Archive for June, 2014

Hershey Medical Center suffers data breach

June 4th, 2014

 

Penn State Milton S. Hershey Medical Center notified around 1801 patients for the recent data breach occurred due to employee’s unauthorized access of clinical data. According to reports, particular employee working as a clinical laboratory technician used his personal computer to access protected health information (PHI).

The employee used removable storage device and personal email account while accessing information. Organization is working on improving internal education and training of employees on security best practices. According to release by Hershey medicals –

The employee was authorized to access and use this information because of his job at Penn State Hershey. However he worked on the test log at home using systems and devices outside the secured Penn State Hershey system—his personal computer, a removable storage device (a flash drive) to transport the log home to continue his work after hours and his personal email account to send the updated test log to two Penn State Hershey physicians.

 

Penn State Hershey considers patient privacy and confidentiality to be of the utmost importance and chose to notify patients of this incident out of an abundance of caution. To decrease the likelihood of similar circumstances occurring in the future, Penn State Hershey is increasing education efforts with employees, focusing on the essential responsibility of all staff to safeguard patient health information at all times and follow proper practices for doing so.

 

This incident exposed PHI which includes patient test logs from the organization’s women’s health and family practice clinician offices. However, no Social Security numbers or financial data were involved. Affected patients were treated from August 1, 2013 to March 26, 2014.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Connecticut based Access Health in the process of data breach notification

June 2nd, 2014

The Connecticut state health insurance exchange, Access Health CT suffered data breach after its vendor’s employee lost a backpack. According to the reports, bag contained notepad having information which includes 413 handwritten names, 151 Social Security numbers, and an undisclosed number of birthdates.

“While we are still working to understand exactly why this person took the information out of the building, based on what we have learned so far it does not appear there was malfeasance on the part of this person,” Jason Madrak, Access Health’s chief marketing officer, said in a statement Sunday.

Access Health has provided one year free credit monitoring and also understanding cause and prevention of such incidents. It is in the process of notifying the affected patients about the breach. Count for affected patient’s stands at 413 according to initial reports.

“The attorney general takes matters of privacy and data security seriously,” Jepsen spokesman Robert S. Blanchard said in a statement. “Consistent with our practice in past breaches by other custodians of personal information, we reached out on Friday to Access Health CT regarding the incident and its plans to protect those potentially affected. We expect those discussions to continue as we seek to ensure that Connecticut residents’ privacy and personal information is protected. In particular, the office is seeking to determine how this incident occurred, what security procedures and policies were in place before the incident, and what is being done to reduce the risk of future breaches occurring.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.