Archive for March, 2013

Data theft: An internal and an external threat.

March 30th, 2013

In this digital era where data travels at the blink of an eye and hi-tech devices like mobiles and tabs take on different forms, global corporations are at a risk of losing highly sensitive data than ever. For this, there is an urgent need for data security. Apart from large data breach by professional computer hackers, there is a critical concern for industries who are at risk, when it is associated with their employees. With the increasing negligence or malice by company employees, there is a risk factor of information leakage which can become a key conversation piece in risk discussions. A recently published study made it clear that the risk of data breach is significant. The study indicated that more and more number of employees are transferring and storing corporate information off the premises. This calls for data encryption software so that data transfer could be secured.

A survey carried out among half of the employees showed that they transfer work documents using home computers through less secure accounts such as Gmail. One-third of the total responses indicated that they transfer data using file-sharing apps such as Dropbox without any prior permission. Out of five, two transfer the files using their personal tabs or smartphones, where the risk of data breach is at its highest. But, in all these scenarios data security are important. Also, the majority of these people do not delete the data once transferred. For the ignorance of such risks IDC Canada reported that e-mail is the main source of data breach, with laptops secondary, and removable media being the third. Both employees as well as employers are to be blamed and the reason being that the employees are performing official activities in lots of public places, and there’s no one to bother cleaning it up or enforcing policies for computer protection.

Our major issue of concern is data breach through company employees who are moving on to other jobs. A study conducted recently showed that 50% of working professionals kept confidential information while leaving or losing their jobs, while 40% of the employees planned to use it in their new jobs. Also, 60% workers join hands with competitors who offer to share the confidential data from their last job. This is why data security with the help of data encryption software should be ensured so that employees do not carry confidential information even after leaving the company.

What’s more surprising, is the fact that those 55% of the employees are not ready to accept that it’s a crime using competitor’s confidential information while other 68% said that their company does not take strict actions to ensure they don’t use competitive information. Also, company employees often believe that they are the rightful owners since they played a part in creating or contributing to the secured data. This leads them to think that their employers do not care about computer protection, and it would not cause any harm if they take it, which is absolutely wrong. Today’s growing corporate trend demands employers to pay more attention, since the risks could be substantial ranging from monetary to loss of business to competitors, to legal action and inquiries. But that again invites the risk for data breach where data security must be assured  for computer protection.

Perhaps, there’s one thing that employees always look for and i.e., personally identifiable information on customers. So, they need good contacts with the people involved in sales, corporate IT and company support as these people have an easy access to such records. In some cases, to avoid getting noticed employees often download large lists incrementally to text files or spreadsheets. While client or customer based information might be one of the more prolific targets, therefore, one has to be very careful regarding data security as to whom access is being given to monitor internet by making sure that the stuff is not leaked out of the company.

Encryption software prevents data breaches

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.

Enhanced by Zemanta

A look at the Biggest Cyberattack in History

March 28th, 2013

 

A recent cyber attack has captured everybody’s attention, primarily targeting a single company, now being described by experts as one of the biggest Distributed Denial of Service (DDoS) attacks in the history of Internet. The privacy violation which began affecting every element related to Internet’s physical infrastructure, also due to which the Internet speed may slow down all over in Europe for a while.

It all started when the attacks targeted an anti-spam company Spamhaus, based in Europe. This company work by refraining the main source of the email spam and later sell those blacklists to the Internet Service Providers. The cyber attack began to hit as the waves of typical DDoS assaults when Spamhaus blacklisted a dodgy Dutch web hosting company, Cyberbunker. But it did not took the responsibility of the cyber attack directly against Spamhaus.

Commonly, in such attacks, computer hackers send fake traffic at a specific server for the purpose of overburdening it. The computer systems involved in the DDoS operated cyber attacks have already been infected with malware before computer hackers get control of the machine without the owner’s prior knowledge. Spamhaus entered into a contract with CloudFlare,  a data security firm which mitigates the cyber attacks soon after they proceeded. Now, it’s CloudFlare’s  responsibility to defend Spamhaus by dispersing the attacks across multiple data centers. It is a technique that keep a website online even after hitted by the maximum amount of traffic a usual DDoS can generate.

“Usually these DDoS attacks have kind of a natural cap in their size, which is around 100 gigabits per second,” CloudFlare CEO Matthew Prince told Mashable before explaining the limitation in typical DDoS attack size is due to routing hardware limitations.

“Usually these DDoS attacks have kind of a natural cap in their size, which is around 100 gigabits per second,” CloudFlare CEO Matthew Prince told Mashable before explaining the limitation in typical DDoS attack size is due to routing hardware limitations. When computer hackers failed to knock down Spamhaus while CloudFlare was protecting it, they chose to target CloudFlare’s network providers by exploiting a known fault in the key piece of Internet Infrastructure, i.e., DNS. “The interesting thing is they stopped going after us directly and they started going after all of the steps upstream from us,” said Prince. “Going after our immediate transit providers, then going after their transit providers.”

Basically, DNS alters a URL into the desired website’s IP address and eventually helps in delivering desired Internet content to user’s computer. Also, there’s a vital element of the DNS system, known as DNS resolvers. “The attack works by the attacker spoofing the victim’s IP address, sending a request to an open resolver and that resolver reflecting back a much larger response [to the victim], which then amplifies the attack,” said Prince.

Prince said that these attacks have been “certainly the largest attacks we’ve seen.” he added. According to a leading data security research group, “it is one of the largest DDoS operations to date. “Due to Internet reliability on DNS, Internet speeds world over can be affected by such large-scale DNS amplified DDoS operations.

“Anyone that’s running a network needs to go to openresolverproject.org, type in the IP addresses of their network and see if they’re running an open resolver on their network,” said Prince. “Because if they are, they’re being used by criminals in order to launch attacks online. And it’s incumbent on anyone running a network to make sure they are not wittingly aiding in the destruction of the Internet.”

Because of the past few continued cyber attacks, the data security industry is likely motivated. Though it has been talking about it, but they have taken the issue apparently insufficient to act upon. Prince however advises that these DNS-amplified DDoS operations won’t be leaving away any time soon. “The good news about an attack like this is that it’s really woken up a lot of the networking industry and these things that have been talked about for quite some time are now being implemented,” said Prince.

Get your personal as well as office laptops encrypted by Alertsec

With so much vulnerability on public networks Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Revealed at Government Ministry

March 25th, 2013

In recently published news, there has been another privacy data breach revealed at a Government department, at the Ministry of Health this time. A news website named, ONE News discovered 19 people to have been affected by a printing error as a result of which high use cards were sent out on the wrong addresses. A woman from Dunedin who had received her son’s high use card in a mail said, there was another high use card in the mail attached with the same, containing another high use card referring to someone else. The lady also said, it was for “no one that I know, totally different city, totally different name, totally different address, everything”.

The lady, who is a mother of two, immediately rang the Ministry of Health as her responsibility who had told her about a mechanical error with a printer meant two letters, with two cards, which had been placed in one envelope. “I at first sort of didn’t really know what to do, it just concerned me. I thought if this has come to me, what else has gone to wherever else?” The Ministry of Health apologized to all 19 people affected by the glitch, following all the data breach related incidents. As a precautionary measure, the health ministry is issuing 366 replacement cards for all the people who have been affected in the batch of the cards, and cancelling those sent out mail and/ or letters. The privacy data breach involves the name and addresses of the card recipients, but does not include any medical details of the same. The knowledge about the aforesaid incident comes in the wake of recent high profile privacy breaches at ACC, Earthquake Commission and the Ministry of Environment. The Ministry of Health finally assures the public by saying that the data breach has been resolved and has asked the contractor who was involved to accommodate an automatic checking method so that the same mistake could not be repeated again.

Encryption software prevents data breaches

Traditional antivirus approaches don’t work anymore and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss whatsoever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.

Enhanced by Zemanta

EQC to shut IT systems after being hit by Data Breach

March 23rd, 2013

The Government ordered Earthquake Commission (EQC) to shut down all its outgoing IT systems for the purpose of data security after it was hit by an email, sent leaking the private information the second time. The recent data breach is another privacy revelation, happening twice in less than a week for the organisation, after admitting to unintentionally release of the details of 80,000 claimants in its Canterbury Home Repair Programme – described “embarrassing” to this incident. Later, in Parliament it was revealed that a second email was also sent, which included the personal details of the claimants, like their names and bank account details. The email which was sent, as a result of another data breach, contained a spreadsheet file with 2200 names of the claimants and information including money owed in stopped cheques, which totals around $23 million.

Therefore, the Earthquake Minister Mr. Gerry Brownlee in response to the data breach incident, ordered the Earthquake Commission to shut a number of its IT systems down, as well as its external email service and business-to-business (B2B) exchanges. Brownlee also told Colin MacDonald, the Government’s chief information officer to investigate the incident to know what had happened, which remains unaware of the data security.

Brownlee told that he was “deeply distressed and concerned” by the leak occurring twice in a very short span of time, he also said that this data breach may lead to attribute to an IT problem.

“The recipient took the appropriate actions and advised EQC they had received the information in error through EQC’s online complaints process about a month ago,” he said.

Call for action

Earthquake Minister, Brownlee passed an order for EQC to immediately shut down all the external email systems including the IT Department, in order to defend emails from sending or receiving by the organisation. For this, all the business-to-business systems and data exchange activities as well as the accessing into EQC systems by external parties, has also been immediately ceased.

MacDonald has been tasked to investigate the problem and keep an eye on the implementation of a solution. “Mr MacDonald will develop a priority work programme to resolve and manage the issues with EQC’s information systems and bring its processes and procedures up to standard,” said Brownlee.

“I think this is a timely opportunity to draw breath after what has been a very rapid growth for EQC and ensure the privacy New Zealanders have the right to expect from any agency holding private information is offered to them by EQC.”

Privacy data breach ‘staggering’

Later, the Labour MP Lianne Dalziel announced about the data breach during Parliamentary Question Time. She also described the degree of the privacy breaches by EQC to be “staggering”. “This is an absolute scandal and proof that there is a systemic problem with the security of electronic data held by EQC and other agencies across the entire state sector,” she said after Question Time.

“New Zealanders take their privacy very seriously. But this Government has let them down time and time again. We’ve now had major breaches at EQC, ACC, MSD, IRD, Corrections and Novopay. “What will it take for this Government to act? It’s time to stop the flippant responses such as Gerry Brownlee dismissing it as ‘similar to putting the wrong address on an envelope’ and give New Zealanders the confidence they deserve that their information is safe.”

However, the moment topic was being raised in the parliament, Brownlee was banged on her dictum for the late information of the allegations which she had received long ago. “If the member considers this the breach that it appears to be I’m disappointed she didn’t contact my office to let me know that she is now in receipt of people’s private information,” he said in response to her questions. He added that she had time to contact him before the afternoon session began. “I will certainly check it out, and take whatever action is necessary to ensure that EQC does get on top of its system, so this sort of thing doesn’t happen,” he said. This exchange created commotion and jeering in the Parliament House, with some people calling to resign on Brownlee over the leaks happened, and asking the Speaker to call for an order. When a news channel named, ONE News contacted Earthquake Commission, it disagreed to comment on the latest privacy data breach allegation.

How can Alertsec help prevent such data breaches?

Alertsec cloud based information security service provides an easy and convenient way to protect information on your organization’s computers. No server, training or IT knowledge is required as everything is a part of the subscription plan. Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption has the highest security certifications – FIPS, Common Criteria, and BITS.

With Alertsec Xpress there is no impact on the performance of the encrypted computer. The Full Disk Encryption software is very fast and works on-the-fly by encrypting and decryption your files as you access them. Everything on your disk is encrypted, including the operating system and free space.

Enhanced by Zemanta

Apple App Store Unsecure

March 21st, 2013

In a statement by Google security researcher Elie Bursztein, Apple’s App Store servers didn’t encrypt all the communications with iOS clients, which left users exposed to several potential cyber attacks until late January.

In a blogpost on Friday, Bursztein said that, “The Apple App Store and associated applications, such as the Newsstand, are native applications provided by default with iOS to access and/ or purchase content from the Apple App Store”. He concluded, “While the Apple App Store is a native iOS app, most of its active content, including app pages and the update page, is dynamically rendered from server data.” For the purpose of infusing rogue content into applications, network attackers might have exploited lack of HTTPS (HTTP secure) encryption for specified parts of the communication between Apple’s App Store iOS clients and the servers, he said. With this technique, attackers aim to trick apple users into password exposure by infusing fake password into the App Store app, which in turn force users to install and buy rogue applications with alteration in purchase parameters on the fly, trick users into installing rogue apps by passing them as updates for already installed apps, prevent the users from upgrading and installing specific apps, or check what apps they have already installed on their devices.

When the tech giant enabled HTTPS for app store active content by default, such attacks were possible until Jan 23. Later, the Apple, figured out the change itself in support listing that fixes on its websites and two other researchers along with Bursztein, credited with reporting issues. It is happening because of the fact that users devices’ are not protected with data encryption software which is vital for any device that feeds on technology. So there it calls for a data security.

Google researcher claims to have reported about the cyber attacks to Apple early in July, last year. “I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users,” he said. he also emphasized on using data encryption software.

Like most of the cyber attacks scenarios which are exploiting the data security as well as the lack of full-session HTTPS on websites, the cyber attacks on App Store found by Bursztein could have been easily executed against iOS users who connects to public Wi-Fi networks like those who are found in airports, coffee shops, libraries, filling stations and other public spaces, by encryption process

The researcher interpreted all those cyber attacks in detail in his blog post. Precisely, he also published few video demonstrations for the clients in general, as well as the users, on YouTube showing how the cyber attacks would have appeared to targeted iOS users.

He said, “I decided to render all those attacks public, in hope that it will lead more developers (in particular mobile ones) to enable HTTPS,”. “Enabling HTTPS and ensuring certificates validity is the most important thing you can do to secure your app communication.” Before doing so, always keep data security in mind.

During past few years, major Internet giants like Facebook, Google, and Twitter enabled always-on HTTPS in order to ensure users’ data security for their on-line services.

Paul Ducklin, the head of technology at Sophos (Asia-Pacific) told in a blog post on Saturday, “Apple, it seems, didn’t bother with HTTPS everywhere, even for its own App Store, until 2013,”. “Since there’s no other place to shop when you’re buying or selling iDevice software, and since Apple likes it that way, you might think that Cupertino would have set the bar a bit higher.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Review of Chinese Cyber Security Threat

March 19th, 2013

In a recent study revealed by New York Times, a leading International Security Consulting Firm, Incident Management Group, Inc. (IMG) will be reviewing a corporate security policy in China. It is due to the fact that a computer security threat has been found, posed by Chinese hackers.

This had led IMG to examine Chinese cyber security and computer security for global corp. The New York based news agency, highlighted a report released by Mandiant, another cyber security firm, which focussed on the attempts by the Chinese military to conduct such cyber attacks on The States (US) and some western companies. It has been suspected that these Chinese hackers, especially those associated with military, targeting western firms in order to obtain intellectual property and technology, for years. Despite this article, added weight to the growing suspicion and drawn attention to all the hacking groups around the world, including China. In response to this, IMG is looking for ways to enhance the computer security, cyber security posture as well as to monitor data theft protection of its client partners by enforcing effective data security policies and ensuring full disk encryption for the computer protection.

In light of the news article about western organisations being the target of the Chinese hackers, IMG is planning to conduct a cyber security review to see how full disk encryption can be done and cyber security posture can be increased to implement data security policy. However, for IMG computer protection for data security must be overlooked as an element of institution’s computer security and cyber security framework. Given that the hacking groups have military as well as state support, it is critical for organisation to take a 360 degree view of data security. By doing so, they will ease threats, that are posed by Chinese hackers.

It is possible that either to take advantage of China’s position as a leading global manufacturing base or their growing  business economy, many large corporations are eager to be present, as a target for sales and marketing efforts in the Chinese market. in either cases, Companies need to have a robust encryption software or data security program who are carrying their business with/ in China. n this growing digital technology world, it is paramount to have an active computer security software protection for companies and that should be based on an active evaluation of all data security risks. Physical data security, such as employee access can be a gateway to cyber attacks, hacking and crime; as well as vice-versa.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Security breach of student data at Community College

March 15th, 2013

The Tallahassee Community College officials announced on Friday, about an unauthorized acquisition of computerized data on their systems. The recently occurred data breach at the community college may put previous data security, confidentiality, or integrity of personal information in jeopardy. In a recent notification disclosed by the federal officials, the administration of the Tallahassee College was told of the occurred data breach. The investigation carried out by the federal officials, resulted in the conviction of a Miami, Florida man on submitting false claims to the Internal Revenue Service and on the charge of access device fraud as well as of the aggravated personal identity theft. This attempt can be overlooked in the presence of a data security.

“TCC values the protection of private information, so we take this matter very seriously,” said a TCC Chief of Police David Hendry. He continued, “We have identified the group of individuals whose information may have been compromised, and we will immediately begin the process of contacting each one.”

According to Hendry, it is believed by the college officials that the occurred data breach has occurred internally and affects more than approximately 3,000 individuals. The investigation into the occurred data breach will be ongoing. Also, personalized letters by TCC will be mailed to the persons who are potentially affected by the occurred data breach. The letters will contain the details regarding what steps can be taken by the individuals to make sure the security of their identities; TCC will also provide additional resources, including a TCC hotline to provide further information.

How an encryption software like Alertsec’s would have helped!

The use of encryption software would have helped to keep files protected on the computer. With encryption installed, none of the information or credentials would have been lost. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software to create a web based encryption service that simplifies deployment and management of PC encryption. The best way to protect information stored on a PC is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Alertsec is part of the Durator Group which has been awarded the highest credit rating available.

Enhanced by Zemanta

Employee details leaked in a data breach

March 14th, 2013

Company officials at Allen County Information Technology Department detected on March 21 that personal details of employees has been accidentally made available to unauthorized users, including social security numbers and more than 1,100 employees has been affected in this data breach. During the weekly Allen County Commissioners’ meeting, Prosecutor Juergen Waldick of Allen County said, “The data breach was determined and blocked within minutes of the county becoming aware of it last Thursday.” The confidential information discovered of all the 1,152 county employees included social security numbers, said the Allen County Commissioners during a press conference. This has also led to impact some retired county employees too. Nobody is believed to have misused any single information till now. The fact about the exact manner of how the information was released and how long it was made available for others to see and/or access was not discussed and is still unknown.

“There’s nothing to hide,” said Jay Begg, Allen County commissioner. “It’s just that we want to be sure employees’ identities and information are protected before we tell everybody what happened.” The confidential information released did not include any financial, retirement or health care information, Waldick said. “While there is no indication that any individual’s information has been improperly used, the county has taken appropriate steps to protect its employees from the consequences of the data breach,” Waldick said.

“It wasn’t something that someone maliciously did,” Noonan said. “We learned a lot more about the Internet in the past couple days.” Becky Saine, Administrator at Allen County told that the company purchased one-year Lifelock security memberships at a price of $25,000 for all the affected employees. Lifelock is an identity data theft protection company that monitors data threats and send notifications to users when a suspicious activity occurs. Although the information on data breach is unavailable, also there are no signs of any personal information being misused, there could be a possibility of information being copied when it leaked out or during the time it was posted and the news about data theft developed. Most employees of the company have been informed of the issue occurrence through phone calls and mails. “Since this did involve some employees who recently retired, we have made every attempt to contact them, and in most cases, contacted all of them,” Waldick said.

The mails and letters which were sent to county employees contained instructions to obtain the free Lifelock membership. “We have no reason to believe that any information has been or will be used in an inappropriate way; however, out of an abundance of caution, we want to make you aware of the event,” the letter read. “The Allen County Commissioners have retained Lifelock(R) to provide one (1) year of complimentary identity theft protection.” Questions in order to investigate about the incident were referred to Waldick, who was found unavailable for any further comments. And the calls, made to the company’s IT Department were not returned.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach reported at Mississippi Medical Center

March 12th, 2013

The University of Mississippi Medical Center (UMMC) were at a data loss when it recently encountered a data breach from a password-protected laptop of an unknown number of patients who checked in the hospital between 2008 and 2013. The relevant data had patients’ names, dates of birth, addresses, social security numbers, medications, treatments, diagnoses and other personal health information devoid of encryption software.

The health data breach came to UMMC’s knowledge on January 22 and it posted on their website that their laptops were used as a shared device by UMMC clinicians to work in a non-public area for patient-care. They still had no clue about it and therefore, administration of the organisation had an argument regarding data being viewed, accessed, used or disclosed with an intention for data breach in the absence of encryption software.

There has been no formal notifications from the former or current patients’ side about the unauthorized use of protected health and personal data information due to data breach. The University of Mississippi Medical Center invited all those affected patients who visited their medical center between the period of 2008 and January 2013 for the redressal of their grievances, or who wanted to pose any general question relating to data security and data encryption software. The UMMC suggested several ways to contact themselves, for instance, through UMMC Office of Integrity and Compliance representatives for any kind of assistance.

How Alertsec can protect our computers?

Alertsec provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. It uses Check Point Full Disk Encryption (former Pointsec) software, and has created a web based encryption service that radically simplifies deployment and management of PC encryption. Alertsec Xpress is the service that automatically protects ALL information you store on your PC

Alertsec Xpress provides:

  • Fully managed service for your convenience.
  • Very cost effective service.
  • Market leading laptop protection service.
  • Quick and easy implementation.
  • Easy to use protection.
  • Transparent solution.
  • Global 24/7 helpdesk.
  • 100% secure and reliable encryption.
  • Powered by Check Point – the market leader
Enhanced by Zemanta

Medical Clinic loses Patient records in data breach

March 6th, 2013

The Granger Medical Clinic of West Valley city, alerted federal health officials of a data breach, which took place after collecting records of about 2,600 medical appointment slated for shredding went missing. The records of the medical clinic all from 2012, may have included patient names, date and time of examination, and the medical reason for an appointment; printed from the electronic scheduling database, as reported by clinic’s attorney Steven Hester. He further added, no personal information of the patients such as, address, birth dates, medical claim, social security or finance related record including credit card numbers, were included. Some of those documents had internal medical record numbers which were of no use outside the health clinic. Computer security software became a matter of concern when a staff reported about missing records and an internal investigation was launched. Later, news releases were issued and letters were sent to all the affected patients.

The Health Insurance Portability and Accountability Act, popularly known as HIPPA — requires records of data breach for reporting it to the federal officials, the affected patients of the clinic and media. HHS website states, the law demands a notification of the identified data breach within 60 days of the mishap. This is why data encryption software is required to avoid data loss. HIPPA defines a data breach as any disclosure or use of data which compromised privacy or data security of health information that poses a risk of financial, reputational or other harm to the affected person.

Medical Data Breach on the rise.

Medical Data Breach on the rise.

Till date, there’s been no single indication of data breach incident reported where the information has been used for impropriety, Hester said. Recently, the data security ombudsperson for Utah Department of Health — Sheila Walsh-McDonald, remained unaware of the Granger clinic data breach, but according to her there is no such law requiring the health clinic to notify state officials.Walsh-McDonald was appointed by Gov. Gary Herbert last year after computer hackers broke into a poorly-protected government server and stole Social data Security numbers for up to 280,000 people. Public health officials are more concerned about the volume of the medical records plus the types of information that could potentially be made public in any data breach. She told other officials and the media that, “We just have to be vigilant all the time and staff needs to understand all of the implications.”

Hester said, the clinic is implementing new data procedures and re-training staff to guard against the future data loss to computer hackers and for further data security needs. The changes which are brought about in the health clinic regarding the computer security software include ending the policy of printing and shredding patient appointment records, he said. Despite, investigations which were carried out internally, Hester said it is still not clear about the incident that happened to the Granger clinic records.

The documents in Granger’s book records, which represent only a fraction of the estimated 60,000 patients, were thought to have been well guarded by a computer security software, but the files could not be extracted at the time of shredding.

Hospitals can secure themselves with Alertsec

Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute. Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.