Archive for December, 2013

Laptop theft at SIU HealthCare

December 4th, 2013

A laptop containing personal and medical information for almost 1,900 Southern Illinois University HealthCare patients apparently was stolen from a doctor’s private office at Memorial Medical Center.

Southern Illinois University School of Medicine doesn’t have any indication that the information has been used by identity thieves, spokeswoman Karen Carlson said.

But all affected patients are being informed about the largest potential breach of its kind involving patient data at SIU, she said.

SIU is working with the Springfield Police Department to locate the SIU laptop, which former SIU orthopedic surgeon Dr. Mark McAndrew had been using to record data for billing purposes, according to Dr. Jerry Kruse, SIU HealthCare chief executive officer.

“SIU Healthcare understands the critical importance of personal information privacy and doctor/patient confidentiality, and we sincerely apologize that this privacy incident occurred,” Kruse said.

SIU HealthCare, the multi-specialty physician group at the Springfield-based medical school, is “reviewing security and privacy policies. The privacy of our patients is of the utmost importance to us, and we are deeply sorry this has happened” he said.

Data on the laptop may have included patients’ full names, dates of birth, ages, admission dates, medical record numbers, diagnoses, procedural codes and some health information about the treatment they received.

The laptop didn’t contain Social Security numbers, addresses, health-insurance policy numbers, credit card numbers or other financial data, Kruse said.

SIU mailed letters late last week to all 1,891 patients whose data were on the laptop.

SIU waited until now to mail the letters and inform the public because officials were beginning an investigation and trying to verify whether the laptop simply had been misplaced, Kruse said.

The laptop turned up missing Oct. 15 during a check of materials in McAndrew’s former administrative office, Kruse said. The office had remained locked on the second floor of Memorial, Carlson said.

SIU then checked with McAndrew, 60, who resigned from the faculty in mid-September to join the U.S. Army and become part of the Army’s trauma training center in Florida, but he didn’t have the laptop, Kruse said.

SIU reported the apparent theft to Springfield police and SIU police, but they have no leads on the equipment’s whereabouts or who may have taken it, Carlson said.

When the laptop was confirmed missing, SIU already had begun looking at tightening policies dealing with patient information stored on doctors’ mobile devices. The apparent theft of the laptop underscores the importance of such policies, Kruse said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

RacingPost.com website – customer data theft

December 2nd, 2013

The betting and news site said the amount of customer data exposed by the breach will depend on how much information they handed over at the time of registration and will vary from user to user.

The data lost in this data breach incident might include usernames, first and last names, encrypted passwords, email addresses, home addresses and users’ date of birth information.

As information such as customer’s credit and debit card details are not stored on the site, the company was quick to inform that such information was not accessed during the breach.

A post on the website reads “As a consequence, customers have been advised by email that they should take the precaution of changing their password on other sites if it is the same one they use for RacingPost.com”.

Although the passwords are encrypted, RacingPost.com said it is still advising users to change their login credentials because there is a risk the hackers will be able to decrypt them.

Bruce Millington, the editor of RacingPost.com, apologized to site users for any inconvenience caused, and revealed the attack on the site could be linked to others.

“Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation, we did everything in our power to halt the breach. As part of our efforts to resolve the issue, we have turned off the ability to register/log on to RacingPost.com. We are extremely sorry this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies. We thank you for your patience and understanding,” Millington concluded.

Lloyd Brough, director of cyber incident responses at NCC Group, suspects the breach was caused by the exploitation of a web application vulnerability.

Brough said “While it is positive they have been quick to disclose the breach, providing further technical details on what type of ‘encryption‘ was used for the passwords would helped further inform technical users”.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta