Archive for January, 2015

Security Breach due to stolen device

January 30th, 2015

Premier Home Health (Premier) may likely suffer data breach due to stolen laptop and cell phone from a nurse’s apartment. The incident puts PHI at risks for 2,700 patients.  Premier is an Senior Health Partners (SHP) business associate. According to SHP, laptop was password protected and encrypted.

An SHP press release mentioned that a laptop bag that contained both the laptop and the cellular device was stolen. The cell phone was not password protected or encrypted and  the encryption key for laptop was stolen with the laptop bag

According to the forensic expert hired by SHP, it was unclear if the laptop was inappropriately accessed. Affected information includes names, addresses, Social Security numbers, Medicaid ID numbers, dates of birth, phone numbers, type of medical services provided, diagnoses and health insurance claim numbers.

According to the statement:

 Senior Health Partners sincerely regrets that this incident occurred.  It takes the privacy and security of members’ health information very seriously and expects its vendors to do the same. SHP values the trust its members have placed in it as their health plan, and it is SHP’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.

Although there is no report of any attempted or actual misuse of member information, SHP has retained AllClear ID to protect its members’ identities. SHP members who have been affected by this incident will receive access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring. SHP has advised its members to contact the confidential assistance line or their Care Manager for more information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Possible data breach in UMASS

January 27th, 2015

The University of Massachusetts (UMASS) Memorial Medical Group (UMMMG) found out that an employee allegedly accessed patient billing information outside their normal job functions. UMMMG started investigating in depth for  breach issue and and notified local law enforcement.

UMMMG mentioned that this employee no longer works for the company. According to the reports,local law enforcement also discovered an unauthorized individual in possession of copies of patient billing information. Affected information includes patient’s names, addresses, dates of birth, medical record numbers, and Social Security numbers. Other information which may get affected includes phone numbers, email addresses and credit or debit card information used for payments to UMMMG.

According to the UMMMG statement:

We deeply regret this incident and any inconvenience it may cause our patients. To help prevent this type of situation from happening again, UMMMG is further strengthening its privacy and information security program, including identifying additional measures and enhancements to existing safeguards to protect patient information. UMMMG is also re-enforcing staff education regarding our policies and procedures to safeguard patient information.

UMMMG is committed to the security of patient information and we are taking this matter very seriously. We began sending letters to potentially affected patients on January 30, 2015, and have established a dedicated call center to assist patients with any questions.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Ophthalmology and Dermatology patients affected by data breach

January 25th, 2015

Laptop has been reported missing from Riverside County Regional Medical Center (RCRMC) in California which led to the data breach. The affected individuals include approximately 7,900 ophthalmology and dermatology patients. The organization’s chief compliance officer, Jan Remm, said that the hospital wasted no time in informing local law enforcement.

“We are taking significant measures to safeguard patient privacy and to restrict unauthorized access to computers and devices that potentially contain patient data,” Remm said in a statement. “The privacy of our patients is a fundamental priority in our organization and part of our commitment to quality healthcare.”

The laptop was unencrypted. Remm stated that there will be in depth investigation of the problem. Notification letters are being mailed to potentially impacted patients. Affected information includes names, addresses, dates of birth, Social Security numbers and health plan policy numbers.

Remm believes that laptop was not stolen for the information it contained.  According to the press release:

Remm said the hospital has significantly strengthened its inventory controls to prevent future loss of electronic devices, while cyber-security experts are currently encrypting all the organization’s computers and laptops to safeguard patient data.

Patients concerned about whether their information was stored on the laptop are encouraged to contact the RCRMC confidential assistance line staffed with professionals familiar with this incident.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Security Breach in California

January 20th, 2015

California Pacific Medical Center (CPMC) mentioned in recent press release that one of its pharmacist employees possibly accessed patient records with no apparent business or treatment reason. There is possibility of data breach due to this incident. As per the policy, CMPC terminated its relationship with the pharmacist employee when the incident was discovered. CPMC audit of its electronic medical record (EMR) system revealed the probable data breach.

Affected information includes the last four digits of patient Social Security numbers, clinical information, and prescription information. CPMC notified affected 844 patients about the incident. According to the press release:

 The type of information varied for each patient. While the employee potentially viewed the last four digits of some social security numbers, the employee did not have access to full Social Security numbers, driver’s license numbers, California identification numbers, credit card numbers or financial account information. CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity.

No action is required by the patients in response to CMPC’s notice.

CPMC takes patient privacy very seriously. CPMC has also reiterated to all staff that policy allows them to access patient information only when necessary to perform job duties and that violating this policy may result in loss of employment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Stolen cellphone causes data breach

January 18th, 2015

 

Albany, New York-based St. Peter’s Health Partners revealed that its manager cellphone got stolen and may lead to potential healthcare data breach.  The affected entity involved emails from the cellphone. After the investigation by St. Peter’s officials, it was determined that the cellphone was not encrypted.

 

According to the reports, the stolen cellphone may have contained emails that included patient appointment scheduling information for St. Peter’s.  Emails within the stolen device did not include any health record information or information on inpatient hospital treatment or emergency care.

 

Officials at the healthcare facility said there is no indication that emails have been accessed or viewed at this time. According to the news source, they believed the theft was random. After the incident, St. Peter’s reviewed all mobile devices networked to its corporate email system to ensure security compliance in response to this incident.

 

Steps to prevent data breach – cellphones:

 

  • Proper antivirus should be installed on cellphones
  • Periodically change the password to the corporate accounts
  • Encryption of the cellphone
  • Don’t install malicious software
  • Visual notifications for abnormal activity
  • Biometric identification
  • Using secured network access
  • Conducting security audit
  • User awareness about the proper usage

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

HIPAA violation by County employee

January 15th, 2015

The recent incident involved sending of personal information of inmates at a county jail to a personal email address. The Saint Louis County Department of Health is investigating a potential HIPAA violation. The affected data includes names and Social Security numbers of several inmates. The information is related to the inmates who are imprisoned at St. Louis County’s Buzz Westfall Justice Center from 2008 to 2014.

The number of affected individuals is not known. As per the county department, there is no indication that anyone other than the employee accessed the information.

“St. Louis County is strongly committed to patient privacy,” the statement said. “It is something we take very seriously. Even though there is no indication that there was any intent to use the information to commit fraud, it is important to make sure that those potentially affected are fully aware of the violation that occurred and fully aware of the steps they are advised to take at this point.”

Information related to free credit monitoring is not confirmed but the County Health Department explained that if an individual believed that their information was potentially included in the email, he or she should check with any of the three major credit bureaus.

The employee who sent the information currently does not work with County who earlier resigned after completing 25 years of services.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop theft leads to data breach

January 12th, 2015

Sunglo Home Health Services patients were affected by the recent breach as laptop containing sensitive data was stolen from the Harlingen, Texas-based facility. According to the reports, the burglar broke into a van in the Sunglo parking lot and drove away after filling the vehicle with various tools and gear.

It happened that he returned and broke into the Sunglo building by breaking a window with a fire extinguisher and stole computer that held patients’ Social Security numbers and personal information, including PHI.

The numbers of affected patients are not known which also include elderly and disabled persons. Sunglo drives patients across the Valley in the vans, which are kept in a parking lot at the Harlingen corporate office.

“We’re just worried about the safety of the patients themselves because of the information. We had to contact local police to see what we could do,” Means told.

The potential suspect is behind the bar. Harlingen police arrested Matthew de la Cruz based on surveillance camera footage. The security aspect of the laptop was not known including the status of encryption.

“It leaves you uneasy, just something that was there that you can’t recover, it’s an uneasy feeling,” Means told Action 4. “We don’t really want this to happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unencrypted computer stolen from IEHP

January 9th, 2015

Inland Empire Health Plan (IEHP) revealed that an unencrypted desktop computer was stolen from its Rancho Cucamonga facility. The affected information includes names, IEHP member ID numbers, dates of birth, addresses, phone numbers and dates of past or future appointments.

Children’s Eyewear Sight was the owner of the machine, which is a participating provider with IEHP that provides vision services. Social Security numbers were not present on the stolen computer.

“Rancho Cucamonga police were notified of the incident and subsequently apprehended a suspect,” IEHP stated on its website. “At this time, there is no evidence that the information has been accessed. The desktop computer was password protected, but the data was not encrypted.”

According to the statement:

The Compliance Department at IEHP has taken appropriate steps to report this incident to the Department of Health Care Services (DHCS), the Department of Health and Human Services (DHHS), the California Office of Attorney General (OAG) and to local media.

While there is no indication that your information will be used for fraudulent activities,IEHP would like to offer you the option of applying a confidentiality alert to the electronic record maintained by IEHP.

IEHP takes its duty to secure the personal information of our Members very seriously, and we appreciate the trust you have placed in us by choosing us as your health plan,” the letter stated. “We apologize for any inconvenience this may cause you.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Settlement of $12,000

January 6th, 2015

Indiana’s Attorney General finalized a settlement with Dr. Joseph Beck. Earlier 60 boxes of Beck’s patient records were found in a dumpster. Beck agreed to pay a $12,000 penalty in a consent agreement with the state. Dr. Joseph Beck works as a dentist who was accused of mishandling 5,600 patients’ medical records.

“In an era when online data breaches are top of mind, we may forget that hard-copy paper files, especially in a medical context, can contain highly sensitive information that is ripe for identity theft or other crimes,” Attorney General Greg Zoeller told. “This file dump was an egregious violation of patient privacy and safety.”

There are series of charges against beck which includes fraudulent billing and negligence. The affected information includes Patient names, medical records, phone numbers, dates of birth, Social Security numbers, insurance cards, insurance information and state ID numbers. The incident happened when Beck hired the third-party company.

“The amount of sensitive, personal data that is stored online is growing every day, and the risks are obvious as more people are impacted by massive corporate data breaches or individual identity theft that can imperil a consumer’s good name and credit rating,” Zoeller said, according to the Indiana Attorney General website. “Our existing laws are proving inadequate to address this global crime, and we must sharpen our legal tools and take action to keep Indiana on the forefront of protecting consumers.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.