Archive for May, 2014

ProMedica Bay Park Hospital suffers data breach

May 29th, 2014

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach. Protected Health Information(PHI) had been copied by the incident when employee inappropriately gained access to the information. Compromised data includes patient names, dates of birth, diagnoses, attending physicians, and medications. According to reports, Social Security numbers and financial data were not accessed.

“ProMedica Bay Park Hospital values patient privacy and deeply regrets that this incident occurred,” the organization said in a statement, reported by northwestohio.com. “The hospital is taking this matter very seriously. ProMedica immediately deactivated the employee’s access to patient information and the individual is no longer employed by ProMedica. ProMedica Bay Park Hospital has completed an internal investigation and is taking precautions to prevent any further health information breaches. This includes additional training for employees to ensure they understand and follow patient information access policies.”

It was revealed that previous employee accessed records of patients when not in directly under the employee’s treatment. The hospital said it will offer all affected patients a one-year membership for identity theft protection services, which includes a security freeze on their credit file, 90-day fraud alert notice, and free annual credit reports and other account statements.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Elliot Hospital’s four computer workstation gets stolen

May 27th, 2014

CNET News - Desktop threat, still a threat (De...

Elliot hospital suffered data breach when employee’s car was broken and computers were stolen. Elliot hospital notified 1200 patients of breach that occurred due to this incident. According to the reports there was no medical or financial data on the workstations and there was only one Social Security Number. The Elliot Hospital employee was apparently transporting the workstations from different Elliot locations.

Patients name were present on workstations. Also 20 emails on computer has data such as date of service, date of birth, address, telephone number and billing codes. Elliot conveyed that they have improved its security processes.

“It’s very important to keep in mind or to understand that this is not a situation involving the breach of electronic medical records,” John Friberg, senior vice president of Elliot Hospital said, according to reports. “In fact, none of the information involved any medical records. For instance, nothing on these four PCs related to any medical history of any patients.”

It is believed that no information has been misused till date. According to new practice, PCs will no longer auto-archive data in the individual hard drive and the data instead will be centrally archived.

Elliot also decided to encrypt it’s PCs.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

LA County heighten encryption policies after data breach

May 24th, 2014

According to reports, LA County is in the process of boosting encryption policies which includes reviewing privacy and security procedures. Los Angeles County Department of Health Services (DHS) also initiated new efforts to boost security after recent data breach that affected 342,000 patients.

After the breach, DHS has taken following initiatives –

  • It will boost data security rules
  • Mandating encryption for employees laptops and computer workstation hard drives

L.A. county contractors that exchange patient data with the county must also encrypt the data in motion. Lisa Richardson, DHS spokeswoman, added that the Sutherland incident “alerted us to some necessary security measures.”

It is curious to learn about DHS’s encryption policies prior to the Sutherland breach and what other types of changes it made to safeguards as a result of the data breach.

Important : Health and Human Services (HHS) will be looking to ensure that organizations have encrypted devices containing protected health information (PHI).

It was observed that ideal scenario is not to include sensitive data on local desktop and laptops. But as this situation is difficult to achieve due to work requirements, it is advised to encrypt your devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

UCI notifies students of malware incident

May 22nd, 2014

University of California Irvine (UCI) notified 1,813 students and some non-students affected by a data breach involving key logging software malware. Three UCI student health care computers were affected by the malware incident. The incident came to notice when UCI IT security office learned about the malware on computers.

Information compromised includes patient name and unencrypted medical information. It also potentially included health or dental insurance number, CPT code(s), ICD9 code(s) and/or diagnosis) and student ID numbers. The affected group also included non student’s information like patient ID numbers, mailing addresses, telephone numbers, amount paid for services received, and bank name and check numbers. Information may have been transmitted to unauthorized servers.

According to reports, UCI immediately disconnected the affected computers and made sure that no other components of network were affected.

UC Irvine regrets that your information may have been subject to unauthorized access, and we have taken and continue to take remedial measures to ensure that this situation is not repeated. UC Irvine is committed to maintaining the privacy of students’ and non-student patients’ personally identified information and takes many precautions for the security of personal and medical information. The University is continually modifying its systems and practices to enhance the security of sensitive information.

The university has no indication that the data have been misused.  The  number of patients affected was not reported.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Protect Personally Identifiable Information

May 20th, 2014

Modern security systems rely on users’ personal information, also known as PII, or personally identifiable information, but a data breach can potentially lead to monetary as well as trust loss. So it is very important to protect information from falling into wrong hands.

PII data stands floating around internet, details can easily be cross-correlated, helping wrong doers to quickly put together accurate identity profiles to gain advantage out of information. With just few important aspects of information thieves can cause huge losses to companies or individuals.

Types of PII – static and dynamic

Dynamic PII data includes details like credit card and bank account numbers, email addresses and passwords

Fixed PII data, such as date and place of birth or a national ID number such as a U.S. Social Security number, is far more valuable.

Hacking causes nightmare to both service providers and users. It causes huge losses which stands around  at least $60 million (before insurance) in direct expenses. End users may also  suffer an increased risk of being hacked elsewhere.

Protect your PII –

Passwords:  Properly encode password hashes which should be extremely expensive to decrypt when a breach occurs.

Users: Shifting security data from the service provider to the end user can benefit everyone. Example is of security question where user can creates his or her own question.

Transparency – Increasing user activity transparency – such as providing the time and location of last login – gives extra tools to the user to detect intrusions.

Encryption – Install tools to fight hacking. Install encryption software on laptops and computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Another 3,497 patients added to data breach list

May 17th, 2014

 

Sutherland Healthcare has to add names of 3,497 patients in the list of data breach. In April, Sutherland has already added 170,200 patients to the list of affected. Now new addition has increased the count to 342,000.

All the patients received Drug Medi-Cal services through the Department of Public Health. Though no Social Security numbers were included in the breach, patient names, addresses and billing information may have been compromised.

The incident dates back when eight computers were stolen from Sutherland’s Torrance, Calif. office. In the initial reports 168,000 patients were included in the affected list for whom patients’ first and last names, Social Security numbers and certain medical and billing information were potentially compromised.

The notification sent by Sutherland to patients assures them that the company takes “patient privacy very seriously,” but doesn’t notified whether it cared enough to encrypt the data.

The California Attorney General’s office likes encryption and noted in a report last year that more than half the 2.5 million victims of data breaches it surveyed in the state in 2012 would have benefited from its presence. Sutherland’s notice offered those affected free credit monitoring services through ID Experts. The final number on the Sutherland breach is as yet unknown, as they did not disclose how many other covered entities may have been affected by this breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

OCR dismisses group of activist’s HIPAA complaint

May 15th, 2014

CNET News - Desktop threat, still a threat (De...

A group of activist, Change to Win (Ctw) had earlier filed a complaint with the Office for Civil Rights (OCR) after it found that patient’s privacy was compromised. OCR has officially completed its investigation into this Walgreens “Well Experience” program. After investigation it has dismissed the complaint.

Ctw has claimed that pharmacists were leaving the desks unattended and thus there were chances of exposing patient’s data. It was case of physical safeguards violation according to Ctw at the Walgreens “Well Experience” program. OCR has performed number of site visits and found as well as concluded that there was no reviewable evidence that Walgreens was missing the appropriate protected health information (PHI) safeguards.

But OCR gave some advice to Walgreens on patient’s consultation room and a screen containing patient’s name. It also recommended retraining of the employees in each store depending upon specific issues. The federal organization will provide Walgreens with technical assistance.

Upon completion of these on-site investigations, OCR found that Walgreens implemented the Well Experience specific safeguards in these stores and, further, these measures appeared to appropriately safeguard patient PHI. OCR noted that in the few stores where there was some evidence of staff error with regard to the implementation of safeguards, this was not evidence of widespread and systemic non-compliance, as the errors varied from store to store.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Boulder Community Health (BCH) investigating data breach

May 13th, 2014

 

Someone mailed patients’ records to their homes to prove that Boulder Community Health (BCH) has lapses in security. It is one of kind of incident where context of breach is bizarre. BCH located in Colorado is investigating the incident. Earlier incidents include BCH notifying 178 patients when paperwork was missing. A different incident of BCH happened in which two unlocked recycling bins left 79 patients’ records exposed.

The letters which was sent out contained information of the records from the clinic sites on the main Foothills campus and the Riverbend Office Park neighboring the campus. The letter was sent to the patients to show the lapses of BCH in securing patient’s information. It mentioned that the sensitive information was taken from the papers present in trash bins just outside of the campus.

“If you travel north of Arapahoe (Avenue) on 48th (Street),” the letter said, “you will see the blue containers that contain medical records. These containers are often left unlocked.”

BCH has claimed that it has checked and reviewed employee privacy training and education and added automatic locks to recycle bins. It was not clear exactly whether there was a shredding policy in place.

“Our immediate goal is to determine the scope of this situation,” Boulder said in a statement. “We will work with any affected clinics to assess the impact on their patients and provide support to affected individuals.”

The letter also didn’t fail to accuse the organization of focusing on making money while not emphasizing patient privacy.  Based on the reports, it was clear that unknown person inappropriately took nine patients’ records and sent them to those patients in an attempt to shed light on Boulder’s alleged lax patient privacy policies.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Largest ever violation settlement by NYP and CU

May 10th, 2014

The Department of Health and Human Services (HHS) has issued $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital (NYP) and Columbia University (CU). Earlier NYP and CU had violated both the HIPAA Privacy and Security Rules which resulted in electronic Protected Health Information (ePHI) of 6800 patients to data breach. NYP and CU learned of the breach when a deceased patient’s partner found the former patient’s ePHI on the internet.

Breach occurred when the application developer for the affiliate organizations tried deactivating a personally owned computer server on the network which held the data. Soon the ePHI become accessible on the internet search engines after the process of server deactivation.

NYP and CU had submitted a joint breach report after ePHI held on their network suffered data breach. EPHI included patient status, vital signs, medications, and laboratory results.  NYP paid OCR $3,300,000 and CU had to give $1,500,000, with both agreeing to complete corrective action plans. It includes risk analyses, developing risk management plans, revising policies and procedures, staff training, and providing OCR with progress reports.

“When entities participate in joint compliance arrangements, they share the burden of addressing the risks to protected health information,” said Christina Heide, Acting Deputy Director of Health Information Privacy for OCR. “Our cases against NYP and CU should remind health care organizations of the need to make data security central to how they manage their information systems.”

According to the hhs.gov website,

In addition to the impermissible disclosure of ePHI on the internet, OCR’s investigation found that neither NYP nor CU made efforts prior to the breach to assure that the server was secure and that it contained appropriate software protections.  Moreover, OCR determined that neither entity had conducted an accurate and thorough risk analysis that identified all systems that access NYP ePHI.  As a result, neither entity had developed an adequate risk management plan that addressed the potential threats and hazards to the security of ePHI.  Lastly, NYP failed to implement appropriate policies and procedures for authorizing access to its databases and failed to comply with its own policies on information access management.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

– See more at: http://blog.alertsec.com/#sthash.4Btkgtu7.dpuf

Enhanced by Zemanta

UPMC faces file class suit by the data breach affected employees

May 7th, 2014

University of Pittsburgh Medical Center (UPMC) data breach has invited file class suit by the 27,000 affected employees. A file class suit is filed against UPMC and its payroll vendor, Ultimate Software Group. Out of 27,000 affected employees, 788 employees were known to have been the victims of tax fraud.

An attorney, Michael Kraemer filed the class suit against UPMC. He said that at least two employees learned that their data had shown up on an “underground or black market-type forum.”  “It gives me more questions. Is this related to the UPMC data breach? If it is, UPMC should be as transparent as possible in letting everyone know what they know about who has the information or if it’s been contained,” said Kraemer, who is pursuing class-action litigation against UPMC.

The suit mentions that UPMC and the vendor breached its duty to protect private employee information which resulted in vulnerability of misuse of employee’s information to tax return fraud. UPMC has offered employees the chance to sign up for a year of free credit monitoring services – But the class suit is filed for a court injunction forcing 25 years’ worth of identity theft insurance, credit restoration services, and credit and bank monitoring services.

Mitchell Dauerman, the company’s executive vice president, said he doesn’t believe UPMC or any of its subsidiaries are clients of Ultimate Software, and may have been sued by mistake.

Some UPMC employees interviewed on the streets of the city’s Oakland section feared for identity theft.

“They’re going to wait one year, they’re going to wait two years, they’re going to wait three years, and they could come back. I could be affected by a job I took in college, which is sort of scary,” said Allisandra Supinski.

“I feel comfortable with the one year that I have. If i look into it more, I may change my mind,” said Amy Hoffman.

“As long as you are with UPMC, they should cover us. As long as we work there for them, we should be able to get protected,” said Rodreda Tate.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta