that contained some patient information was inadvertently misplaced.” The lost flash drive contained information for about 375 patients including name, age, diagnosis, date of service, length of stay, procedure, outcome and provider name, according to the spokesperson. However, it was reiterated that the flash drive did not contain Social Security numbers, financial information, dates of birth, addresses, or insurance information. 

“There is no evidence or reason to believe that the information has been improperly accessed, acquired, or misused in any way,” the spokesman wrote in the email. “We are notifying individuals affected to let them know what we are doing to protect their patient information.”

Phishing attack leads to data breach

May 2nd, 2015 by admin No comments »

Partners Health Care System, Inc. suffered data breach when it learned that employees had fallen victim to a phishing scheme, providing sensitive information to unauthorized individuals. Affected information includes names, addresses, dates of birth, telephone numbers, and Social Security numbers in a few cases. Moreover, patients’ clinical information, such as diagnoses, treatment received, medical record numbers, medical diagnosis codes, or health insurance information, could also have been exposed in a few cases.

“Responding to the ‘phishing’ emails created an opportunity for unauthorized access to the workforce members’ email accounts within the Partners HealthCare network,” the statement read. “When we learned of this, we took steps to secure the email accounts and contacted law enforcement.”

Partners’ affiliated hospitals and institutions are also potentially affected which includes Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital.

“We deeply regret any inconvenience this may have caused you,” Partners said in its statement. “To help prevent something like this from happening in the future, we have reinforced workforce member education regarding ‘phishing’ emails and are enhancing our existing technical safeguards to protect patient information.”

The hospital mentioned that notification letters are sent to the affected individuals. They believe that there is no indication of affected information being misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records exposure leads to data breach

April 29th, 2015 by admin No comments »
Los Angeles County-USC Medical Center (Emergen...

Medical Records exposure leads to data breach 

LAC+USC Medical Center (LAC+USC) – Augustus F. Hawkins (Hawkins) Mental Health Center mentioned  that patients’ records were found in the home of a facility employee, when a search warrant was being served at the residence. Authorities reportedly found confidential patient information for 900 Hawkins patients in the nurse’s home. The search was unrelated to County business.

“The incident has been reported to the Health Authority Law Enforcement Task Force (HALT), and we are also actively working with other law enforcement agencies,” the LAC+USC and Hawkins statement read. “We will notify the California Department of Public Health, the California Attorney General, and federal authorities in accordance with statutory requirements LAC+USC Medical Center is conducting a review of its privacy and security practices and will revise them as needed based on the findings.”

The affected information includes information such as names, medical record numbers, addresses, phone numbers, dates of birth, diagnoses, dates of admit, insurance carriers, insurance identification numbers, and Social Security numbers. Other personal data, including driver’s license information, may also have been compromised.

According to the reports, the nurse who allegedly took the documents has resigned and is no longer working at the hospital.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Maryland facility scam hit by Email Phishing scam

April 27th, 2015 by admin No comments »
Laptop icon

Maryland facility scam hit by Email Phishing scam 

Maryland-based St. Agnes Health Care, Inc. recently mentioned on its website that it suffered data breach when one of its employees was the victim of an email phishing scam. St. Agnes said that it sent data breach notification letters to approximately 25,000 patients. It included the warning as protected information was potentially exposed.

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” Saint Agnes Corporate Responsibility Officer Sharon McNamara said in a statement. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our email service provider and are evaluating additional ways to enhance our already robust security program.”

The affected information includes patient names, dates of birth, genders, medical record numbers, insurance information, and limited clinical information. There were four cases where Social Security numbers were exposed.

“Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account,” the statement read.

The statement failed to mention the date and time of breach incident.  Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ascension Health Facility hit by Email Phishing Scam

April 25th, 2015 by admin No comments »
English: email envelope

 Ascension Health Facility hit by Email Phishing Scam  

Ascension Health Facility suffered consecutive data breaches due to email phishing scam. It is not confirmed whether two incident were related to each other. Seton Family of Hospitals, a division of Seton Healthcare Family (“Seton”) announced the breach on the website. According to the reports, 39,000 patients’ got affected. Username and passwords was targeted by the scammers.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said in a statement.

The exposed information includes patient demographic information, such as names and dates of birth, medical record numbers, insurance information, limited clinical information, and Social Security numbers in a few cases. Medical records or billing records were not included in the breach.

“Seton launched an investigation into the matter, and the investigation has required electronic and manual review of affected emails to determine the scope of the incident,” Seton said in its statement. “Seton engaged computer forensics experts to assist with the investigation.”

The facility said that patients who had their Social Security numbers potentially exposed will receive free identity monitoring and protection services. Seton said that it is working with its email service provider “to evaluate ways to enhance its already robust security program,” and will provide more employee education on email phishing scams.

“We value the privacy and security of protected information, and we are committed to protecting the confidentiality and privacy of our patients and employees,” Garza said. “It is our priority to support those who have been affected.”

Washington’s attorney general and two lawmakers’ favors stronger data breach laws

April 22nd, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Washington’s attorney general and two lawmakers’ favors stronger data breach laws 

Washington’s attorney general and two lawmakers are calling for stronger data breach laws after the recent incidents of Premera Blue Cross and Anthem, Inc. data breaches. Attorney General Bob Ferguson, Sen. John Braun, and Rep. Zack Hudgins wrote an opinion piece in The Olympian this week.

As per the statement, current state data breach law is a decade old and obsolete and more meaningful and timely notification laws are necessary. They are trying to close current loopholes. The proposed legislation would require that individuals and the attorney general be notified within 45 days of a data breach occurring.

“In the present statute, there are too many loopholes about when notification must be provided, leaving consumer’s vulnerable to financial fraud and identity theft,” the opinion piece said. “The current law is alarmingly vague on the timeline to notify consumers when data has been compromised. And unlike other states, our current statute does not require notification to the Attorney General when a data breach puts state residents at risk.”

The proposed legislation states that HIPAA covered entities are “deemed to have complied with the notice requirements” if they have “complied completely with section 13402(f) of the federal health information technology for economic and clinical health act, Public Law 111-5.”

Murray discussed the data breach notification process as he was upset with the Premera data breach. He said that it was troubling that it took Premera so long to notify individuals, the media, and lawmakers that an incident took place.

“These failures are particularly troubling given the scope of the attack,” Murray wrote. “It is my hope that Premera can move with great speed and efficiency to ensure that my constituents receive prompt notice and information about the services that are being made available to them.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Email Phishing scam leads to data breach

April 20th, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Email Phishing scam leads to data breach 

St. Vincent Medical Group, Inc. suffered data breach when approximately 760 patients’ PHI got exposed. Employee’s username and password was compromised because of an email phishing scam which resulted in to the incident. St. Vincent learned about the data breach on Dec. 3, 2014, and said that it “immediately shut down the username and password of the impacted account and launched an investigation into the matter.”

The affected information includes patient names, demographic information such as dates of birth and phone numbers, account numbers, and Social Security numbers in a few cases. Limited clinical information related to services patients received was also included.

“The investigation has required electronic and manual review of affected emails to determine the scope of the incident,” As per the statement.

As per the St.Vincent individual medical records and billing records were not accessed.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said.

St. Vincent mentioned that complimentary identity monitoring and protection services will be offered to patients whose Social Security number was exposed. It will also be providing further employee education on how to avoid phishing scams.

This is not the first time St.Vincent suffered data breach. Earlier, St. Vincent Breast Center mistakenly sent letters with patient information to the wrong addresses.

As per the previous statement:

“Please be assured that the Center is taking steps to mitigate this incident by notifying affected individuals through this substitute notice, media notice, and destroying all letters that have been returned,” St. Vincent said on its website. “The Center is also evaluating and making changes to its patient mailing processes internally and with external vendors to avoid an incident of this nature in the future.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malicious Software

April 17th, 2015 by admin No comments »

Malicious Software

Malicious Software is a kind of software which gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc.

What is the purpose of Malicious Software?

Malware may be intended to steal personal information or spy on computer users without their knowledge or it may be designed to cause harm, often as sabotage or to extort payment.

Types of Malware

Viruses

A computer program usually hidden within another seemingly useful program that duplicates itself to inserts them into other programs or files and destroys the data or performs intended action.

Trojan Horses

Trojan Horses is computer program that asks users to install it under the pretext of description which appears useful. It is the way to fool users by providing fake information for malware.

Rootkits

Malicious Software which conceals their identity by modifying the host’s operating system to hide from the user.

Backdoor Access

A backdoor is the method by which normal authentication procedures are bypassed, usually over a network connection such as internet.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Common sense can stop phishing attack

April 15th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Common sense can stop phishing attack 

What is phishing attack?

Phishing emails, websites and phone calls are designed to steal money. It can be also be done by installing malicious software. Cybercriminals asks you to install malware under pretext of useful software.

How to stop phishing attack?

Spelling & Grammar – Cybercriminals are not that good at spellings and grammar. Professional organizations have dedicated writers for drafting emails. So, the possibility of error in the phishing write up is more.

Fake Alerts – You may get the update from the company you know. Please check for the authenticity of the email and then take any action.

Website Links – Do not click the links from the email. They may also include direct download .exe file which installs malicious software on your computer.

Threats – One of the popular ways to steal the user is by threatening email which states that your account will get closed if you didn’t respond to the said email. Ignore such emails or mark them as spam.

Report Phishing Attack

Company Pretension – Verify the information with the official company helpdesk before taking action for the email, phone etc.

Phone Calls – Report to your local authorities if you receive any phishing phone call.

Emails – Report it to your email service provider like Google, Yahoo etc. if you receive phishing emails.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

IT security Professional Survey about Insider threat

April 12th, 2015 by admin No comments »
A percent sign.

IT security Professional Survey about Insider threat 

The SANS 2015 Survey on Insider Threats provided below results:

  • 74 percent of the IT security professionals said they’re worried about insider threats from negligent or malicious employees
  • 32 percent said they have no capacity to prevent an insider breach
  • 28 percent said insider threat detection and prevention isn’t a priority in their organizations
  • 44 percent of respondents said they don’t know how much they currently spend on solutions to mitigate insider threats
  • 45 percent said they don’t know how much they plan to spend on such solutions in the next 12 months
  • 69 percent of respondents said they currently have an incident response plan in place
  • More than 52 percent of survey respondents said they didn’t know what their losses might amount to in the case of an insider breach.

“While it’s good to see that a strong majority of security professionals are concerned about the dangers posed by insider threats, I was struck by the fact that investment in solutions that can help does not appear to be keeping pace with that concern,” SpectorSoft COO Mike Tierney said in a statement. “I believe a key action item called out by the survey data is that increased focus on, and investment in, addressing the concerns is required.”

According to the  2015 Vormetric Insider Threat Report:

  • 92 percent U.S.-based healthcare IT decision makers said their organizations are vulnerable to insider threats
  • 49 percent felt “very” or “extremely” vulnerable to insider threats.

According to the Harris Poll Survey-

  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.
  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.

“Healthcare data has become one of the most desirable commodities for sale on black market sites, yet U.S. healthcare organizations are failing to secure that data,” Vormetric CEO Alan Kessler said in a statement. “An overreliance on compliance requirements and a cursory nod to data protection point to systemic failures that are putting patient data at risk.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Skill gap widens for information security professionals

April 9th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Skill gap widens for information security professionals 

Today, organizations are finding it difficult to manage IT security threats and avoid error. They also face challenges to recover after cyber attack. According to the survey, by 2020 there will be shortfall of 1.5 million information security professionals.

The IT security of companies is being threatened by understaffed workforce and the high level of complexities. (ISC)2 conducted survey polled 3,000 information security professionals and practitioners worldwide.

“Our first workforce study was conducted in 2004 to illuminate critical concerns within the information and cyber security that were struggling for attention,” said Adrian Davis, managing director, Emea, at (ISC)2.

“The 2015 report shows that many of these issues are finally getting much-needed budget and priority, but we are facing new challenges and our skills and staffing challenge is growing,” he added.

Davis mentions that the findings are more or less similar to US and Europe.

“There are some small differences from country to country, but at a higher level, as information security environments become increasingly homogeneous, there is not much variance,” he told Computer Weekly.

“This is likely to be due to the fact that the legal and privacy environment in Germany may make companies more sensitive to protecting information,” he said.

The study also shows that security spending is increasing across the companies.

“We are playing catch-up in an environment where information security has never really made its case as being an interesting and exciting career, and where security professionals are retiring faster than they are being replaced,” said Davis.

Sony like attack possible

April 6th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Sony like attack possible 

According to the security researchers, many hackers across the globe can launch Sony like attack. Around 90% of the companies can suffer possibilities of hacking considering their current security standards.

There is no shortage of technically proficient people willing to launch such an attack, said Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker.

“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller tells “60 Minutes”‘ Steve Croft in an interview airing Sunday evening on CBS television stations.

Complicating things for companies is the sheer number of computers that must be protected, usually from the employees operating them, said Kevin Mandia, chief operating officer of FireEye, the anti-malware company that worked with Sony to mitigate the effects of the hack.

“The advantage goes to the offense in cyber,” Mandia says. The defense must defend every computer, thousands in some cases, but “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”

The Sony security breach was more serious that it was perceived. Hackers leaked the personal information which includes Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. They also leaked movies which were not released, as well as embarrassing emails between Sony Pictures executives, among other internal documents.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cloud Security Adoption

April 4th, 2015 by admin No comments »

 

 

English: Icon from Nuvola icon theme for KDE 3...

Cloud Security Adoption 

 

Cloud security is given more and more importance by the health care and pharmaceutical industries. These two represent about 38% from the sample survey for cloud security adoption. Privacy regulations and the related laws require the Protected Health Information (PHI) to be secured.

 

“While these regulations vary by region and local governments, the common theme is to ensure both the data at rest within the cloud application and associated data workflows are protected, which enables these organizations to launch new service portals and provide improved methods for sharing information,” the authors explained.

 

The survey also states that there is rising trend in adoption of data encryption software.

 

“While data encryption is considered the primary method for protecting data in the cloud, additional requirements include the organization’s ability to control access to the encryption keys and preserve search, sort and filtering functions,” the report stated. “Successful cloud security deployments also require workflows and interoperability with both enterprises on-premises applications as well as external cloud-based applications.”

 

Healthcare organization needs to adopt stringent security measures due to HIPAA Omnibus Rule, which also makes third party companies liable for data breach.

 

“For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis,” the Rule states. “Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Missing documents lead to data breach

April 2nd, 2015 by admin No comments »
English: MA Route 152 northbound in Attleboro ...

Missing documents lead to data breach

Life Care Center of Attleboro in Massachusetts suffered a data breach when the company that stores its patient records could not find certain documents. Iron Mountain which stores records for Life Care Center could not find certain documents which contained patients’ information. The breach came to notice during the audit. The affected patients involved those who received medical care in Life Care Center between 1992 and 2004. Employees who worked at Life Care between 1992 and 1999 may also suffer a data breach.

The compromised information includes patient names, addresses, Social Security numbers, dates of birth, diagnoses, and other medical status and assessment information. The missing box of documents may also contain financial information. It is not clear how the incident occurred.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.

According to Iron Mountain, records were inadvertently destroyed during a planned consolidation of storage facilities by a predecessor company.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.”

Iron Mountain mentioned that it will continue the search.

“Until Iron Mountain completes a full audit of its records, they will not be able to ascertain whether the stored boxes are located, missing, misplaced, or destroyed,” according to Life Care. “This audit is expected to be completed by December 2015.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Potential PHI exposure due to phishing scam

March 29th, 2015 by admin No comments »
English: Out Patients 2 and Children's Out Pat...

Potential PHI exposure due to phishing scam

Children National Health System (Children’s National) employees fell victim to phishing scam which led to potential PHI breach for some patients. According to the reports, hackers could have gained access to PHI from the employee’s email account. The affected information includes names, addresses, dates of birth, and telephone numbers. Moreover, clinical information such as diagnoses, treatment received, medical record numbers, medical service codes or health insurance information, were also potentially accessed. Few records also included Social Security Numbers.

“We reported the phishing attack to federal law enforcement and continue to work with them in their investigation,” the statement read. “Importantly, neither patient charts nor our electronic medical records system were compromised. Only the discrete information contained in the email accounts was potentially affected.”

After the incident, the company is training the employees to handle the suspicious emails. The facility has enhanced its existing technical safeguards and a review of systems is underway.

According to the statement:

We have no evidence that this information in the emails has been misused or even accessed. However, in an abundance of caution, we began sending letters to affected patients on February 24, 2015, and have established a dedicated call center to answer questions patients may have.

We recommend that affected patients regularly review the explanation of benefits statement that they receive from their health insurer. If you identify services listed on your explanation of benefits that you did not receive, please immediately contact your insurer.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

HIPAA Compliance and the Cloud

March 26th, 2015 by admin No comments »

HIPAA compliance is becoming an important topic with the rise of Cloud usage. It is important to secure the patients’ data because there are vulnerabilities in cloud storage. The HIPAA Omnibus Rule had made several changes in terms of handling patient’s data. Now, cloud service providers are considered as business associates and remain accountable in case of breach.

According to the HIPAA rule, patients’ privacy is protected, regardless of where it is being stored which includes cloud storage option.

“For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”

The Center for Democracy and Technology (CDT) has published Frequently Asked Questions (FAQs) about the Omnibus Rule.

“The obligations of a business associate depend on the extent of services and functions it is performing with PHI on behalf of a covered entity,” the CDT paper states. “A CSP that has no capability to access PHI, that provides storage functionality only, and that adheres to HHS standards with respect to encryption should have little liability risk as a business associate (except to ensure that it properly manages encryption).”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare Data Breaches and Patients

March 23rd, 2015 by admin No comments »
Cryptographically secure pseudorandom number g...

Healthcare Data Breaches and Patients 

Healthcare breaches affect hospitals and patients alike, says survey by TransUnion. The organization can face huge penalties from the Department of Health and Human Services (HHS) due to data breach. The lost personal information takes time to recover and leads to loss of trust.

According to the recent survey, healthcare data breaches can also push patients away from the affected organization. TransUnion conducted an online survey of around 1200 US adults who received medical care.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” TransUnion Healthcare President Gerry McCarthy said in a statement. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

According to the survey-

  • Sixty-five percent of surveyed adults said that they would avoid providers that experience a healthcare data breach
  • Forty-six percent of those surveyed said they expect a notification within one day of the breach
  • Thirty-one percent said that they expect to receive a response or notification within one to three days
  • Seventy-three percent of patients ages 18 to 34 said they were likely to switch healthcare providers after a data breach

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new health care provider following a data breach,” McCarthy said. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Florida Hospital Employees compromise Patient PHI

March 21st, 2015 by admin No comments »
English: Florida Hospital Celebration Health -...

Florida Hospital Employees compromise Patient PHI

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sacred Heart Health Systems suffers billing data breach

March 19th, 2015 by admin No comments »
English: QWERTY keyboard, on 2007 Sony Vaio la...

Sacred Heart Health Systems suffers billing data breach

Florida facility of Sacred Heart Health Systems suffered data breach when its third party vendor experienced email hack. The affected information includes patient names, dates of service, dates of birth, diagnoses and procedures, billing account numbers, total charges, and physician names. Along with above information, 40 patients’ Social Security numbers were also compromised.

“Upon notice of the incident, Sacred Heart, in cooperation with our billing vendor, immediately launched a thorough investigation into the matter,” according to the company statement. “Sacred Heart engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.”

According to the reports, third party billing vendor employee’s e-mail username and password were compromised because of this incident. The Facility is trying to solve the loopholes in the email system to avoid such incidents in the future. It is working with email service provider to evaluate how to enhance its “already robust security program.”

According to the statement, Sacred Heart said that it will offer complimentary identity monitoring and protection services for patients whose Social Security number was affected. As soon as the incident came to notice, the access of employee username and password were immediately shut down.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Missing encrypted devices leads to data breach

March 17th, 2015 by admin No comments »
Laptop icon

Missing encrypted devices leads to data breach 

Home health and hospice company Amedisys suffered data breach when its encrypted devices which consisted of computers and laptops went missing. Amedisys failed to find near about 142 devices. The incident came to notice when risk management process was conducted. The devices were assigned to Amedisys clinicians and other team members who left the company between 2011 and 2014.

The compromised information includes names, addresses, Social Security numbers, dates of birth, insurance ID numbers, medical records and other personally identifiable data.

“The confidentiality and security of patient information has been and will remain a top priority for Amedisys,” Chief Compliance Officer at Amedisys Chief Compliance Officer Jeffrey Jeter explained. “We have worked actively with leading risk management and technology experts to inventory and assess devices that may contain personal or health information and ensure the integrity of our information security systems.”

Amedisys explained the situation on its website statement.

“All of the computers were encrypted, and the vast majority of them were used by licensed Amedisys clinicians to provide care for patients in their homes,” Amedisys stated, adding that it has not been able to rule out “unauthorized access to patient data.”

According to the statement:

We have received no reports of any hacking, fraud, or identity theft. However, as required by law and out of an abundance of caution for our patients, we are providing notice to all patients whose information was on devices because we cannot rule out unauthorized access to patient data on the devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malware hits Advantage dental database

March 13th, 2015 by admin No comments »
English: A candidate icon for Portal:Computer ...

Malware hits Advantage dental database

Oregon based Advantage Dental suffered data breach when its internal database was attacked by malware. The unauthorized access affected 151,626 Advantage patients. The compromised information includes names, dates of birth, phone numbers, Social Security numbers, and home addresses. According to the reports, treatment, payment, and other financial data were not accessed.

“Since terminating the illegal access, Advantage has been reviewing and improving its safeguards, implemented mitigation steps to prevent further access and has been working with law enforcement to properly determine the scope of the incident and any additional steps that might be required,” the statement read. “At this time, Advantage has no indication that the stolen information has been used for criminal activity, to include identity theft.”

Advantage Compliance Manager Jeff Dover told that the theft happened after the malware accessed an Advantage employee’s computer. Username and password that allows access to the membership database was stolen from there. This is a separate database from the one that contains financial and treatment information.

“Unfortunately this happened,” Dover said, adding that Advantage computers are equipped with anti-virus software, but sometimes new variations of a virus are not detected. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.”

After this incident, Advantage is no longer allowing access to its internal patient database from computers that are not within company clinics or its Redmond headquarters.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

11M affected by Premera Health data breach

March 11th, 2015 by admin No comments »
English: Blue Cross Blue Shield Tower under co...

11M affected by Premera Health data breach 

Sophisticated cyber attack on Premera Blue Cross leads