Archive for September, 2014

Technologies for Healthcare security and efficiency

September 27th, 2014

Technologies have been upgraded to accommodate more users and extra efforts are done to safe guard the data. Organizations are demanding software to process larger amount of workload with reduced hardware infrastructure. But they are equally concerned about the data security and multiple products and process are used to implement same. Large amount of investment is done on data loss prevention techniques within and outside of a healthcare IT network.

With the acceptance and growth of Cloud Computing and virtualization technologies, there is also advancement in the security technologies. Below are the linked technologies for Healthcare security efficiency.

Software-defined technologies: Technology is designed specifically to simply networking and security process using new type of software based engines taking security to complete different level.

Virtualization: Virtual firewalls or virtual security appliances are making their way into many large health care environments. To deal with internal traffic security, more virtual applications are used.

Scanning and control engines: With the advancement of the technology new type of scanning and control engines are deployed to detect the threat as early as possible. Features like data-loss prevention (DLP), intrusion detection/prevention services (IPS/IDS), and even disaster recovery load-balancing, are all become more standard.

Controlling end-user devices and BYOD: This is about controlling access to the end user device which employees bring according to the company BYOD policy.

Cloud security:  Due to Cloud, more devices are equipped with scanning more types of traffic coming into a healthcare infrastructure. Specific attention is given to the access control for the users and efforts are made only to provide authorized access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Owensboro Medical Practice suffers data breach

September 24th, 2014

Medical Practice has notified 3000 patients who have suffered data breach due to employees who tried to contact them with intention of starting own business. Still there are conflicting reports about the involvement of a business associate (BA) and the dates of breaches. Information which was affected included patient names, addresses, telephone numbers, dates of birth, Social Security numbers, and health conditions.

According to the reports, Medical Practice, located in Owensboro, KY, the breach occurred three years ago and Director of Research for Owensboro Medical Practice, Timothy Hillard said he knew of the incident.”Even if it was one patient, that one patient’s information is highly important to us and not the entire medical records were taken but demographics such as name, date of birth, age, social security number, which is, you know, very concerning to us.”

According to the statement:

On or about July 24, 2014, Owensboro Medical Practice, PLLC, and its business associate, Research Integrity, LLC, learned that a spreadsheet containing protected health information was wrongfully copied and removed from the offices of Research Integrity by a former employee. This occurred despite the fact that only properly authorized persons at Research Integrity had access to the spreadsheet.

Owensboro Medical Practice and Research Integrity are both investigating the incident and taking steps to ensure that patient information is secure. The companies are also pursuing the return of all hard copies of all information from the spreadsheet, the deletion of all computerized versions of such information on a permanent basis, and permanent injunctions against the persons or entities who had possession of the data from utilizing such data in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Malvertising and Online Ad Networks

September 22nd, 2014

This decade has seen tremendous rise in the internet business and online advertising has become second largest ad medium after newspaper. So it has attracted attention of attackers to rip off the user.

Advertising networks could become “the next primary attack vector,” contends new research from Bromium Networks. Worse, popular security technologies such as signature-based detection are essentially useless against such attacks, said Rahul Kashyap, Bromium’s chief security architect and head of Research.

Attackers simply put the advertisement on popular sites like YouTube and Yahoo and when user clicks such ads, malware is downloaded. Video sites like YouTube is the best for such attacks as users tend to spend more time on these sites.

These so-called malvertising attacks offer “one of the best ways to compromise huge numbers of people and get away quickly,” said Kashyap. “Attackers can potentially infect millions of people by randomly placing a few malicious ads.”

The Bromium research details a malvertising attack on YouTube that involved kits which enable attackers to test their malware to see if it will be detected by antivirus products.

In a blog post about the YouTube attack, Bromium’s McEnroe Navaraj said Bromium was working with the Google security team to analyze the attack. “Google has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again,” he wrote. Also, he noted, “We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures.”

While disabling ads with an ad blocker is a near-term option for enterprises worried about these kinds of malvertising attacks, Kashyap said it is not a practical long-term solution. “You want to leverage the kinds of technologies which do not depend on signatures or other known techniques to block threats on the network,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

What is Whitelisting?

September 21st, 2014

A whitelist is a list of those that are being provided a particular privilege, service, mobility, access or recognition depending upon the user’s use. Whitelisting is the reverse of blacklisting.With the process of whitelisting you are relatively safer in the online world. With a relatively small number of malware items, it made sense to compile known virus signatures to detect and prevent infection.

Traditional antivirus is based on blacklisting which helps to block known malware,” said Simone Spencer, endpoint product sxpert,McAfee. “Whitelisting limits use with a ‘deny by default’ approach so that only approved files or applications can be installed.

“Whitelisting is more necessary than ever because viruses and other malware are morphing,” said Rob Cheng, CEO of PC Pitstop.”This means that one virus looks like hundreds or thousands of different viruses to traditional AV products.”

“The stakes have gotten higher because of ransomware viruses, which encrypt your hard drive and demand a ransom in BitCoins for all your files back,” said Cheng. “It encrypts photos, videos, Excel files, PowerPoint presentations and so on, so all your most personal documents are lost.”

Ways of whitelisting: Smaller organization can compile their own list of allowed application. But most enterprises are advised to install whitelisting software preconfigured with known good executables and domains.

Another way of doing whitelisting is application control where you decide which application can run or denied. As virus and malware signatures are becoming increasingly ineffective, this approach of whitelisting is relatively positive. Gartner surveys show that 25 percent of enterprises are already deploying some form of application control.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Six CHSI hospitals face lawsuit for data breach damages

September 20th, 2014

According to the reports, six patients who allege their protected health information (PHI) had been exposed to CHSI’s Chinese hackers incident are suing the group. Currently six Mississippi hospitals and their parent company Community Health Systems, Inc. (CHSI) are facing the probe.

The list of hospitals affected by lawsuit is –

  • Central Mississippi Medical Center in Jackson
  • River Region Medical Center in Vicksburg
  • Madison River Oaks Hospital in Canton
  • Crossgates River Oaks Hospital in Brandon
  • River Oaks Hospital in Flowood
  • Natchez Community Hospital.

Community Health Systems, Inc. is conglomerate consisting of 206 hospitals operating in 29 states. CHSI has earlier acquired Health Management Associates (HMA) in January for $7.6 billion and six hospitals had been owned and operated by HMA. The data breach affected 4.5 million patients’ data and some think that it was a result of the OpenSSL Heartbleed vulnerability infiltrating CHSI’s network.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Aventura Hospital suffers third data breach in two years

September 17th, 2014

The data breach at Aventura Hospital has exposed 82,601 patients’ data from Sept. 13, 2012 to June 9, 2014. It occurred due to vendor’s employee stealing the sensitive information during that span. It is third breach for Aventura in the span of two years. Valesco Ventures, Aventura’s HIPAA business associate (BA) sent out alert notices to the affected patients.

The affected information included patient names, dates of birth and Social Security numbers, but the organization said that no financial or health information was breached. Incident occurred when Valesco employee inappropriately accessed patient’s information.

According to the Aventura, it will begin assessing how to mitigate patient risks going forward while organization is working with local and federal authorities on breach investigation.

According to the statement:

Valesco Ventures, which provides hospital physician staffing and related services to patients in hospitals, was recently made aware of a situation involving the possible theft of personal patient information from Aventura Hospital and Medical Center. We are committed to the security of patient information, and we apologize for this incident.

On May 28, 2014, Valesco Ventures was notified that an employee may have improperly accessed the personal identifying information of a number of patients of Aventura Hospital and law enforcement was contacted. On June, 10, 2014, law enforcement concluded that this employee had improperly accessed this patient information.

Shortly after law enforcement was notified, Valesco Ventures and Aventura Hospital suspended the individual’s computer and physical access to patient data, and began assessing how to mitigate risks to all patients. Valesco Ventures and Aventura Hospital continue to work with law enforcement to preserve the information that is important to their investigation. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Temple University laptop stolen

September 15th, 2014

A Temple University physicians’ office alerted 3,780 patients about data breach caused due to laptop theft from its surgery department. The Temple University physicians’ office laptop included patient names, ages, billing codes, and, in some cases, the names of the referring physicians. Local authorities and the Department of Health and Human Services (HHS) were notified by the Temple.

“To help monitor the potential misuse of the stolen information, Temple has offered identity-monitoring services within the United States to all affected patients for 12 months, at no cost to them,” the statement said. “We deeply regret this incident and the inconvenience this may have caused our patients.”

After the breach, Temple office said it will reinforce employee training, boost physical security and improve technical security measures on desktop computers. The laptop was not encrypted as per the Temple. They also said that hospital staff has been re-trained in computer security and steps have been taken to improve physical surveillance. The theft comes in the month involving 4.5 million medical records stolen from Community Health Services, by computer hackers allegedly from China.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Incorrect mailing leads to data breach

September 12th, 2014

Lowa hospital confirmed data breach when human error along with technical issues led to patients’ information being sent to the wrong recipient. Monte Goodyk received his medical bill with the billing information of 11 other Pella Regional Health Center patients.

“Well, you freak out initially, because your first thought is if I have their information, they may have my information,” Goodyk told the news source. “You can almost tell what’s wrong with this patient and what they’re going to the hospital for. I should not know this information about this patient.”

According to the reports, the name and billing information of 11 patients was incorrectly included on a statement to one patient.

“We determined that a number was incorrectly entered into our computer system when an individual checked into one of our clinics,” the spokesperson said in an email. “Our systems failed to identify the human error had happened. Pella Regional Health Center reached out on Friday to all 11 patients involved by phone and connected with 8 of the 11 patients affected. A follow-up letter was sent to each individual with information and our apologies.

Pella Regional’s privacy officer and senior administration is reviewing how they can prevent this type of mistake from happening again, the spokesperson said.

“Today it was discovered that information including your name and Pella Regional Health Center billing information was included on a statement to another patient,” read a letter sent to the 11 patients. “While no diagnosis information was included, we apologize for this breach of information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Dorn VA medical center may have suffered data breach

September 9th, 2014

The Dorn Veterans Administration Hospital may have suffered data breach after officials recently came to know that several boxes with patients’ information had gone missing. According to the reports, four boxes of pathology reports that were stored in a locked area are not present in the desired place.

“We are contacting our Veterans who may have been impacted,” Medical Center Director Timothy McMurry said in a statement. “For we take the loss of personal information very seriously.”

Details of the boxes are –

  • Records in question are only from the years 1999, 2000, and 2002
  • Patients’ names, Social Security numbers (SSNs) and pathology reports are included in the missing files
  • 2,000 patients may have had their personal information compromised

Dorn officials came to know about the missing boxes when they planned moving them in long term storage facility. Officials believe that till date no information is being misused however they mentioned that one year of free credit monitoring is available to veterans who are notified in writing. This is not the first time that Dorn found itself face-to-face with a security issues, earlier unprotected laptop was stolen. According to the reports, patient names, birth dates, weight, race, respiratory test results and partial Social Security numbers (last four digits) were all included on the pulmonary testing lab laptop. Till date, laptop is not recovered.

Central Utah Clinic 31,677 patients suffers data breach

September 6th, 2014

Central Utah Clinic notified all the patients affected by the data breach caused by the unauthorized entity access of its server. The letter by the clinic stated that the server held only a “limited subset of written imaging and radiology reports dated 2010 and earlier” and not a full set of patient data. But the server did contain patient names, dates of birth, Social Security numbers, addresses and phone numbers.

Central Utah Clinic said that it has alerted regulatory authorities regarding the breach and beefed up the security by hiring security services firm to help with internal access monitoring.

“Protecting our patients’ information from exposure of any kind beyond what is needed for treatment, and particularly from cybercriminal activity, is a key focus at Central Utah Clinic, and we take full responsibility for this incident,” said Scott Barlow, Central Utah Clinic CEO. “These attacks are an unfortunate aspect of information technology and modern healthcare is not immune from this. It is important to understand there is no indication that any of our patients’ personal information was viewed or copied. Regardless, we are committed to transparency and working with our patients to mitigate possible effects of this occurrence.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.