Archive for October, 2014

Moving into new location aggravate reasoning for two data breaches

October 29th, 2014

The Metro Public Health Department in Nashville, Tennessee is facing its second data breach when a file cabinet containing files of HIV patients was accidentally sent to a Metro school instead of surplus warehouse. The files were decade old and Health department is monitoring its process of how files are handled during a move to avoid such incident.

The first breach involved missing 1,700 index cards with names, dates of birth, Social Security numbers, addresses and medical coding after the department moved to its new building. The information affected patients in the Children Special Services (CSS) program.

“We are letting them know we started an investigation immediately and we do not believe, according to our investigation, that any of their information was accessed,” health department spokesman Brian Todd told an ABC affiliate at the time. “We believe those index cards probably ended up in a landfill.”

The health department is taking extra efforts to train staff for process and information related to HIPAA laws, patient identification and security.

Todd added that when the department realized those files were missing, it did a “thorough review of all files that were moved from the old building to the new building.” No other files were found to be missing, so if an individual came for any other service, were not impacted, Todd said.

Health department announced it was offering all the impacted people one year of free identity protection through AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Record stolen from doctor’s storage shed

October 25th, 2014

Dr. Nisar A. Quraishi came to know that both latches on the shed door of his office’s storage facility had been cut and medical records of patients he had treated was stolen. According to the reports, approximately 40,000 patient records containing protected health information (PHI) were missing. The records reportedly included patients’ Social Security numbers, dates of birth, home addresses and medical histories.

Quraishi said he had “no idea” who broke into the shed and that he had not been to the property since Aug. 10, at which point the shed was still secure, the news source reported. Quraishi became aware of the issue when he was contacted by a neighborhood resident that the lock was broken. Quraishi also told police he was unable to immediately provide any of the names of the patients whose records were stolen from the shed.

While conducting investigation, police said there were no security cameras or witnesses in the area or at the scene. According to the Journal, neighbors weren’t even aware that a break-in had occurred in the first place. It was also reported that the first floor of Quraishi’s office “is a gutted, empty space with exposed beams and no carpet.

A spokeswoman for NYU Langone Medical Center, where Quraishi has been employed since January, said the stolen records were not of NYU Langone patients.

“The patient records involved were from Dr. Quraishi’s private practice … and therefore do not include any treatments provided by him since his employment with NYU Langone as of January 2014,” said Lisa Greiner, senior director of institutional communications at NYU Langone Medical Center. “The medical records of patients who were treated at NYU Langone by Dr. Quraishi are not part of the breach in question.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

X-Ray films and data exposure

October 23rd, 2014

California healthcare facility suffered data breach when improper disposal of information affected PHI. Graybill Medical Group notified patients of a potential data breach after X-ray films were accidentally taken out with the regular trash. It was meant to be sent to a waste disposal company.

According to the reports, the films set for disposal were placed in a trash liner bag but the employee who was supposed to take them to the disposal company was ill.

“Later that evening or early the next morning, our janitorial service gathered the films, believing they were to be disposed of as ordinary trash,” Arena said in the release. “That bag was then taken to a dumpster and collected by the waste disposal company. When this was discovered the following day, we attempted to locate the films in the dumpster but it had already been emptied.”

Graybill tried to possess the information by reaching to trash company but was informed that they had already been taken to a landfill and were irretrievable.

“Of the total group of X-ray films that were taken during that period, only a small percentage were to be destroyed,” Arena explained. “Unfortunately, because we do not know which films were in the group set for destruction, we are taking the extra precaution of notifying all patients who had X-rays taken during that time.”

According to the reports, films did not contain Social Security numbers or any other medical information. However, they did contain patient names, addresses, phone numbers, dates of birth and medical provider identification.

“It is our sincere belief that the trash bag of X-ray films is now buried in an unknown location in the landfill, and we have no reason to believe that any of demographic information they contain will be accessed or used in an adverse way in the future,” Arena said. “Protecting the privacy of our patients is of the highest priority in our organization and we deeply regret this incident occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptops with PHI missing

October 21st, 2014

In the unprecedented event, few laptops went missing in the period of three years from ambulances in the Dallas area. According to the reports, laptops contained patient information. Dallas City Hall stated that Dallas Fire-Rescue (DFR) Emergency Medical Services (EMS) laptop computers in DFR ambulances “became unaccounted for” in the three-year period.

“If the EMS laptop used during a patient’s treatment was one of those unaccounted for, and if the paramedics performed an electrocardiogram (EKG) on the patient, that EKG and possibly the patient’s name, age and gender, may have become accessible to an unauthorized person(s),” explained a press release from the city of Dallas.

Incident was reported to US Department of Health and Human Services (HHS) and according to the process affected patients were notified.

“The City has formed a breach assessment team, which is working with an outside consulting firm to assess potential security risks related to the EMS laptops,” the statement read. “Once the risks have been identified, actions will be implemented to prevent such events from recurring.”

Reports failed to mention number of laptops that went missing. According to the release, Patients who have been contacted and who have questions related to this matter can call the Dallas Fire-Rescue EMS staff.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A Pennsylvania healthcare service suffers data breach

October 19th, 2014

A Pennsylvania healthcare service suffered data breach incident which may led to personal health information (PHI) misuse. According to the reports, computer server containing patient information for Dr. Barry Snyder was breached after a third party element accessed information wrongly.

“Our forensics experts cannot verify with 100 percent certainty that the data security event occurred, but Penn Highlands Brookville is providing notice to affected patients so that they may take steps to protect their identity if they feel it is necessary,” the release said.

The affected information includes patients’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, phone numbers, insurance information, medical information and gender.

Healthcare swung into action and hired national security and computer forensics experts to thoroughly investigate the incident. It also provided toll free number for patients to call for more information.

According to the press release:

Penn Highlands Brookville encourages its patients to remain vigilant by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. 

At no charge, you can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Please note, however, that because it tells creditors to follow certain procedures to protect the individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

18th Breach for Oregon Health Insurance Exchange

October 17th, 2014

In the successive events, Oregon Health Insurance Exchange suffered 18

security breaches in past six months. The recent incident involved documents with PHI being sent to wrong patient. Cover Oregon spokeswoman Ariane Holm said the breach is under investigation. The exchange’s security team with a return envelope was immediately sent to Migliaccio who got the other patients information.

“We take the security and privacy or our customers very seriously and have policies and trainings in place to protect personally identifiable information of our consumers,” Holm told the news source, adding Cover Oregon regularly improves procedures.

According to the Associated Press, Ann Migliaccio applied for health coverage through Cover Oregon and then received documents in the mail containing the names and birth dates of two other applicants. However, Migliaccio told the news source that the documents did not include Social Security number. Affected information included addresses, names, dates of birth and internal Cover Oregon IDs.

“It was pretty shocking,” Migliaccio said. “But with Cover Oregon nothing is shocking anymore. They should be very thankful I’m an honest person and I will not try to use this information.”

When applicants need to update their applications, the exchange no longer mails the completed documents that include Social Security numbers and other information. Earlier, Cover Oregon was working with Oracle Corp. to create an HIE for the state but it missed the deadlines and individuals were required to use a hybrid paper-online application process.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UC Davis Health suffers data breach

October 15th, 2014

UC Davis Health suffered data breach when a provider’s email was compromised by an unknown source. According to the reports, 1,326 patients’ data suffered breach. A member of the UC Davis IT team detected unusual activity in the email account and came to conclusion that the provider’s email was compromised by the unknown source. The source is not confirmed till date.

The event did not involve access to patient EHRs, Social Security numbers or other personal financial information. UC Davis Health System said that it has notified or is in the process of notifying several government agencies regarding the breach.

According to the statement:

UC Davis Health System’s email program is encrypted, and there are measures in place to prevent intrusions like this one including email filtering and cyber surveillance from occurring. Immediate actions to protect patient privacy — including blocking access by the unauthorized user and changing the account credentials – were taken when it was discovered that the email account had been compromised.

Since we are unable to determine the exact nature of the access by this unauthorized third-party, we are sending a letter to all patients who had information about them included in this email account.

UC Davis Health System is improving lives and transforming health care by providing excellent patient care, conducting groundbreaking research, fostering innovative, inter professional education, and creating dynamic, productive partnerships with the community. The academic health system includes one of the country’s best medical schools, a 619-bed acute-care teaching hospital, a 1000-member physician’s practice group and the new Betty Irene Moore School of Nursing. It is home to a National Cancer Institute-designated comprehensive cancer center, an international neuro developmental institute, a stem cell institute and a comprehensive children’s hospital. Other nationally prominent centers focus on advancing telemedicine, improving vascular care, eliminating health disparities and translating research findings into new treatments for patients. Together, they make UC Davis a hub of innovation that is transforming health for all.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cone Health Mailing Error

October 12th, 2014

Cone Health of Greensboro, N.C. has notified 2,076 Southeastern Heart and Vascular Center patients about the data breach which was caused due to mailing error. According to the reports, a courier mistake which led to letters being sent to wrong patients having other patient names, their doctors and names of the practices.

According to the statement on the Cone Health website, social security numbers, dates of birth or insurance information was not compromised in the breach. Cone Health has individually notified all the patients affected by the breach. Cone Health regrets any confusion resulting from the incorrect mailing.

According to the information available on the website of Cone Health one can get the overview of this organization:

Cone Health is a not-for-profit network of healthcare providers serving people in Guilford, Forsyth, Rockingham, Alamance, Randolph, Caswell and surrounding counties. Our tagline – “The Network for Exceptional Care” – highlights our commitment to excellence, which is shared by our more than 10,000 professionals, 1,300 physicians and 1,200 volunteers.

As one of the region’s largest and most comprehensive health networks, Cone Health has more than 100 locations, including six hospitals, 3 medical centers, four urgent care centers, 95 physician practice sites and multiple centers of excellence.

It includes:

The Moses H. Cone Memorial Hospital

Alamance Regional Medical Center

Wesley Long Hospital

Women’s Hospital

Annie Penn Hospital

The Behavioral Health Hospital

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Touchstone Medical folder exposed on Internet

October 10th, 2014

Touchstone Medical Imaging, LLC has suffered data breach as sensitive data was exposed on the internet. It posted notice on the website stating that they didn’t think data was accessible on the internet.

Organization conducted internal investigation which revealed the breach. According to the reports, medical records weren’t included but patient names,dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and some Social Security numbers may have been readable from the exposed folder.

According to the statement:

Touchstone Medical Imaging, LLC is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

We have no knowledge and there is no indication that any patient information has been used improperly. However, in an abundance of caution, we began sending letters to affected patients on October 3, 2014, and have established a dedicated call center to answer questions you may have.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Tampa General hospital data breach

October 7th, 2014

Employee access is another major area to work upon, as the new data breach in Tampa General proved the limits of data security. Tampa notified 675 patients that their data had been compromised as a result of a former employee’s inappropriate access.

According to the hospital investigation data compromised includes patient names, addresses, dates of birth, admitting diagnoses, names of insurance payers and in some instances, Social Security numbers. But medical records weren’t compromised. The employee had the records with him during Tampa Police Department traffic stop that led to his arrest. Tampa immediately ordered termination of the employee.

According to the Tampa General hospital statement:

Tampa General Hospital (TGH) is committed to maintaining the privacy and confidentiality of our

patients’ information. Regrettably, this notice concerns an incident involving some of that information.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we continually communicate to and educate our staff on the importance of protecting and securing patient information; emphasizing the importance of reporting any unusual staff behavior as we enhance procedures to prevent and detect misuse of patient information. We have also implemented technology that blocks patient information based on an employee’s job description, including limiting access to patients’ Social Security numbers.

We want to assure our patients that we are taking this matter very seriously and are actively cooperating with law enforcement in their investigation.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.