Rotech Healthcare data breach

August 22nd, 2016 by admin No comments »

Florida-based Rotech Healthcare Inc. recently suffered PHI security breach after patient information was found by police from an unauthorized individual. The incident was the result of unauthorized access and stolen hard drive. data security

According to Rotech, they got the report  on June 13, 2016 that some patient paper records had been recovered by the police. Affected information included names, Social Security numbers, patient numbers, addresses, the name of the Rotech subsidiary company from which individuals received health care services, and possibly phone numbers and/or dates of birth.

Even the incident occurred in June, facility mentioned that they did not receive copies of the stolen information until July 11 only after US Secret Service provided it to them. As per the review, the information had been taken from Rotech systems.

“Rotech takes your privacy and the security of your personal and protected health information very seriously, and we are cooperating with law enforcement’s investigation into this incident,” Rotech Vice President of Compliance and Ethics R. Wayne Bradberry, CHC said in a statement. “Rotech and our third party forensic investigators continue to investigate this incident to identify any additional patients who may be impacted by this incident.”

According to the OCR data breach reporting tool, 957 individuals were potentially affected. All the affected individuals will receive notification. Also, facility mentioned that they are reviewing its current policies and procedures to avoid such type of incident again.

“We sincerely regret any inconvenience this incident may cause,” Bradberry wrote. “Rotech remains committed to safeguarding information in our care and will continue to take proactive steps to enhance the security of the information in our care.”

As per the statement: Steps You Can Take to Protect AgainstIdentity Theft and Fraud

 We encourage you to remain vigilant against incidents of identity theft and fraud and seek to protect against possible identity theft or other financial loss by regularly reviewing your financial account statements for any charges you did not make. We also encourage you to notify your financial institutions and health care insurers of this data security event to seek advice regarding protecting your accounts.

 We encourage you to review any Explanation of Benefits statements you receive from your insurer. If you see any service that you believe you did not receive, please contact your insurer at the number on your statement. If you do not receive regular Explanation of Benefits statements, you can contact your insurer and request that they send such statements following the provision of services in your name or number. You may also want to order copies of your credit reports and check for any medical bills that you do not recognize. If you find anything suspicious, you can call the credit-reporting agency at the phone number on the report. Keep a copy of this notice for your records in case of future problems with your medical records. You may also want to request a copy of your medical records from your provider, to serve as a baseline.

___________________________________________________________________________________________ 

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Neurosurgical Center data breach

August 20th, 2016 by admin No comments »

The Center for Neurosurgical and Spinal Disorders (CNSD) mentioned that approximately 1,100 patients may have been affected by recent data breach.  Security incident occurred this summer which exposed data. According to the reports, hacker gained unauthorised access of CNSD office manager’s computer by installing a program. The purpose of the program is to record keystrokes and periodically took screenshots of what was being displayed on the computer. data theft

“We detected an unauthorized intruder in one of our computers. Access to this computer was immediately shut down; subsequently, CNSD’s servers and network were taken offline.”

“A subsequent investigation revealed that screen shots of 823 CNSD’s patients (along with 311 patients of another practice for whom CNSD bills) were taken between the dates of 7/7/16-7/18/16,” CNSD reported. “It is unclear whether any of this information was downloaded.”

As per the investigation by CNSD IT professional, hacker had gained remote access. Affected information included names, addresses, phone numbers, Social Security numbers, medical chart information, and billing information which got revealed in the screen shots. Affected patients will be receiving notification letters.

“After the FBI took the hacked hard drive, CNSD’s IT professional put in a new hard drive with a new operating system into the computer at issue, and CNSD hired a separate IT security company to perform a complete examination of all software, servers, computers, routers, firewalls, and office security,” the statement read. “No additional suspicious programs, viruses, spyware, or malware were detected. The security firm has been retained to provide ongoing network security analysis and advanced threat protection.”

As per the statement:

CNSD reported the security breach to the FBI. Two FBI agents came to CNSD’s office and interviewed the owner, office manager, and IT professional.  The FBI has taken custody of the hard drive which was hacked and opened an investigation.

____________________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information.Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.

VAPC suffers data breach

August 18th, 2016 by admin No comments »

Arizona-based Valley Anesthesiology and Pain Consultants (VAPC) came to know about the unauthorized access on one of its computer systems. The incident has potentially caused the information exposure of 882,590 patients.

Affected information included patient names, their providers’ names, dates of service, places of treatment, names of health insurers, insurance identification numbers, diagnosis and treatment codes, and Social Security numbers in a few cases.

Other information which got exposed include credentialing information, such as names, dates of birth, social security numbers, professional license numbers, Drug Enforcement Agency (DEA) numbers, National Provider Identifiers (NPIs), as well as bank account information and potentially other financial information.

OLYMPUS DIGITAL CAMERA

For few employee, information exposed includes names, dates of birth, addresses, Social Security numbers, bank account information and financial information, such as tax information.

“VAPC recognizes the importance of protecting the privacy and security of personal information, and regrets any inconvenience or concern this incident may cause,” VAPC said in a statement. “In addition to security safeguards already in place, VAPC is taking steps to enhance the security of its computer systems in order to prevent this type of incident from occurring again in the future. These steps include reviewing its security processes, strengthening its network firewalls, and continuing to incorporate best practices in IT security.”

Free credit monitoring and identity protection services will be provided to patients whose Social Security numbers or Medicare numbers are affected. VPAC believes that information is not being misused. Call centre is also setup to resolve queries.

Examples of similar data breaches include:

Hacking

Cloning of Credit or debit cards

An employee with legitimate access to data intentionally breaches information

Sensitive documents are lost, discarded or stolen

Portable storage device is stolen, lost, discarded or stolen

Sensitive information is posted publicly on a website by mistake

According to the website:

The business affairs of Valley Anesthesiology and Pain Consultants are managed by a board of directors, comprised of its four elected officers, elected representatives of its five Divisions:  Barrow Neurological Institute, Downtown, Scottsdale North, Scottsdale Osborn, West Valley, and up to two members at-large.

____________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Bon Secours Health System data breach

August 16th, 2016 by admin No comments »

South Carolina-based Bon Secours Health System, Inc. recently suffered a potential healthcare. The incident may have affected 665,000 patients. According to the reports, Bon Secours has hired vendor R-C Healthcare Management which made patient files available online as it attempted to adjust its computer network settings.

stethoscope lying on keyboard of a laptop

R-C Healthcare was notified by the facility so that the patient information would no longer be available. Affected information included patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, Social Security numbers, and in some instances, bank account information. However, medical records were not available on the internet.

“We deeply regret any concern this may cause our patients,” Bon Secours said on its website. “To help prevent something like this from happening in the future, we are reinforcing standards with our vendors to ensure our patients’ information is securely maintained.”

Bon Secours mentioned that all patients were not affected. Those who were potentially affected will receive a notification letter in the mail. It also said that the information in the files was not misused in any way.

“If patients see that their insurer has been charged for services or procedures that they did not receive, they should contact their insurer to notify the insurer of their concerns,” the statement said. “Unfortunately, Bon Secours is not able to contact the insurer on the patient’s behalf.”

In previous week another health care data breach was noticed. Professional Dermatology Care, P.C. mentioned that 13,237 were potentially affected in a ransomware attack.

According to the facility criminals wanted to “extract money from the company in order to de-encrypt data, rather than for the misuse of patient data.”

“PDC P.C. has already taken numerous steps to safeguard and prevent any further data breach of its network server and its patients’ protected health information; we have increased cyber security, implemented a new firewall as well as malware protection services,” PDC P.C. stated on its website. “The data breach was immediately reported to the F.B.I. and reports are being provided to the Virginia Office of the Attorney General and to the U.S. Department of Health and Human Services.”

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Virginia-based Professional Dermatology Care, P.C. (PDC P.C.) suffers data breach

August 12th, 2016 by admin No comments »

Reston recently mentioned that it had suffered potential data breach after ransomware attack. According to the reports, the potential data breach was discovered on June 27, 2016. Unauthorized PHI access occurred between June 19, 2016 and June 27, 2016. Facility said that the criminals likely wanted to “extract money from the company in order to de-encrypt data, rather than for the misuse of patient data.” Telemedicine_Consult

Affected information included patient names, addresses, dates of birth, Social Security and Medicare numbers, and medical and billing records. As per the OCR data breach reporting tool, 13,237 individuals were potentially affected.

“PDC PC has already taken numerous steps to safeguard and prevent any further data breach of its network server and its patients’ protected health information; we have increased cyber security, implemented a new firewall as well as malware protection services,” Reston explained. “The data breach was immediately reported to the F.B.I. and reports are being provided to the Virginia Office of the Attorney General and to the U.S. Department of Health and Human Services.”

Facility mentioned that it is not aware of the patient data being misused but encouraged patients to take steps to monitor their credit and financial accounts. It said that obtaining credit reports, registering a fraud alert with the credit reporting agencies, and monitoring financial and health accounts for unauthorized activity can all be beneficial. Affected individuals will be notified by the mail.

According to the website:

“We focus on the prevention and treatment of skin cancers. The hallmark of our practice is a complete head to toe full skin exam. We specialize in  dermatoscopic examination of the skin to detect and remove precancerous lesions as well as cancers such as Basal Cell, Squamous Cell and Melanoma.:

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Unauthorized database access and security breach

August 10th, 2016 by admin No comments »

Jefferson Medical Associates (JMA) mentioned that an unauthorized individual unlawfully accessed and copied one of the practice’s databases. According to the investigation carried out by Mississippi medical group, database access occurred on 1st of June. Also, several remote connection to the database were made from March 25, 2014, and June 1, 2016. sevurity breach

Affected information includes patient names, dates of birth, Social Security numbers, addresses, and phone numbers. Also, limited JMA prescription information, including drug names, dosages, and refill quantities, may also have been involved.

“We sincerely regret any concern or inconvenience this incident has caused or may cause any of our valued patients,” JMA’s Administrator Robby Graham said in a statement. “We take the privacy of their health information as seriously as we do their care. We want to assure our patients and the community we serve that we will continue to work both to understand this incident and to implement measures to further strengthen our data security.”

Investigators said that unauthorized individual accessed the data just to show their ability.

“JMA has not been able to determine whether any of these other connections actually resulted in any acquisition, access, use, or disclosure of patient information, but it is possible,” the medical group explained.

According to the OCR data breach reporting tool, 10,401 individuals may have been affected. Facility will send the emails to affected individuals, Also, one year of credit monitoring and identity protection services is offered.

“I was just going through randomly looking at the publicly available, configured for public access databases on those ports, and this one showed up,” Cybersecurity researcher Chris Vickery told local news station. “When I realized there Social Security numbers and names and phone numbers and prescription information, it dawned on me that ‘hey this probably should not be public if it is real data.’ So then I started the process of trying to figure out whose it was.”

According to the Vickery, “the incident should not be considered a hack because the data was available to anyone who knew where to look.”

“This information is private information,” Jefferson Medical’s legal counsel Katie Gilchrist told the news source. “It’s federally protected information. It’s information that was on our server. This individual accessed it without our permission. He did in secret. There has never been a time when patient information in Jefferson Medical’s possession has been just out there for anyone to get to.”

 ___________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.

Unauthorized employee access and data breach

August 8th, 2016 by admin No comments »

Memorial Hermann Health System recently suffered potential data breach after an employee accessed the data outside of normal job duties. According to the reports, patient records may have been compromised. Memorial Hermann came to know about the breach on July 7, 2014. It mentioned that the unauthorized access reportedly occurred from December 2007 to July 2014. Patients in this time frame are affected. theft

“We value patient privacy and deeply regret any inconvenience this may have caused our patients. Although privacy training is in place for all employees, Memorial Hermann continues to investigate and to review its privacy policies and practices in an effort to prevent something like this from happening in the future.” Memorial Hermann Health System explained.

Affected information included patients’ names, addresses, medical record numbers, dates of birth, health insurance information, and Social Security numbers in a few cases. Financial information was not included. A forensic investigation was launched after the discovery, and the employee’s access to medical records was suspended. Facility began to send out data breach notification letters via mail to around 10,604 affected individuals.

“We recommend that you regularly review the explanation of benefits statement that you receive from you or your child’s health insurer,” the statement read. “If you identify services on the explanation of benefits that you did not receive, please immediately contact the insurer. We value patient privacy and deeply regret any inconvenience this may have caused our patients. Although privacy training is in place for all employees, Memorial Hermann continues to investigate and to review its privacy policies and practices in an effort to prevent something like this from happening in the future.”

According to the website:

At Memorial Hermann, we’re all about advancing health. Yours.  It begins by redefining healthcare. That means bringing together all aspects of the health system – care delivery, physicians and health solutions to create a truly integrated health system. Our 5,500 affiliated physicians and 24,000 employees practice evidence-based medicine with a relentless focus on quality and patient safety. Our efforts continue to result in national awards and recognition, including being ranked one of the nation’s Top 5 large health systems by Truven Health for patient safety and quality.

 ___________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Banner Health data breach

August 6th, 2016 by admin No comments »

Banner Health based in Arizona recently suffered data breach when it had incident of cybersecurity attack. It potentially affected 3.7 million patients, members and beneficiaries, providers, and food and beverage outlet customers. According to the Banner Health, cyberattack affected “a limited number of Banner Health computer servers as well as the computer systems that process payment card data at certain Banner Health food and beverage outlets.”  virus

“Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers,” Banner Health President and CEO Peter Fine said in a statement.

Affected patients included names, dates of birth, addresses, physicians’ names, dates of service, clinical information, and possibly health insurance information accessed. Social Security numbers were also included in the breach those who provided the same. Also, members and beneficiaries got their names, dates of birth, Social Security numbers, addresses, dates of service and claims information, and health insurance information as a current or former health plan member or beneficiary exposed. Payment cards used at 27 different Banner Health locations was also affected which was used during certain date range.

Banner’s affected facilities includes Arkansas, Arizona, Colorado, and Wyoming.

“The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems,” Banner said.

Names, addresses, dates of birth, DEA (Drug Enforcement Agency) numbers, TINs (Tax Identification Number), NPIs (National Provider Identifiers) numbers, or Social Security numbers may have been affected for the providers. Banner sent data breach notification letters to those potentially affected.

“We have returned to accepting all forms of payment at food and beverage facilities. You can use your payment card with confidence,” Banner explained. “This incident did not affect payment cards used for payment of medical services.”

____________________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.