Archive for December, 2014

Second Data Breach in one Month

December 4th, 2014

Visionworks suffered two incident of data breach in span of two months which involved compromised protected health information (PHI). According to the reports, individuals who received services at Visionworks’ Jacksonville, Fl. are notified about the incident. During computer upgrade, a database server was lost which resulted in breach.

“The server potentially held partially unencrypted protected health information belonging to approximately 48,000 of the store’s customers,” the statement read. “All credit card information housed on the server was encrypted, and therefore should not be at risk. Customers’ exam information was not stored on the lost server.”

Visionworks also added that there is no potential reason for any misuse of the data on the server.

“Nevertheless, in an abundance of caution, Visionworks is notifying the customers potentially affected by the incident and informing them of the associated personal risks,” according to the statement. “In addition, Visionworks will provide those customers with free credit monitoring for one year.”

First data breach in Visionworks also involved a missing computer server that was lost during scheduled upgrades. As per the reports, around 75000 Visionworks customers were affected in that incident. The Visionworks stated that it was believed that the server was sent to one of the landfills along with other “miscellaneous refuse.”

According to the company’s statement:

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Dumpster Case Settled

December 2nd, 2014

More than 1,500 women in Missouri got affected by data breach when their protected health information (PHI) was compromised after their personal records blew out of a dumpster on a windy day. According to the reports, Midwest Women’s Healthcare Specialists have decided to settle the case by paying amount of $400,000 to compensate the patients for the PHI exposure. All the affected patients will get the share from the victim’s fund.

“Both sides worked very hard to get this resolved quickly, and to seek justice for all of those involved,” plaintiff attorney Maureen Brady told the news source.

The affected records include patients’ names, Social Security numbers, addresses, procedures and tests performed. Papers were scattered up to several blocks away by the wind.

“At Midwest Women’s Healthcare we take patient privacy very seriously,” a spokesperson said in an email to the news station back in May. “We continue to thoroughly investigate this issue and will take appropriate action based on our findings. Midwest Women’s Healthcare is in the process of determining which patients may have been affected and intends to notify them as soon as possible.”

After the judge’s approval, the letters will be sent to patients explaining process to receive funds. The decision and status to implicate Midwest Women’s Healthcare for HIPAA violations by Department of Health and Human Services (HHS) is not known. Civil penalties from HIPAA violations, added to any compensation sought by potential victims could add up to amounts.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.