Log in

Archive for May, 2010

Data Breach Incident at Cincinnati Children’s Hospital

May 29th, 2010

Cincinnati Children's Hospital (Alertsec Blog)

Through the medium of our blog, we’ve emphasized on several occassions that most of the laptops are stolen at work place, conference centers, hotel rooms, cars, airports and train stations. While it is impossible to prevent theft what we can certainly do is protect our data by using laptop encryption software.

Today we analyze another case, where use of computer security software like Alerstec Xpress could have prevented massive data loss. A laptop at the Cincinnati Children’s Hospital Medical Center containing more than 61,000 patient records was stolen. In an incident that happened a couple of months ago, the laptop was stolen from the hospital employee’s personal vehicle which was parked outside his home.

While the missing records were protected using password they were not encrypted.

According to the hospital spokesman, Jim Feuer, “The records on the computer contained some personal information about patients, including names, medical records numbers and services provided”.

Feuer stressed, though, that the records did not contain Social Security numbers, credit card numbers or telephone numbers.

Offcourse, the incident is clear violoation of the HIPAA and that is something about which even the hospital authorities are aware. The HIPAA clearly states that the protected health information (PHI) must be secured and should preferably use an encryption incase of digital data.

The Cincinnati.com website says that the hospital has contracted with ID Experts, a leading provider in data breach solutions, to help patients and families affected by the incident. Families will receive a year of identity protection at no cost.

Rightly so, Mr. Feur added, “We need to and are doing a better job of strengthening our encryption practices”.

How Alertsec Xpress Would Have Helped

First-of-all, there is no specific reason to have vital patient data on a laptop which is unencrypted and can be easily stolen. Secondly, the impact of this incident could have been greatly reduced if an encryption software was used as a security layer. By using encryption software, we could have greatly enhanced the laptop security as there is no way that the information is compromised if the laptop is lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. This is certainly a small price to pay compared to what happened in Cincinnati children’s hospital case.

Secure your data using Alertsec

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution. The AES encryption algorithm and extensive 3rd party certifications offer you security that is used by millions. Try it for free today.

Lost Data Causing 10 out of 10 Pain for Healthcare (supportingsaferhealthcare.com)
Stolen VA Laptop Contains Veterans’ Personal Data (techdailydose.nationaljournal.com)

2 comments »

Posted in AlertSec Xpress, laptop encryption, laptop theft

Tags: Advanced Encryption Standard Check Point Cincinnati Children's Hospital Medical Center Computer security Cryptography Encryption Health Insurance Portability and Accountability Act security

Data Breach Incident at HMRC

May 27th, 2010

HMRC London Office

HM Revenues & Customs, a government department has apologized to the eligible tax credit claimants for a serious data breach incident due to which personal information of over 50,000 people was exposed.The story was first broken over by The Register as they received a tip from one of their readers. Apparently, the reader had received a tax credit notice that contained details of two other recipients’ work, childcare and pay details.

In response, Paul Gerrard, the director of tax credits at HMRC, apologised for the error. HMRC issued a response which said, “HMRC takes data security extremely seriously. Unfortunately an error has occurred in one of the tax credits print runs causing some customer information to be wrongly formatted. Investigations are underway to identify the cause of the problem and we will be contacting affected customers in writing this week, apologising and providing a corrected award notice. An initial analysis shows that ID theft could not result from this printing error.”

While the number of tax credit notices dispatched are not exactly clear, it is believed that around 50,000 tax credit notices were dispatched.

Owen Roberts from Callcreditcheck.com (an organization monitoring customer accounts for ID fraud) mentioned, “HMRC’s claim that this isn’t enough to commit ID fraud is only half-true. It could be enough for the beginnings of a path to fraud, or the icing on the cake for a potential fraudster.”

In a similar incident two-and-half years ago, the confidential details of 25 million Child Benefit claimants were burnt on two unencrypted CDs and popped in post. Infact last year, the department at HMRC had also indicated good progress in removing the ability to transfer data to USB sticks and CDs with the exception of compelling business cases.

Many people are of the opinion that printing was outsourced to some third party company who were expected to do a proper job but instead they messed up the situation.

Computer Security Software by Alertsec

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution. The AES encryption algorithm and extensive 3rd party certifications offer you security that is used by millions. Try it for free today.

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe.

HMRC makes tax credit gaffe (accountancyage.com)
50,000 Affected By Data Blunder At HMRC (news.sky.com)
HMRC mails wrong private info to 50,000 taxpayers (go.theregister.com)

No comments »

Posted in AlertSec Xpress, Identity and Information loss

Tags: AlertSec Xpress Child benefit Compact Disc data security HM Revenue & Customs identity theft Owen Roberts Tax credit

Veteran Affairs Department Suffers Data Breach

May 24th, 2010

: Laptop Encryption by Alertsec

Via techdirt.com- The Veterans Administration (VA) should rename itself to the “Ministry of Data Leaks. It is because every year they report loss of a computer/laptop which contains unencrypted data. As a result, several security gaps are being found out in the Department of Veterans Affairs which can potentially lead to data and information security fraud. Once again, two different data breach cases have been reported. In the first incident, an unencrypted laptop was stolen, which held the social security number and other information of 616 veterans. Somedays later, a log book from a medical lab in Texas containing personal information of 3,265 veterans went missing. While it is not clear whether the data was breached, the alarmbells have rightly started ringing. This incident demonstrates the need for VA to work tightly on issues pertaining to cyber security with contractors.

In the first case, the laptop was stolen on April 22 from the personal vehicle of the contractor’s employees. On the discovery of loss, the authorities were identified immediately and subsequently the VA was notified the following day. In addition, both the user account and server access from the laptop was disabled.

In a letter issued to Shinseki, Mr. Steve Buyer, the party member of the house House of Representatives’ committee on veterans affairs said, “We would like to express our deepest concern about the continued use of unencrypted devices within VA, despite the ongoing efforts to stop such use”.

According to Mr. Buyer, 25 of 69 contracts have nothing in the contract related to encrypted data which is more than 28% of the VA’s vendor contracts.

Mr. Buyer added, “I can only conclude from this incident that VA’s procurement processes seriously lack standardization in content, fail to articulate requirements, and [lack] compliance oversight”.

In response to Mr. Buyer’s statement, VA official Katie Roberts mentioned, “The contractor self reported the incident and has disabled the user account and server access from the stolen laptop. No further access from this laptop is possible”.

It is not the first time that a data breach incident has been reported at VA. 4 years ago a similar incident had been reported after the theft of a VA employee’s laptop which contained data of 26.5 million veterans and 2.2 million service members. On that occassion, the impact of loss for VA was worth $48 million resulting due to notification and a class action lawsuit.

Although there was no report of data usage for illegal purposes, the breach resulted in a unanimous legislation for ensuring the security of veterans’ identity and credit information.

Laptop Encryption from Alertsec

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data (techdirt.com)
Stolen VA Laptop Contains Veterans’ Personal Data (techdailydose.nationaljournal.com)
UK firms ignore encryption (newstatesman.com)

No comments »

Posted in Data Protection, Encryption, laptop theft

Tags: Class action Military United States United States Department of Veterans Affairs United States House of Representatives Veteran Veterans Affairs Department Washington

Heartland Makes Settlement Deal over Data Breach

May 21st, 2010

Heartland Payment Systems has made a settlement deal with Mastercard because of the huge data breach that was made a couple of years ago at payments processor.

Now according to the deal, Heartland will be paying US$41.1 million to MasterCard issuers who have lost money due to the data breach. Prior to this Heartland has also agreed to settlements with Visa which were worth $60 million and with American Express, for $3.6 million.

Back in 2008, Heartland was one of several organizations that was attacked by hackers. The hackers, stole data about payment transactions that was processed by Heartland for its merchant clients. Rightly so, heartland was suied by customers to to recover costs which were associated with reissuing cards for affected consumers.

A coupl of months ago, the hacker involved in this incident, Albert Gonzalez, was sentence to prison for 20 years. The Department of Justice has said that the breach, which included Heartland and other victims, is one of the largest ever investigated and prosecuted in the U.S. It involved the theft of millions of credit card numbers.

According to the settlement, 80 percent of MasterCard issuers who filed claims must accept the deal by June 25.

According to Wendy Murdock, chief franchise officer for MasterCard Worldwide, “We feel that this settlement represents an appropriate and fair resolution for our issuing financial institution customers”.

According Bob Carr, CEO of Heartland, “We are pleased to have reached an equitable settlement agreement that helps issuers of MasterCard-branded cards obtain a recovery with respect to losses they may have incurred from the intrusion. We look forward to working with MasterCard to encourage these issuers to participate in the settlement program for a speedy resolution.”

Secure your Laptop against Theft: Choose Alertsec

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

Heartland coughs $41m to settle MasterCard claims (go.theregister.com)
Heartland in $41.4M settlement with MasterCard (seattletimes.nwsource.com)
Heartland in $41.4M settlement with MasterCard (sfgate.com)

No comments »

Posted in Data Protection, data breach

Tags: Albert Gonzalez American Express Bob Carr Credit card Heartland Payment Systems Mastercard United States Visa

How to Install Alertsec Xpress?

May 18th, 2010

With changes in the government’s regulatory requirements and increasing concern over the rise in data breaches organizations are now under severe pressure to implement full disk encryption for laptop security and also for ensuring security of sensitive data.

Installing Alertsec Xpress Encryption software is fairly simple and all you need is just three easy steps:

Register for your subscription or 30-day free trial of our encryption software
Register your personal Alertsec Xpress subscription or 30-day free trial.
Receive an email from Alertsec Xpress with a link to your Alertsec Xpress subscription or 30-day free trial.
Download and activate Alertsec Xpress online
Follow the simple guidelines in the mail and click on the link.
Download your Alertsec Xpress subscription or 30-day free trial.
Alertsec Xpress will initiate and install the encryption software automatically on your command.
Set your username and password to personalize your installation.
Your laptop is now fully protected by Alertsec Xpress
Powered by Check Point Full Disk Encryption – the world’s most trusted encryption software.

Here’s a tutorial video which explains how to install Alertsec Xpress

Choose Alertsec and Secure your Laptop

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.