Archive for April, 2014

Centura Health hit by phishing attack

April 29th, 2014

 

Mercy Regional Medical Center of Durango, Colo.  suffered data breach because of phishing attack. In the recent times, phishing attacks have become more complex. It is observed that it is difficult even for shrewd of users to pick out. Mercy which is owned by Centura Health notified 1000 patients about the incident. Data affected by phishing attack includes names, Social Security numbers, Medicare beneficiary numbers, addresses, dates of birth and phone numbers. It also includes protected health information (PHI) such as diagnoses, dates of service, names of a patient’s treating physician and medical-record numbers.

Statement of Centura read, “We became aware that a small number of employee e-mail accounts may have been accessible as a result of the phishing. We hired an outside forensics expert firm to perform a comprehensive review of the affected employees’ e-mail accounts and confirmed that some of the e-mails contained patient information and may have included patient demographic information and/or clinical information and in some instances Medicare Beneficiary number and Social Security number.”

According to reports, Mercy employees were the target of a phishing email attack in which the hackers tried to obtain user names and passwords.  Phishing email was carefully drafted which gave the impression of authentic communication which trapped some employees to reveal system login information.

“Those steps included immediately stopping the attack, performing an investigation and hiring an outside forensics expert to assist, reinforcing education to all employees regarding ‘phishing’ emails and continuing to implement enhancements for strengthening user login authentication,” the statement read which implies Centura taking steps to implement  and reinforce necessary protective measures to help prevent future occurrences.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Boston Medical Center transcription service notifies 15,000 patients

April 28th, 2014

 

Boston Medical Center (BMC) suffered data breach due to transcription’s service vendor’s website. Around 15,000 patients have been affected by this incident. BMS has fired the vendor and notified the patients regarding the breach. According to reports, records didn’t include Social Security numbers or financial data but patient names, addresses, and medical information, including what drugs they were taking, were potentially compromised as a result of the website posting.

“We have no evidence that any unauthorized individuals actually looked at the records,” Jenni Watson, the hospital’s chief of staff said, “But we wanted to notify the patients involved.” The incident may have occurred due to vendor’s website lacking password protection for the patient records. BMC, which had worked with MDF for about 10 years, is unsure of the extent and duration of the breach.

“We take our responsibility to maintain our patients’ privacy very seriously and have notified all individuals who were affected by this vendor error. As a result of this incident, we have terminated our relationship with MDF.” BMC said.

Jani said, “The hospital had no reason to believe the information was viewed by outsiders or misused.”

It is interesting to see the agreement between BMC and vendor whether they have included terms of contract for breach, considering BMC has notified the patients from their end.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Hackers target Boston Children’s Hospital

April 24th, 2014

 

Cyber security hackers have made various attempts to crack Boston Children’s Hospital website. It was observed that hackers aim was to overload the Children’s website and potentially expose hospital’s internal network. According to reports, no attack was successful. Also, according to Children’s hospital no data has been illegally accessed.

Hospital has to shut down some web pages due to this hacking incident. As a result of which many patients were not able to access the details related to appointments, test results, and other case information. This attacks has not been linked to hackers group, Anonymous directly- But there seems connection for the attacks and group’s involvement in the Justina Pelletier (a Children’s patient) child custody case

Children’s chief executive Sandra Fenwick told employees that “multiple attacks, designed to bring the site down by overwhelming its capacity” and that the hospital “received a direct, credible threat against our internal network, including staff and patient information…”

It is believed that Anonymous is specifically targeting Children’s Hospital because of the Justina Pelletier case. According to reports, hospital believed that she had psychiatric and not physical problems. Since then Anonymous is involved in the campaign against the hospital. Boston Children’s Hospital has filed child abuse charges against Pelletier’s family following it seeking treatment for her alleged intestinal and other issues

Anonymous said, “To the Boston Children’s Hospital why do you employ people that clearly do not put patients first?” continued as “We demand that you terminate Alice W. Newton from her employment or you to shall feel the full unbridled wrath of Anonymous. Test us and you shall fail.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Stolen laptop of Coordinated Health may affect 700 patients

April 22nd, 2014

Coordinated health breach may impact around 700 patients as laptop was stolen containing PHI information. It was observed that laptop belonged to one of their employee. Laptop contained Protected Health Information (PHI) such as patient names, dates of birth, addresses, insurance information, appointment dates and physician names as well as their Social Security numbers.

Breach can be considered as HIPAA violation. Incident of stolen laptop occurred when an employee left the laptop in car. According to release from the Coordinated Health, the device was password protected but it appeared that laptop was unencrypted. The laptop was stolen from the car of an employee in Bethlehem. The incident was immediately reported to local authorities with a formal police report filed.

According to release of Coordinated Health –

Coordinated hired a forensic investigator to conduct a full review of the content on the computer. While the laptop was password protected, the investigation revealed that the device may have contained an email with an attached file of 733 CH patient files, their social security numbers and their protected health information including (PHI): name, date of birth, address, insurance, appointment date and physician name.

This is the second breach reported by Coordinated Health within the past month. In the first incident, Whitehall township office had been robbed and patient information and cash were stolen. In this incident around 70 patients were affected. The patient information included the last four digits of patients’ credit cards and Social Security numbers, as well as names, birth dates, phone numbers and some health information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UPMC notifies employees of data breach and fraud activity

April 20th, 2014

 

The University of Pittsburgh Medical Center (UPMC) notified around 27,000 employees affected by recent data breach. UPMC advised employees to verify with the IRS that their identities are safe. UPMC is also offering LifeLock identity protection to employees for free if signed up before this month.

“As of today, 788 employees have been the victims of tax fraud,” UPMC spokeswoman Gloria Kreps wrote in a statement. “We want to assure our patients that no patient information was breached. We are continuing to work with the IRS, Secret Service and FBI to determine the source of the breach. We continue to urge our employees to register with LifeLock as an important step to deter any additional fraudulent activity.”

It seems that information was accessed to get financial data and may cause identity theft for affected employees. In turn of events, affected employees have filed the law suit against UPMC. Michael Kraemer, the attorney is representing for the complaint against UPMC. He mentioned that organization failed to safeguard and prevent vulnerabilities from being taken advantage of in the UPMC computer system.

“We are putting our full resources behind efforts to investigate and secure our systems,” UPMC Vice President John P. Houston wrote in the letter. “We recognize a situation like this creates stress and anxiety about the safety of your personal information and we want to provide you with all the tools and resources we can to help you deal with this all-too-common crime.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach affects 1,144 patients of University Urology of Tennessee

April 18th, 2014

University Urology of Tenn. released data breach statement which involves 1,144 affected patients. Data breach information was limited to names and addresses. According to website statement social Security Numbers, financial account information, clinical information were not exposed.

This particular data breach incident involved an administrative assistant who gathered patient’s data in bid to sell to a competing provider for winning patients business. Incident came to notice when patients started receiving calls from competing provider. Patients began calling university to alert about unsolicited phone calls.

Peggy Kares, HIPAA Security Officer at University Urology, P.C. said, “We understand that any breach of protected health information is a concern for our patients. We sincerely regret this situation occurred.”

University took following action after the breach – It terminated the employment, revoked access to protected health information (PHI), changed internal passwords and agreed with the competing organization to destroy received patients information.

According to website statement,
University Urology, P.C. is notifying by mail the patients impacted by this breach. While it appears that the information subject to the breach was to be used for patient solicitation and there is absolutely no indication that the information may be used for purposes of identity theft, patients may choose to monitor their credit card, bank, or other financial statements for signs of fraud and identity theft.

The information consisting of patient names and addresses is considered protected health information and is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

LewisGale Regional Health System reports data breach

April 15th, 2014

 

LewisGale Regional Health System of Salem, Va.  notifies a multi state data breach to 400 affected patients. Around 40 of patients were under LewisGale’s care. Information related to patient names, addresses, insurance information and social security numbers were all potentially exposed.

Incident of breach occurred at LewisGale’s billing department due to former employee accessing patients data. Report stated that former employee is being investigated related to identity theft. It was found that they allegedly obtained credit, opened accounts, and even leased apartment with other people’s information.

Jim Clendenen received the letter related to data breach. “We’re retired now and everything we got is taking care of. I’d hate to have somebody stumble in there and take care of everything that we’ve worked all these years for,” Clendenen said.

He continued “Wondering how and why they would let an employee have access to something that he had no reason to have.” and “I just hope maybe something can be done to prevent you or someone else going through what I’m going through right now.”

LewisGale website excerpts are as bellow –

LewisGale Regional Health System was recently informed that a former employee, whose job function required access to Patient Health Information protected by HIPAA, is under investigation for misuse of that information related to approximately 40 of our patients. All of these patients have been notified in writing and provided complimentary credit monitoring through a national credit reporting agency. We have also established a toll-free call center for patients with questions, as well as an email address to which they may submit written communications.

 

We are fully committed to the security of Patient Health Information and the privacy of our patients. The employee in question has been terminated and we support this person’s prosecution to the fullest extent of the law.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Texas nonprofit advocacy group notifies PHI breach of 2,934

April 13th, 2014

An Austin, Texas nonprofit advocacy group for children with developmental disabilities, EveryChild, Inc. has informed 2,934 families about the potential data breach. EveryChild learnt about the breach when internal computer was found stolen from its office. EveryChild, Inc. is a non-profit with a contract with the Texas Health and Human Services Commission (HHSC) to help adults under age 22 and children with disabilities get services in a family setting rather than an institution.

Computer contained PHI information which included patients’ birth dates, Social Security numbers, Medicaid numbers, photos and other health information. EveryChild has also alerted Texas Health and Human Services Commission about lost computer and possible data breach.

EveryChild believes till date that data present on the computer was not misused. Information is not available whether the patients only from Austin suffered data breach or there are patients from San Antonio as well. Also information regarding safe guarding methods on the computer was not available. Thus it was not clear whether computer was password protected or encrypted.

Excerpts of Website statement –

Upon discovery of the theft, we immediately notified law enforcement and the Texas Health and Human Services Commission. We are cooperating with investigations and attempts to recover the computers. We are also improving the security of confidential information through security alarms, enhanced technology, and policy and procedure changes.

 

If you were personally affected by this theft and we have your current address, you will be receiving a letter informing you about the credit monitoring protection. If you believe you may have been affected and do not receive a letter, you may contact our toll free number.

 

We take the protection of private information seriously and sincerely regret that this crime put information at risk. We will continue work to put stronger controls in place to better protect private information in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

More 170,200 patients affected in previous Los Angeles County DHS data breach

April 10th, 2014

Los Angeles County Department of Health Services (DHS) earlier reported about 168,000-patient’s data breach at its billing company, Sutherland Healthcare Solutions. In the recent notification it has added more 170,200 patients in the data breach list. Total number of affected patients comes around 338,700.Earlier eight computers were stolen from Torrance which led to data breach.

Torrance police department along with Los Angeles County district attorney’s cyber-crime team and the U.S. Secret

Service are trying to find the information on break in. Spokesman David Sommers said there is three class action lawsuit filed against the county and it is reviewing Sutherland’s security procedures.

Information on the computers includes  patients’ first and last names, Social Security numbers and certain medical and billing information, as well as potentially birth dates, addresses and diagnoses.

Affected patients are offered 12 months of credit/fraud/identity protection services from ID Experts. “We encourage you to take full advantage of this service offering,” Sutherland tells affected patients. “Representatives from ID Experts are aware of the incident and can answer questions or concerns you may have regarding protection of your personal information.”

In this event further, Department of Health and Human Services (HHS) imposed fine on its first county, Skagit County of Northwest Washington, for a HIPAA violation. County has agreed to a $215,000 monetary settlement.

Sutherland provides services to the Los Angeles County Department of Health Services and Department of Public Health. The county is working with the vendor to review its privacy and security program. Sutherland has increased employee training.

The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

La Palma Intercommunity Hospital notifies data breach involving unknown number of patients

April 8th, 2014

La Palma Intercommunity Hospital delayed for about one and half year to notify affected patients. It has alerted unknown number of patients about the data breach. Details regarding the incident are limited. It came to notice that Intercommunity employee allegedly, without permission accessed information, which included Social Security numbers, driver’s license numbers, addresses, birth dates and limited medical information.

La Palma Chief Financial Officer Alan H. Smith, sent out a letter regarding firing of the employee involved in accessing the information. The note mentioned, “We sincerely apologize for any concern or inconvenience this incident may cause you,” Smith wrote. “The security and confidentiality of our patients’ personal information is extremely important to us. Our hospital has taken measures to protect against future attacks of this nature.”

Spokeswoman Rachel Hogue didn’t provide proper explanation as why there was a delay in notifying affected patients of the data breach. It was not clear how many patients were affected and whether the data was secure.

Federal privacy law forbids unauthorized viewing of patient medical records. Some hospitals have paid large settlements after their employees allegedly viewed the medical records of celebrities.

The letter from the hospital says that they are offering credit monitoring for one year.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta