Log in

Archive for June, 2010

Anthem Blue Cross Data Breach Incident

June 27th, 2010

If you had filed an insurance application at Anthem Blue Cross and your application was pending, there is every bit of chance that your sensitive information including Credit Card details and Social Security number were exposed.

As per the information published in a latest article on Orange county website, over 200,000 Anthem Blue Cross customers received letters in 3rd week of June which informed them about possible breach of their personal information due to a suspected attack on the company’s website.

The company is contacting customers whose application status was pending since the information was viewed through an on-line tool that allows users to track the status of their application.

According to the officials at Anthem Blue Cross:

“The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again.”

Obviously the victims are angered by the incident,

47 year old, Hal Ziegler of Mission Viejo said, “There’s not one place that has more information on you than your health insurer,”. “It’s the absolutely most personal level of information all the way down to Social Security numbers. That would be about the last place I would want someone to gain access.”

57 year old Luckett who bought an individual policy in February said, “I’m thinking this is the 21st century”. “I expect this company, Anthem Blue Cross, to protect my information.”

In return the Anthem officials have apologized and have offered to provide a free one year of identity protection service to potential affected customers.

Data Security with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Anthem Blue Cross Illegal Access (mytotalmoneymakeover.com)
230,000 Californians Warned In Anthem Blue Cross Data Breach (palisadesystems.com)
Anthem Blue Cross Website Security Breach Exposes 200,000+ Customers’ Personal Information (spectrum.ieee.org)
Anthem Blue Cross glitch exposed personal data (seattletimes.nwsource.com)

No comments »

Posted in Data Protection, data breach

Tags: Anthem Blue Cross Credit card data insurance security Social Security Social Security number Website WellPoint

SMBs Worried about Data Losses

June 25th, 2010

Computer software security and data encryption are two vital areas that organizations cannot afford to ignore. Symantec has released a new survey according to which over many small and medium sized businesses are worried about the cyber attacks and data loss incidents.

According to Symantec’s 2010 Global SMB Information Protection Survey around 2000 SMBs in 28 countries were surveyed. The respondents belonged to the following two groups:

Small Businesses (Employees 10-99)
Medium Sized Businesses (Employees 100 -499) » Read more: SMBs Worried about Data Losses

No comments »

Posted in Symantec Data Protection

Tags: Apple business Check Point Computer security Mobile device security Small business Symantec

Major Data Breach at Louisville hospital

June 23rd, 2010

: Jewish Hospital, Louisville

A Jewish hospital in Louisville is under severe fire with a damaging lawsuit filed against them for affecting a major data breach. As per the news reported in 3wave.com, a flash drive which contained the medical records information of more than 24,000 patients was mysteriously misplaced from the Our Lady of Peace Hospital. To make matters worse, one of the patients who is on the list is suing Our Lady of Peace and its parent, Jewish Hospital.

As per the new rules in the HITECH Act orgniazation are require to make disclosures within 60 days for breach incidents which involve more tha 500.

While the flash drive had disappeared on April 1, the hospital ran a legal advertisement notifying the public in Louisville’s largest newspaper, Courier-Journal on April 29 .

The flash drive contained unencrypted data of all patients admitted and patients assessed from 2002 till 2009. The patients data included name, room number, insurer name, and admission and discharge dates. What it didn’t have is information on treatments, Social Security number, date of birth, telephone numbers or address.

The patient’s attorney Ken Henry filed the lawsuit in Jefferson County which accuses the hospital of invading privacy, causing emotional stress and major negligence. The attorney wants Jewish hospital to pay for credit monitoring services for five years. In addition, patients are seriously upset over public leakage of their diseases. Apparently, the hospital treats the patients for sensitive diseases and obviously none of the patients is happy at the exposure of confidential information.

Barbara Mackovic, a spokeperson of the Jewish Hospital said,

“Patient confidentiality is sacred to us and our patients. We have taken this breach seriously, and we regret and apologize for any concern this has caused our patients and their families.

As we explained immediately to the people affected, as soon as we discovered the breach, we launched a full-scale investigation and took steps to prevent future breaches.

The news of data breach at a premier hospital is not new as during the last couple of months, many reports of data leaks have emerged across several hospitals in the United States. Last month we had analyzed a data breach incident at Cincinnati Children’s Hospital. It is time for hospitals to reviews their policies, procedures and implement the right computer security software which prevent damages even incases of theft and leaks.

No comments »

Posted in Data Protection, data breach

Tags: Facilities Health Hospital Jewish Hospital Louisville Medical record Medicine United States

Laptop Ghost strikes at Oregon National Guard

June 22nd, 2010

A laptop which belonged to the Oregon National Guard member was stolen earlier this week forcing the military to contact all the members who might be impacted by this incident.

As per the details by the Oregon National Guard, the laptop was stolen a couple of days ago on 21st of June from a vehicle. Apparently, the laptop was being used by the guard member to do work from home.

Captain Stephen Bomar, Chief of Public Affairs for the Oregon National Guard, said in a news release, “Although this laptop is password protected, with potential exposure of individual personal information, we are doing everything possible to notify individuals about the theft” .

The Oregon National Guard and The National Guard Bureau are individually contacting service members whose sensitive information may be compromised. Legal services are also available in the event a service member needs it through the Oregon National Guard Office of the Staff Judge Advocate.

Once again the incident raises serious eyebrows about the methods adopted by large organizations to secure data, store data and encrypt sensitive and critical information.

The laptop theft incident is not new as earlier in April this year, burglars had attacked the home of Jerome Avery stealing a laptop from his house.

Visit Source story

Get Laptop Encryption now !!

While huge sums are spent on protecting internal networks from hackers, employees are walking out the front door with laptops that not only have vast quantities of data stored on them, but also have applications connecting to internal networks and protected websites.

80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop encryption installed, none of the information or credentials would have been lost.

No comments »

Posted in Encryption, laptop theft

Tags: Government Military National Guard Oregon Oregon Military Department Oregon National Guard Theft United States

Data Security Issues at National Intelligence Agency, South Africa

June 20th, 2010

: Data Security Issues at NIA, South Africa

The intelligence services at South Africa have been blasted by the auditor-general for failing to secure information in their computer databases.

Post the parliamentary elections that have happened since 1994, it is for the first time that auditor general scrutinized the reports of the following intelligence services:

The National Intelligence Agency
The South African Secret Service
The Secret Service account of the South African Police Service

The auditor-general has raised concerns about the security of information which is contained in the NIA databases.

Apparently, the users were allowed “inappropriate access” to systems profiles which allowed them to modify programmes & alter critical financial information.

According to the audit report, “Sensitive transaction codes had not been locked in production to prevent general user access … the financial application settings allowed access to a programme that could be used to delete financial transaction data”.