Log in

Archive for October, 2011

Mitsubishi Nuclear and Warplane data compromised

October 31st, 2011

Hackers don’t just hack small accounts like Hospital data or Software data. They get into big stuff like military and warplane data too!

According to Japanese Defense Ministry hackers have most probably accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems.

The news in detail

Mitsubishi Heavy–Japan’s largest defense contractor is best known in America for manufacturing the surface-to-air Patriot missile.–In August it found out that multiple computers were infected with a Trojan application. Further investigation showed that the information had been sent outside the company’s computer network, clearly indicating an outsider’s involvement.

The computers were located in 11 different places. Some were placed in sensitive areas like the Kobe and Nagasaki shipyards that are into submarines and destroyers constructions. A few others were located at the Nagoya facility that manufactures guided missile systems. The nuclear data that was stolen included anti-quake measures.

Mitsubishi Heavy Industries was reluctant to share this info at first. It kept the Japanese authorities in dark stating that its military information was safe and that all security measures were followed. Initially the company said that the attackers were caught early on but later contradicted their own statement saying that data had been compromised.

Statement issued by the company

“The company recently confirmed unintended transferring of some information on the company’s products and technologies between servers within the company,” said Mitsubishi Heavy in a statement. “Based on the finding, the company investigated the incident further and recognized the possibility of some data leakage from the server in question.”

Other recent military data breaches

Lockheed Martin, which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft, was a victim of military data theft recently. The Lockheed hack was done by using information stolen earlier from RSA Security. RSA is the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.

What are the Tokyo Police doing about it?

Mitsubishi Heavy has given a complaint to the Tokyo Metropolitan Police Department with details about damage done to its computer system in late September. The police are looking into computer records to find out the source of the data.

Protect your confidential data with Alertsec

Alertsec Xpress offers a customizable data encryption software solution from Checkpoint, the industry leader in encryption software (former Pointsec). Alertsec has come up with a web based encryption service that helps in deployment and management of PC encryption.

The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags: alertsec AlertSec Xpress checkpoint EMC Encryption Kobe Lockheed Martin Military aircraft Mitsubishi Mitsubishi Heavy Mitsubishi Heavy Industries Nagoya Nuclear power Personal computer security Tokyo Metropolitan Police Department United States

NHS breaches Data Protection Act by posting patient info online

October 31st, 2011

We talked in one of our last posts about how often patient data is getting compromised these days. Just when we thought there won’t be another breach related to patient data, we are proved wrong! The following news item talks again about patient data loss and that too due to negligence of the staff at National Health Service (NHS) Trust.

It appears that NHS staff has been breaching the Data Protection Act (DPA) by posting private patient data and photographs on Facebook. Data breaches took place across the country between July 2008 and July 2011. Civil liberties group Big Brother Watch submitted Freedom Of Information requests which showed that there were 806 separate data breaches at 152 NHS trusts during the above mentioned period. The report states that more than 20 incidents of patient information was posted on social networking sites and 91 cases where NHS staff was caught viewing details of colleagues.

Consequence of the data breach

Around 100 staff members were dismissed due to breach of Data Protection policy.

What does the Director of Big Brother Watch have to say?

‘This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected.’

The above shows that data breaches in the NHS are proving to be a ‘major problem’. ”The information held in medical records is of huge personal significance and for details to be disclosed, maliciously accessed or lost represents serious infringements on patient privacy.”

He further added: “It is essential the NHS is transparent about these incidents and failing or refusing to disclose that a data breach has taken place is unacceptable.”

Big Brother Watch feels that the NHS does not have a robust data security policy in place to ensure patients’ privacy is protected. It is of the opinion that such cases are going to keep increasing as more and more NHS staff members are going to get access to the new computer database having patient information. This new database called ‘The Summary Care Record’ will provide GPs, hospital doctors and paramedics immediate data about patients, such as allergies or medications.

NHS guilty of data breaches. Patient data compromised

Incident at the Nottingham University Hospital NHS Trust

A member of medical staff took a photograph of a patient in bed and showed it to friends on the social networking site. Needless to say, the member was dismissed.

What is being said about tightening of data security?

Information Commissioner’s Office said: “We continue to work with organizations from across the NHS to improve the security of patients’ information and will consider taking action where it is clear that an organization has failed to meet its legal obligations.”

Health Minister Simon Burns added: “We have issued clear standards and guidance to the NHS about what needs to be done to keep patient records secure and confidential. Individual NHS organizations are responsible for ensuring their staff understand and follow that guidance.”

Hospitals can secure themselves with Alertsec

Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

No comments »

Posted in Computer security, Data Protection, Encryption, Uncategorized, data breach, data encryption

Tags: Big Brother Watch Christopher Graham Data loss Facebook NHS NHS Trust Patient

Newcastle team found guilty of data breach

October 28th, 2011

Newcastle team pays for data breach

We have been regularly writing about data breach and laptop thefts cases. But following is a unique case where first data was breached and later the laptop stolen!

Newcastle Youth Offending Team failed to encrypt personal data of 100 young people on a laptop. The data contained names, addresses, dates of birth and the names of the schools the young people attended. This laptop was later stolen from the home of a contractor who had been working on a youth inclusion program.

The team had to face the brunt from the Information Commissioner’s Office (ICO) n for breaching the Data Protection Act. The ICO made the team sign an undertaking to prevent further data breaches.

According to the ICO investigation team Newcastle Youth Offending Team had a contract with the relevant company for data security. Unfortunately the company did not keep a eye on its employees to make sure that security measures were complied with or not.

The team has promised the ICO that it will beef up its security measures and put a strict policy in place. The policy includes encryption of portable and mobile devices, including laptops.

According to Sally-Anne Poole, acting head of enforcement: “Encryption is a basic procedure and an inexpensive way to ensure that information is kept secure. But, to their detriment, not enough data handlers are making use of it.

“This case also highlights how important it is to ensure that watertight procedures are in place before any work is undertaken by contractors. Organisations shouldn’t simply assume that third parties will handle personal data in line with their usual standards.

I’m pleased that Newcastle Youth Offending Team has learned lessons from this incident and hope that it encourages others to heed our advice.”

Chris McIntosh, CEO ViaSat UK, offered his two cents: “In light of MPs’ desire to see jail time for those dealing in stolen data, both the public and private sector must ensure that the data in their care is fully protected and that users are completely aware of the procedures and risks involved.”

“As vital tasks become shared across more and more organisations, it is imperative that bodies such as city councils and youth offending teams control not only their own data protection policies but also those of any contractors. Indeed, data security should form a key part of any contract that is signed and should be monitored rigorously with failure to comply being met with hefty penalties. Otherwise, contractors that show a flagrant disregard for security will be a continuing weak link for a public sector desperately improving its data protection.

Alertsec and data encryption go hand in hand

Information has become highly mobile. There are netbooks, laptops, iphones and blackberries. You leave any of these unattended and the next thing you know is that they are stolen!

To lose any of the above device means losing valuable information! Especially when this information includes not only your personal data but that of hundreds and thousands of people.

Encryption is the best security solution to data breaches and laptop thefts. Alertsec helps you keep your info secure

.

No comments »

Posted in Computer security, Uncategorized, computer security software, data breach, data encryption, identity theft, laptop encryption, laptop theft

Tags: Big Brother Watch Christopher Graham data breach Hardware Information Commissioners Office laptop Newcastle Youth Offending Team Notebooks and Laptops

Computer backup tapes reported missing from Nemours Children’s Health System

October 27th, 2011

Backup tapes containing patient billing data stolen

Data thieves somehow love stealing patient data or better they somehow know that stealing patient data is a lot easier than any other data. Recent cases of hospital data missing are a clear indication of the above.

The following is yet another case of missing patient billing data. This time thieves have managed to steal three unencrypted computer backup tapes containing patient billing and employee payroll data from a Nemours facility in Wilmington, Delaware. The tapes were supposed to be ’safely’ locked and there was another cabinet containing a computer systems conversion that was completed in 2004. The thieves cleverly stole the tapes and locked cabinet on September 8, 2011 during a facility remodeling project.

As yet there is no indication that the tapes were misused. Fortunately there was no medical data on the tapes. Thieves are going to have a hard time accessing data on these tapes and will need special equipment and knowledge if they want to break this code.

The data in these tapes includes info like name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information related to 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida.

According to David J. Bailey, M.D., President and Chief Executive Officer “This is an isolated incident unrelated to patient care and safety,”. “The privacy of our patients, their families, and our employees and business partners is a high priority to all of us at Nemours.”

Affected individuals are being notified and one year of free credit monitoring and identity theft protection as well as call center support has been offered to them.

In a special press release, patients were told the following:

Nemours has provided high quality and compassionate paediatric care for over 70 years, and the privacy and confidentiality of the information we maintain for our patients has always been an important part of the fundamental trust that we share with our patients and their families.

Needless to say, Nemours is revamping its data security policies. The policy includes data encryption and moving computer backup tapes to a another secure facility.

In a similar incident that we reported last week, backup tapes at TRICARE were lost. TRICARE is a provider of health care services to active and retired military personnel. These are careless and easily preventable mistakes that organizations must take into account.

Alertsec is helping organizations with their data security issues

Alertsec, a reliable name in the world of data security is guiding organizations in their data protection policy. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For years, Check Point has been protecting more PCs, laptops, PDAs, smart phones and removable storage devices than anyone else in the world.

Alertsec is the frontrunner in offering data encryption software as a fully managed service, and as such, Alertsec is a Check Point Managed Security Service Provider and Global Silver partner. We´re an experienced security organization with well-trained and Check Point certified experts.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, computer security software, data encryption, identity theft

Tags: Backup Cryptography data data security David Jackson Bailey Delaware Nemours New Jersey Patient Pennsylvania September 8 2011 Social Security number Theft Wilmington Wilmington Delaware

Burglars steal 20 laptops from Strawberry Point School

October 24th, 2011

Laptops have become an integral part of the business world. It gives you the freedom to move around with your work. It is cool, sleek and gives you connectivity outsid

Cart left stranded in Muir woods. Laptops stolen!

e of your office premises. But hang on! As much as you value your laptop, so do thieves!Laptop is a great prize to have, for the thieves!And it is not easy to steal one at all. You sit at a Cafe working on your laptop. You get a call from a business colleague. You get up and start talking, start moving as the range is not catching. You come back to your seat and guess what, your laptop’s been taken!

The following news item talks about laptop burglary that occured in Strawberry Point School in Marin County. Burglars did away with twenty laptop computers from the Strawberry Point Elementary School’s library last week. The burglary was reported by the school’s principal Monday around 8:25 a.m. At the time of the theft, the computers were in the library at the K-5 school at 117 East Strawberry Drive in Strawberry.

The burglars opened a locked door , took a white steel cart that contained the Apple MacBook laptops. Each laptop was worth $1,300 each. The perpetrators left the cart stranded near Panoramic Highway and Sequoia Valley Road, east of Muir Woods. Obviously the computers were missing!

In a similar incident on July 20, forty-seven computers — 30 MacBooks and 17 iBooks worth an estimated $52,500 — were stolen from Mill Valley School District campus.

Here the suspects cut a padlock to an access gate on Old Mill St. to get on the campus and then pried open a window in the school’s multi-purpose room on the back side of the school, according to the Mill Valley Police Department. Police continue to investigate the case but haven’t made any headaway.

“We’re working with the police department to increase our security and making sure everything is functioning as it should,” said Tim Ryan, the director of maintenance and operations for the Mill Valley School District. “Schools statewide are inherently open places, and we have to find a balance between remaining open and maintaining a high level of security.”

Alertsec comes to the rescue

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Full disk encryption is superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

More about laptop security from Alertsec

Laptops generally get stolen from the work place, conference centers, hotel rooms, cars, airports and train stations. It is difficult to prevent theft as opportunists are everywhere in our society.

Best bet would be to make sure having a fresh back-up on a server or back-up device.

Lastly, by using encryption software, you greatly enhance the laptop security as there is no way that the information is compromised if lost or stolen.