Log in

Archive for September, 2010

California Hospital fails to report data breach, fined $250,000

September 18th, 2010

Lucile Salter Packard Children’s Hospital at Stanford University has been fined $250,000 by California health officials for failing to report a breach of 532 patient medical records within 5 days of an apparent theft of a hospital computer by an employee.

The penalty imposed on the hospital is the maximum allowed amount, a spokesman for the California Department of Public Health, Ralph Montano said. He also added, “The penalty is assessed at the rate of $100 for every day of delayed reporting after the first five days for each patient medical record that was breached.”

State officials released a document on Thursday, called “2567,” summarizing the results of the state’s investigation of the Lucile Packard computer theft. It said an unauthorized hospital employee and her husband, another employee, were observed on January 5 in the hospital’s Heart Center removing a computer that contained protected health information on 532 patients.

State officials added, “Based on interviews and record review, the hospital failed to notify a privacy breach of patients’ protected health information (PHI) to 532 patients within five days after the hospital confirmed the breach on 2/1/10. The hospital failed to send notifications to the patients until 2/19/10.”

“The confidential data included names, date of birth, medical record numbers, diagnoses, procedures, insurance information and/or social security numbers.”

On Thursday, Lucile Packard officials posted a lengthy statement on their website stating that they intend to appeal against the $250,000 fine.

“The computer in question was used by an employee whose job required access to patient information,” the hospital said.

“Even though the employee had signed written commitments to keep patient information confidential and secure in accordance with legal requirements and hospital policies, the hospital received reports that the now-former employee allegedly removed the computer from hospital premises and took it home.”

“The hospital immediately began a thorough investigation and also reported the matter to law enforcement in an attempt to recover the computer quickly. As soon as the hospital and law enforcement determined the computer was not recoverable, the hospital voluntarily reported the incident to the California Department of Public Health (CDPH) and federal authorities, as well as the families of potentially-affected patients. The hospital also provided to the families identity theft protection and other support services.”

“Theft charges have been filed against the former employee.”

Spokesman for Lucile Packard, Robert Dicks forwarded this statement from Susan Flanagan, RN, chief operating officer: “This theft was very unfortunate. We hold ourselves to the highest standards in taking care of the children we treat, and we are committed to providing the best care possible and to protecting our children’s privacy.”

“The incident in question was related to the apparent theft earlier in the year of a password-protected desktop computer that contained information about 532 patients. The hospital immediately began a thorough investigation and also reported the matter to law enforcement in an attempt to recover the computer quickly.”

“As soon as the hospital and law enforcement determined the computer was not currently recoverable, the hospital reported the incident to the CDPH and federal authorities, as well as the families of potentially-affected patients.”

“The privacy and security safeguards we employ are some of the most advanced technologies and controls available to hospitals today.”

Ed Kopetsky, chief information officer at Packard Children’s added, “Even though the investigation revealed that no patients were harmed and apparently no patient information was compromised, we are using this incident to further tighten our security and provide additional education to our staff.”

Moreover, Dicks added a date has not been set for the ruling on the appeal.

How Alertsec Xpress Would Have Helped

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the computer. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Google Health Gets More Useful, More Personalized (webpronews.com)
Accenture Inks Health IT Deal With Stanford (informationweek.com)

No comments »

Posted in Data Protection, data breach

Tags: California Department of Public Health Facilities Health identity theft Medical record Medicine Social Security number Stanford University

Burglary at Gore Main School, several laptops stolen

September 17th, 2010

: Image via Wikipedia

The youngest batch of students at Gore Main School had a disturbing start to their week after thieves broke into their classroom on Saturday night and stole four laptops and a CD stereo system.

The teacher Rose McKenzie said, “The most upsetting part for the five and six year olds was that their morning schedule had to be changed as they were not allowed into their classroom due to the ongoing investigation.”

She also added “the children had some wonderful stories recorded on CD and usually played those on the stereo in the morning.” She continued, “One of the annoying things about losing the laptops was that, after waiting all year, the wireless signal strength had been just boosted to get internet access in the classroom and to be able to send material to the school printer.”

The children were “sad” about the whole incident and hoped someone might know where their laptops are. “It’s not fair,” said one pupil.

Constable Adam Roberts, of Gore, said the burglars were quick and organized as the Board of trustee members were at the school within 15 minutes of the burglar alarm going off but the offenders had left. Moreover, he added that there was no sign of a forced entry. He estimated the total loss at $3000.

How Alertsec Xpress Would Have Helped

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Home Surveillance Against Burglars On The Hunt (homesecuritysystems.net)
Druva backs up UK arrival with VAR hunt (channelweb.co.uk)

No comments »

Posted in laptop encryption, laptop theft

Tags: Cases and Accessories datasecurity Hardware Notebooks and Laptops security Theft Tracking Prevention and Recovery Vendors

A Computer containing private information of students, stolen

September 16th, 2010

A computer containing the names and Social Security Numbers of 7000 City College of New-York students, was stolen. The college has started notifying the affected students about the theft and a possible data breach.

The computer was password protected but it did not have any encryption software installed. Till now there has been no update if the information on the computer has been accesses or misused in any way.

Bianca Arroyo got a letter on Saturday from CCNY, where her son is a junior. “I called my son right away and told him something is wrong, something happened in the school, someone stole someone’s computer with a database with the personal information,” Arroyo said.

“I’m worried, you know, because the situation with things happening nowadays with identity theft that later on that something could happen to my son, and now he’d have to be the one responsible for it,” she added.

The potential victims of the theft are worried and concerned about the security arrangements at the college.

“I’ve gone to the school for the past two years, I don’t want anyone looking at my information,” said one student.

“Why was that all on one computer? It’s a good question right?” said another student.

“This time it’s the computer, but who knows what’s next,” another student said.

A spokesperson for the college said that the college is making all possible efforts so that such incidents are not repeated in the future.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

Seagate’s Groundbreaking Self-Encrypting Laptop Hard Drive First to Win Key U.S. Government Certification (eon.businesswire.com)
WinMagic’s SecureDoc Full-Disk Encryption Solution to Fully Support Intel Advanced Encryption Standard New Instructions (AES-NI) (eon.businesswire.com)
Do You Know Where Your Laptops Are? (itexpertvoice.com)

No comments »

Posted in laptop theft

Tags: Cryptography data data breach full disk encryption identity theft laptop theft Personal computer security Social Security number Theft

Possibility of Data Breach at HEI Hotels & Resorts, customers notified

September 14th, 2010

HEI Hospitality, owner and operator of Hi-end hotel chains and resorts like the Marriott, Sheraton, Westin and other monikers has sent notification letters to about 3400 customers informing them of a possibility of their data being compromised.

HEI discovered a vulnerability in an information system at certain of its hotel properties, which might have been exploited due to which credit card information related to certain transactions occurring between March 25 and April 17, 2010 may have been compromised.

The possible data breach could have given the hackers sensitive information such as credit card types, credit card numbers, expiration dates and security codes stored in the magnetic stripe on the back of each card. The hackers also compromised the property management system at the Algonquin Hotel, according to the letter signed by Troy Waterman, HEI’s senior vice president of finance.

In a letter to customers who stayed at one of its properties, the Algonquin Hotel, the firm informed customers that they believed that the point of sale system used in its restaurants, bars, and gift shops and the information management system used at check-in were illegally accessed and transactions intercepted. Customers were informed that the credit card’s number, expiration date, security code, and encoded magstripe data were at risk.

A HEI spokesman today said that though the company has notified 3,400 customers, there is no indication so far that the credit card data has been misused. Meanwhile, HEI is now offering a year’s worth of credit monitoring services for free.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption.

For security and technology observations, consider following us on Twitter.

Hotel Operator Warns of Data Breach (pcworld.com)
Accomodations Will Be Made – Hotel Card Systems Attacked, Breached (infosecurity.us)

1 comment »

Posted in Data Protection, data breach

Tags: Algonquin Hotel business Credit card HEI Hotels & Resorts Magnetic stripe card Marriott International Point of sale security

Laptop containing vital data stolen, reward on offer

September 13th, 2010

: Lapatop Theft

A laptop containing vital and sensitive data was stolen from Martin Hatton’s home in Blenheim Road, Horsham between 10pm on Monday August 30 and 5.20am on Tuesday August 31.

Mr. Hatton, the managing director of Mendage Projects Ltd, said: “The information contained on the laptop is quite crucial to me carrying on my day to day business.” He added, “The laptop even contained work he had done on the Houses of Parliament.”

Meanwhile, a reward of £10,000 is on offer for the recovery of the equipment and information leading to the conviction of those responsible.

The laptop was in a leather computer bag which also contained some memory sticks for each of the projects Hatton was working on. The bag also had all his business contacts’ cards along with all his current work notes. Moreover, his mobile phone containing 400-500 contacts was also taken.

Hatton said, “The theft has put me back weeks on the projects I was working on. It will cost me a lot of money to employ people to do the work again.” He also added, “I’m incensed by the fact someone’s broken into our home while we were sleeping in our beds.”

How to prevent data breach?

In cases of laptop theft, the insurance company may cover the hardware loss, but the data might be lost forever, or in worst cases might land in the wrong hands. Thus, data security software is required which will reduce the theft to merely that of hardware. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.