Archive for September, 2014

Duke University Health System breached due to stolen thumb drive

September 4th, 2014

Duke University Health System suffered data breach when thumb drive was stolen from an administrative building by an unauthorized person. According to the reports, an unknown number of patients treated in the Duke Children’s Health Center and Lenox Baker Children’s were affected by the breach.

After the incident, Duke conducted investigation which revealed that thumb drive held spreadsheets with patient names, medical record numbers, physicians’ names, and some Duke University Hospital locations visited. No Social Security numbers, clinical data or financial data were involved.

According to the Duke University Health System website statement:

We have no reason to believe that the information on the thumb drive has been used in any way.  However, out of an abundance of caution, we began notifying patients on August 29, 2014 and have established a dedicated call center to answer any questions that potentially affected patients may have.

We deeply regret any inconvenience this may cause our patients.  To help prevent something like this from happening in the future, we are enhancing our encryption processes and re-enforcing staff education on the use of encryption and the importance of handling patient information secure.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

AltaMed Health Services suffers data breach

September 2nd, 2014

Sensitive data was potentially breached when an employee stole patient records in an apparent identity theft ring from AltaMed Health Services. According to the reports, 2,995 patients’ were affected by this breach. AltaMed offers a variety of healthcare services and temporary employee should not be given access to patient medical records.

Law enforcement, which was conducting an investigation of the breach informed AltaMed about the breach. Agency has a hard drive that’s believed to hold patient records. Temporary employee working with AltaMed has accessed electronic and paper records and affected patients include those who attended one of its community events in Orange and Los Angeles Counties.

The date breached includes patient names, email addresses, telephone numbers, Social Security numbers, provider information, insurance information, dates of birth, and addresses. “The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again,” The statement said.

AltaMed notified patients, California Department of Public Health, the California Attorney General’s office, and the Department of Health and Human Services (HHS).

Excerpts from the AltaMed Website Statement:

As part of its ongoing commitment to privacy and data security, AltaMed Health Services is issuing this updated website statement notifying affected individuals of a recent incident that may affect the security of their personal and protected health information. The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again. 

The organization launched an internal investigation into the matter to determine what AltaMed records this individual may have accessed during her employment.  The organization retained information privacy and data security legal counsel to assist with its investigation. This investigation is ongoing.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.