Log in

Archive for December, 2010

Centra Says Stolen Laptop Contains Nearly 14,000 Patient Information

December 31st, 2010

: Laptop Stolen in Georgia

A laptop stolen in Georgia held the names and billing information of nearly 14,000 Centra patients. Lynchburg-based hospital system said someone stole the computer from an employee’s rental car on November 11th.

Laptop Was Stolen From a Car in Georgia

Centra spokeswoman Susan Brandt told The News & Advance that the laptop was taken in November in Alpharetta, Ga., from the trunk of a car rented by an employee. The employee was in Georgia for a training session. The hospital system announced the theft on Monday and Centra sent letters on Friday to patients, whose information might have been stored on the laptop.

Brandt said the number of affected patients represents about 2.5 percent of Centra’s entire patient population. Centra said HIPAA law gives them 60 days to get organized and notify the media and patients of the breach.

Centra Officials Response

Officials said that the computer files did not contain Social Security numbers or other information that could be used in identity theft. It also did not contain any medical history information. The stolen laptop was password-protected and it is not likely that someone could access the files on its hard drive. If someone did reach the file with patient data, they would not find Social Security numbers, driver’s license numbers, addresses or phone numbers, medical treatment information or credit card data, Brandt said.

The file contained an internal Centra billing number, the patient’s name, the amount being billed to an insurer and codes that identify the insurer. The information was very limited, there were names and account balances listed but everything else was in code. Even though this employee did not break the rules, Centra said it advises against storing information on a laptop’s C-drive. That could become a mandatory rule.

Juan DeLeon, Centra’s Director of Corporate Compliance said “Certainly it gives us an opportunity to address some issues where we may have had some lapses and we will be sure to strengthen those areas going forward”.
DeLeon said “Our policy is to do everything to secure it in the best method possible”. The employee notified police, but the police have not told Centra of any progress in the investigation, he added.

It took some time to determine whose information might have been on the laptop and also to track down their addresses, since their contact information was not included in the laptop’s files. DeLeon said “We certainly did not do it just because we are required to do it, but we did it because it is the right thing to do”.

Centra Sped Up the Process of Adding data encryption to Its Laptops

Centra already had started adding an extra layer of data encryption to its laptops but it has sped up that process, DeLeon said. Since the theft, Centra has reviewed privacy measures with employees, reminding them to store patient data on Centra’s network servers not on individual computers. He said “We are already almost completely done”. The encryption makes it virtually impossible for anyone to break into the hard drive and decrypt the information without the proper credentials.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

AHS medical records of 2,700 children stolen with laptop: Privacy boss (calgaryherald.com)
Public vulnerable after private data stolen on laptop: Alberta privacy boss (calgaryherald.com)
Medical records of 2,700 kids stolen: Alta. privacy czar (canada.com)
Medical records of 2,700 kids stolen, Alta. privacy czar reveals (nationalpost.com)

No comments »

Posted in laptop encryption, laptop theft

Mankato Clinic laptop is stolen- Full Disk Encryption Not Used

December 29th, 2010

: Health and Human Services Headquarter

How many times would you come across a situation where you felt, I wish I had a security protection solution like “Alertsec” to help me out with this issue.

In a breach incident that has happened at in Mankato, Minnesota has apparentely led the clinic team to install mobile encryption system in their tech devices. The clinic hasn’t officially confirmed yet whether encryption software was used or not.

Laptop Contained Information of Nearly 3,200 Patients

The Mankato Clinic says a laptop with information on nearly 3,200 patients was stolen last month. The theft took place about November 1st on Monday and clinic officials sent letters to all affected patients Thursday. Officials said that the missing laptop was password-protected; it is not communicated whether encryption software was used.

Clinic officials informed not only the affected patients but the Health and Human Services Department also. This is due to a requirement under the newly amended HIPAA, which calls for notifications if there is a data breach of protected health information (PHI) at a covered medical organization.

Nurse Left Laptop in Car

The laptop was stolen from a nurse’s car. The nurses often travel from clinic to clinic and bring their laptops with them. The computer in this particular case contained patients’ names, dates of birth, medical record numbers, healthcare provider’s name, encounter date and diagnosis information.

According to Farrow It is Unlikely Anyone Has Accessed The Information

Clinic chief executive Randy Farrow said it is unlikely anyone has accessed the password-protected information. He said that the records did not include financial information, Social Security numbers or home addresses. Because of this, the CEO believes that “patients do not have to take any measures to protect themselves”. The delay in notification came about because the clinic was doing an internal investigation to understand the extent of the situation, he added.

May be the loss of the data does not constitute a direct threat but the lost information could be used to engage in what’s known as “social engineering”. It is just a euphemism for “cheating people”. The fact is you know the patient’s name, healthcare provider’s name, encounter dates and diagnosis information allows you to create a believable persona over the phone.

Laptop thefts are becoming very common nowadays. It is a very bad information-handling practice to keep sensitive information about individuals including their Social Security numbers on an unencrypted laptop or any other device that is removable. It is very important to take preventive measures to stop these types of privacy breaches.

How Alertsec Xpress Would Have Helped:

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

How To Secure & Encrypt Your Information If Your Laptop Gets Stolen [Mac] (makeuseof.com)
Stolen Alta. laptops held health data (cbc.ca)
Laptop Security Software to Find Stolen Laptop with LAlarm (geniusgeeks.com)

No comments »

Posted in laptop theft

Tags: laptop Social Security number

Password-Protection is Not Encryption: Data Breach at Cook County Health and Hospital

December 28th, 2010

: Cook County Health and Hospital

Data breach ghost strikes at hospital once again!!

Second CCHHS Breach Reported This Year

The officials of the Cook County Health and Hospitals have announced that a desktop computer was stolen from a locked area in the Fantus Ambulatory Screening Center, located at 637 S. Winchester. Cook County Health and Hospitals System has notified the U.S. Dept. of Health & Human Services that the computer was stolen on or about November 1 and had data of 556 patients.

This is the hospital system’s second incident in recent months. In the first incident which took place in August, hospital reported that from the locked administrative office a laptop containing information of 7,000 patients was stolen.

CCHHS Conducted an Internal Investigation

Cook County Health and Hospitals System filed police reports and conducted an internal investigation of the incident. Notifications to the John H. Stroger, Jr. Hospital Police Department and the Chicago Police Department were made. CCHHS determined in this investigation that information contained on the desktop computer included some password-protected files with medical record identification numbers, some names, some birth dates, clinic names, physician names, and the results of certain laboratory tests. There was not the social security number of the patients in those files.

Computer Was Only Password Protected

According to the breach notification letters “the desktop computer and files with sensitive data were password-protected and there is a chance the information could be viewed”. Password protection is not encryption. It is not that much secure even so that we can rely upon it to safeguard data, unlike encryption. It is very easy to break passwords because in the case of password-protection there are glaring loopholes and can be easily found on the internet. But data encryption is very much secure; if desktop encryption had been used in the above case it couldn’t be possible to steal data from the stolen system because the patient data was protected.

How Data Encryption Helps in Protecting Data

Encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information. In many situations, the word encryption also essentially refers to the reverse process, decryption. This is the process to make the encrypted information readable again. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Govt asks Google for Gmail Encryption (globalthoughtz.com)
Dell Introduces File Level Encryption (informationweek.com)
How To Secure & Encrypt Your Information If Your Laptop Gets Stolen [Mac] (makeuseof.com)

No comments »

Posted in Encryption, data breach

Tags: alertsec AlertSec Xpress computer encryption software Computer security data data breach data encryption data security Encryption security

Alertsec is Offering Computer Protection Software for Mac OS X

December 26th, 2010

: Support for Mac OS X Platform

Alertsec Xpress

Alertsec Xpress is used in all organizations that have recognized the need to protect their information. It offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. Alertsec is the leading company in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and Personal Computers in an easy, convenient and cost-effective way.

Alertsec, a spin-off of Pointsec, has strong financial backing, long experience from encryption software and a security conscious organization. By using industry leading Check Point Full Disk Encryption (previously known as Pointsec) software, we have created a web based encryption service that radically simplifies deployment and management of PC encryption. In today’s scenario, information is an organization’s most important asset. As laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. The only way to protect information stored on a PC or laptop is by using encryption. That is why laptop encryption is becoming increasingly important.

Service for Mac OS X

Mac Operating System is the world’s most advanced operating system. It is developed by Apple Inc. for their Macintosh line of computer systems. It is a series of graphical user interface based operating systems. After Microsoft Windows, Mac OS X is the most active general purpose operating system in the use on the World Wide Web. Mac OS X comes with a variety of assistive technologies to help those with vision disabilities, including a built-in screen reader, screen & cursor magnification, high contrast settings and more.

Alertsec recently added support for the Mac OS X platform. We provide convenient and cost-effective computer protection software for Windows XP, Vista, 7 and Mac OS X. Our customers range is from single-user sole traders and consultants to large multinational companies with offices around the globe.

FileVault and Its Back Drop

FileVault is a system that protects files on a Macintosh computer. FileVault uses encrypted file systems that are mounted and unmounted when the user logs into or out of the system. Early versions of FileVault were slow and caused system to temporarily hang when used with disk-intensive applications such as sound and video editing. The performance of FileVault has been improved in more recent versions of Mac OS X.

There are also certain limitations with fileVault. While migrating fileVault home directories there must be no prior migration to the target computer and the target must have no existing user accounts. If all these conditions are not fulfilled, then prior to migration, FileVault must be disabled at the source.

Check Point Full Disk Encryption Software

Check Point Full Disk Encryption software is trusted and the global leader with more than 4 million users worldwide. The Alertsec Xpress managed security service is based on the Check Point Full Disk Encryption software solution. This software provides the highest level of data security with multi factor pre-boot authentication and the strongest encryption algorithms. For a complete end user experience, the entire hard drive contents including the operating system and even temporary files are automatically encrypted. This software protects corporate information from unauthorized access and prevents costly data breaches when laptops are lost or stolen. It provides comprehensive platform support and fast compliance with the highest security certifications. It is highly scalable and rapidly deployable as fast as 50,000 seats per month.

Alertsec securely managed 24/7 helpdesk which provides a truly cost efficient solution. Our mission is to continuously improve our products and services in order to deliver the easiest and most cost-effective managed encryption service on the market. We are a part of the Durator Group which has been awarded the highest credit rating available. We have offices in the US, UK, Sweden and operate in many other countries around the world through partners.

How Alertsec Xpress Would Have Helped:

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

2 comments »

Posted in AlertSec Xpress, Mac OS X platform

Tags: alertsec AlertSec Xpress Check Point computer encryption software Computer security data encryption data security Encryption laptop laptop encryption laptop security software laptop theft Personal computer security

Security Breach at McDonald’s: Data was Managed by Silverpop

December 25th, 2010

: Countries with McDonald’s stores

The database of McDonald’s may have been swept up in a spam related breach at its marketing e-mail provider Silverpop. Silverpop suggested McDonald’s and at least one other website to warn their subscribers but it was not clear that how many companies were affected by this data breach. The data lost in this breach was managed by an unnamed e-mail database management firm hired by Arc Worldwide. This company is a “longtime business partner” of McDonald’s.

McDonald’s warned its customers, who signed up for promotions or registered at any of its online sites that their e-mail addresses had been compromised by an unauthorized third party. McDonald’s told to customers that social security numbers were not included in the missing database but some more information like names, postal addresses and phone numbers might also have been exposed in addition to the email address.

Data Breach didn’t include Credit Card Information:

McDonald’s did not disclose when the breach happened or the number of records involved in this breach. It was also clarified that this incident had nothing to do with credit card used at the restaurant. The database that was accessed by the unauthorized third party did not contain any credit card information or any other financial information.

How the Data Breach Took Place:

McDonald’s said that the unnamed database management firm’s computer systems were improperly accessed by a third party. A Silverpop spokeswoman said there were a small percentage of customers who were affected by this breach but declined to identify any of its clients by name.

Silverpop said in a statement “It appears Silverpop was among several technology providers targeted as part of a broader cyber attack”. They wanted to make it clear that they were not the only company that had suffered from a breach.

McDonald’s informed about the data breach to people who subscribed on the sites by sending e-mails and notified law enforcement authorities. The company also advised customers, in the case of anyone calling them, pretending to be from McDonald’s; they can report it directly to the company.

Risk of Data Breach:

Many people use the same password on multiple accounts and the data breach like this puts those users’ accounts on other sites at risk of hijack. It’s very important for the firm who suffered from the data breach to give proper information to all persons related to that breach.

Such incidents pose the risk of identity theft or other serious consequences. In most cases there is no lasting damage, either the breach in security is remedied before the information is accessed by unscrupulous people or the thief is only interested in the hardware stolen not the data it contains.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.