Log in

Archive for February, 2011

Henry Ford Health System didn’t Learn from its Previous Mistake

February 28th, 2011

Lost Flash USB Drive

This is the second news of data breach within the Henry Ford Health System in less than a year. On 31st January 2011 an employee of Henry Ford Health System in Detroit lost an official flash drive. In the previous incident, a Henry Ford employee’s laptop was stolen from an unlocked office. Laptop encryption software was not used in the stolen laptop. This was the second case of data breach occurring within the hospital which took place just before three months of the latest incident in September but this time again the stolen drive was not encrypted.

Personal Data of 2,777 Patients is on Risk

The drive was containing the personal information of 2,777 patients and the security lapse within the Henry Ford put their information on huge risk. The lost information included names, address, e-mail address, phone number and date of birth, medical record numbers, type of treatment, test information and results of the patients. The drive contained information of only those patients who tested for urinary tract infections between July and October 2010.

An investigation of the breach started on 8th February 2011 but it is still not clear as to how, the device was lost. Henry Ford’s Chief Privacy Officer Meredith Phillips said in a statement there is no evidence the flash-drive data was misused.

Federal Health Information Privacy Law

According to the federal health-information privacy law, health care organizations are required to notify patients within 60 days of such a breach and health systems also must pay for identity monitoring for a year to help guard against identity theft.
In such case of data breach HIPAA require Henry Ford Health System to notify the affected patients, local media and the Department of Health and Human Services. Henry Ford has not placed a prominent notice of the breach on its Web site but it is notifying affected patients individually and offering one year of free credit monitoring services. Patients seeking information on activating ID monitoring may call 877-835-0549 between 9 AM to 9 PM on weekdays.

Security Flaw because of Unencrypted Devices

Everyday there are cases of security and identity breaches in the news and most of them occurred because of the unencrypted portable devices. What an organization should do in such case of data security? I will say the idea is to become a little more proactive. A simple solution like Data encryption software has a special option to encrypt the data. Which keeps your documents safe and protect your sensitive data against un-authorized users by utilizing the latest data encryption technologies.

Keep your Sensitive Data Safe with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

800,000 patient records missing? (medicineandtechnology.com)
US works to secure networks as hackers advance (boston.com)
America’s Most Dangerous Computer Security Breach Was Caused By a Flash Drive [Security] (gizmodo.com)
US works to secure networks as hackers advance – The Associated Press (news.google.com)

1 comment »

Posted in full disk encryption

Tags: data breach data encryption data security full disk encryption hard drive encryption Health Henry Ford Henry Ford Hospital Patient United States

News Update About Data Loss in Healthcare

February 27th, 2011

Image via Wikipedia

Ever since the usage of electronic records has increased, the vulnerability of data has become higher.

Kaufman, Rossin & Co. has released a report which shows the compromise of personal information of 4.9 million patients. The health information was compromised as a result of 166 data breaches that happened in the 1^st year of the implementation of HITECH act which is the Health Information Technology for Economic and Clinical Health (HITECH) Act

The act was implemented about a couple of years ago in February 2009. The idea was simple: Promote the usage, implementation of information technology in health sector. Not only that, it also calls for stricter rules/financial penalties for any breach incidents related to privacy.

The greatest source of the breach according to the study is laptops. Laptops were found out in 43 incidents and created an impact on more than 1.5 million individuals. The breach incidents happened occurred between Sept. 21, 2009 and Sept. 21 2010. In the first year, the breach incidents were publicly reported to the Secretary of the Department of Health and Human Services

Jorge Rey who is co-author and director of information security and compliance with Kaufman, Rossin said, “There are so many various ways for data to be breached in this day and age and many businesses are not properly prepared or are completely unaware of just how vulnerable this information is”. “The HITECH Act is changing the way PHI must be protected and those companies that are not serious about protecting their patients’ information find themselves facing serious reputation, legal and financial repercussions.”

Here are some of the other findings of the study:

Business associates, over 20% of them were affected by the data breach incidents
As far as individuals are concerned, around 3.12 million were impacted
32 percent of breaches were reported within the first three months
Needless to say, the data breach was caused by “Theft” incidents with these happening about 58% of the time.
It was only in 14% of the cases that theft was caused by loss and similar percentage accounted for misc. incidents.

The biggest learning from this report is the variety of formats in which the breach incidents can happen. Examples of such incidents are somebody sending confidential medical information to the wrong destination or the information being hacked by someone.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

UK Government Bodies Are More Vulnerable To Data Breaches (enterprisedrm.info)
EU study frowns over data breach notification rules (go.theregister.com)

No comments »

Posted in Data Protection, data breach

Tags: data data breach data security Health Insurance Portability and Accountability Act information security Information Technology Personally identifiable information security

Former Microsoft Manager Accused of Confidential Data Theft

February 25th, 2011

Data Theft at Microsoft

Data theft could lead to numerous problems for larger corporations or even normal users like you. What is really surprising is that it is not just the small organizations, even the big organizations are at fault when it comes to compromise of sensitive information and adoption of data security programs.

Matt Miszewski who is an ex-manager at Microsoft, has been accused of possessing “large aggregation of materials” comprising confidential files. Microsoft has also accused him of breaking a non-competition agreement and carrying a large bundle of confidential documents with him when he left the organization last year.

As per the reports, “Last month, the software giant sued Matt Miszewski, who worked as a market development manager with its CRM and online services division. This was done in order to prevent him from accepting a position at Salesforce.com”.

So what was the data carried by Miszewski?

The incident happened on exactly the last day of 2010 i.e. on December 31^st. Miszewski left his current job with Microsoft and accepted a senior vice president job with Salesforce.com. While doing that he took approximately 600 megabytes of confidential information from the company with him. In total,It was reported the confidential information comprised of over 900 separate files with an estimation of 25,000 pages in total.

The Value of Data at Salesforce.com

Salesforce.com, is a direct competitor against Microsoft’s Azure service. On the hosted CRM solutions marked, Salesforce.com also happens to be Microsoft’s primary competitors.. Salesforce.com offerings include cloud-based services for businesses, personal and even mobile computing. The stolen data contained plans, roadmaps and strategy documents for the cloud computing products, and services for 2011.

Without doubt, the estimated value of this data is very high since it brings out Microsoft’s competitive strategies in the open and also allows the other organizations to revamp their own plans in accordance with that.

Miszewski Breached Microsoft Agreement

What is also very surprising is that Miszewski’s act is a clear demonstration of breach of conduct. Since, Miszewski had signed an agreement which prevented him from accepting a job from a rival company. On the flip side, Miszewski claims that he had only taken personal items after resigning from Microsoft for a position at rival Salesforce.com.

According to the reports, “The judge sided with Microsoft and issued a temporary restraining order preventing the former Microsoft manager from starting work as senior vice president at Salesforce”.

Microsoft’s Request to Court

Microsoft has also requested the courts to change Miszewski existing temporary restraining order to a larger duration since the discovery of the critical document was made on his personal computer.

Microsoft’s corporate vice president and deputy general counsel for litigation, David Howard said in a statement “This case involves an employee with knowledge of Microsoft’s sensitive customer and competitive information going to work for Salesforce.com, a direct competitor, in a job that is focused on the same solutions and customers”.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Microsoft Accuses Former Manager of Stealing 600MB of Confidential Docs (pcworld.com)
Microsoft files suit over employee defection (v3.co.uk)
Microsoft accuses former manager of stealing confidential strategy docs (infoworld.com)
Former Microsoft exec barred from taking job at Salesforce (go.theregister.com)
Microsoft sues former manager to stop him from taking job at rival (seattletimes.nwsource.com)

No comments »

Posted in Security Flaw

Tags: Cloud computing Confidentiality Customer relationship management Injunction microsoft Non-compete clause Salesforce.com Vice president

Man behind the Theft of 2,000 Military Laptops was Arrested

February 25th, 2011

US Military Sheriff David Gee

$7.4 million worth Laptop Security Breach

Recently, a major laptop breach took place in Florida and the man behind the theft was also got arrested. According to Florida police “The alleged ringleader of a $7.4 million theft of military laptops was arrested after a McDonald’s drive-through camera took his video”. His name is Rolando Coca, who is a 55 year old, reputed head of a Miami crime family. He allegedly drove to a Tampa McDonald’s restaurant midway through the 10-hour theft of U.S. military contractor iGov Technologies Inc., and the McDonald’s security camera recorded his face and vehicle’s license plate.

Hillsborough County, Fla., Sheriff David Gee said at a news conference “That is really one of the things that broke the case for us”.

Officials already Investigating Rolando Coca

FBI officials investigating the crime boss Rolando Coca in connection with other cargo thefts. Officials said Coca had allegedly masterminded the laptop theft, in which two men climbed a ladder, cut a hole in iGov’s roof, rappelled two stories down into the warehouse and cut the security systems. Later around 10 people arrived there for the overnight burglary and started loading the laptops into two semitrailer trucks that later headed for Miami. When FBI saw him on the video immediately recognized and arrested him on January 25th in the Miami area, which is a popular hub for stolen cargo.

Laptops recovered in Miami warehouse

Authorities recovered nearly $4.7 million worth around 2,000 laptops, in an abandoned Miami warehouse. Other computers were also found in smaller quantities on the eBay online auction Web site and Amazon.com. The FBI separately arrested suspect Emil Benitez in a sting shortly after the alleged robbery when agents set up a deal to pay $50,000 for some of the laptops, The St. Petersburg (Fla.) Times reported.

Gee said “This was very choreographed and conducted at a very high skill level. They have obviously done this before”.

There was No Confidential Data in Laptops

Officials said there was no confidential data in the laptops but encryption software was also not there. Encryption programs are designed to protect the data and are a better way to ensure the sensitive data security. Laptop encryption software works so well that it is used by all the big organizations and institutions to protect their confidential data. Encryption software is far better than the password protection. It is clear that this is a breach of major laptop security and was presumably not welcomed by the US Military.

Get Best Laptop Security Solutions at Alertsec

This news exemplifies the need for data protection applications like Data encryption software and Laptop encryption. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Arrest made in case of stolen military laptops (seattletimes.nwsource.com)
Police say McDonald’s video helped them nail laptop ring (cnn.com)
Laptop Security – Are You Following Good Security Practices When Traveling? (lockergnome.com)
Basic Identity Theft Protection Tips (identitytheftprotection.net)
The Wikileaks wake-up call: Lost or stolen laptops cost corporations $2.1 billion per year (venturebeat.com)

No comments »

Posted in laptop theft

Tags: Hillsborough County Florida laptop security

Burglary at Edmon Low Library: Sometimes Data is more Valuable than Money

February 19th, 2011

Image of a Western Digital 250Gb SATA Hard Dri...

Image via Wikipedia

Sometimes sensitive data security matters even more than money. Yes, this time a Dell laptop computer, a external drive and some more valuable things were stolen from Edmon Low Library between 27th and 31st of January. David Peters, coordinator for the special collections and university archives said, “I had some international coins missing too, but those are minor compared to my external drive”. Theft is becoming very common at Colvin and personal items are disappearing from campus, in classrooms and in on campus restaurants and residence halls in a big amount.

How Burglary took place

As reported by Peters that as soon as he stepped into his office on Jan. 31 around 8 a.m., he sensed something wrong there. He could easily make out the difference by how things were placed in his room like his piggy bank was missing and the external drive was unplugged from the USB cable. Later, he discovered that his laptop was also missing from its case. On the discovery of this event, he contacted the library security and OSU police immediately.

Peters said in a statement, “My initial reaction was a sick feeling”. I told myself, ‘You’ve got to be kidding me’. “I felt pretty sorry for myself at first, I had other, less valuable things to me that they could have taken, but the big things are what were missing” he said.

Peters said the cops took down his statement and were looking at possibilities on campus, but nothing has been resolved yet. He said “My external hard drive contained personal research also. Folder headings on the hard drive are: Gallagher, family, family photos and Microsoft Word and Excel files. The irreplaceable family history and photos on the drive are what matter the most” he added.

Description of the stolen things

Describing the details of the stolen things he added that the Laptop was black in colour with gray trim and had a plastic cover. Its original power cord was left when it was stolen. Laptop was about five years old and its worth was less than $50. He also mentioned that the laptop belonged to a service organization called the Stillwater Rotary Club and the record it contained is almost impossible to rebuild from scratch. He told that the 50 GB Western Digital passport external drive was less than two years old and worth about $20.

Peters is ready to offer a sum of $100 reward for everyone if the laptop and hard drive are returned back, without any further probes. He also announced any expenses related to its return will me reimbursed.

If you use the Laptop encryption software or full encryption software in your device, nothing can harm your data even when your device is taken or stolen. Nowadays encryption is very simple, you just need to install it in your system.

Laptop Encryption Software with Alertsec

This news exemplifies the need for data protection applications like Data encryption software and Laptop encryption. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.