Archive for June, 2015

Software update leads to potential data breach

June 27th, 2015

Affected information includes first and last name, Social Security Number, Blue Shield identification number, date of birth, and home address. Financial information was not exposed, according to the letter, and users who had unauthorized access to PHI confirmed to Blue Shield that they did not keep copies. Moreover, those users said they deleted the information and returned any records to the company.

The website is used by authorized users but the software provided unintended result.  It was found out that three users, who logged into their own accounts at the exact same time as another user, were able to view member information associated with the other individual’s account.

According to the Blue Shield Statement:

This issue was reported to the Blue Shield Privacy Office on May 18. The Website was promptly taken off line to identify and correct the problem. The Website’s faulty code was identified and corrected and the Website was returned to service on May 19. Our investigation revealed that this was the result of human error on the part of Blue Shield staff members, and the matter was not reported to law enforcement authorities for further investigation.

The notification letter did not say how many individuals were affected, but Blue Shield added that those potentially affected will receive a free, one-year membership to identity protection services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Routine audit reveals data breach

June 25th, 2015

A Maryland medical center discovered that a PHI data breach had taken place, affecting approximately 1,000 patients during routine audit. Affected information includes patient names and demographic information, such as dates of birth, ages, gender, medical record numbers and health insurance information in a few cases. Clinical information, such as treatment and/or diagnosis information, may also have been included.

According to the reports, Meritus Health was running routine compliance and self-audit efforts. It found out that an employee at one of the company’s vendors may have accessed patient information outside of normal job functions.

The company added that few patients may have had their Social Security number accessed but believes that financial information, such as credit card or bank account numbers, was not affected.

“We deeply regret any concern this may cause you,” Meritus said. “To help prevent something like this from happening again, we are working to further strengthen controls related to vendor access to patient information and we are enhancing our existing system monitoring capabilities with regard to vendor access.”

Meritus Health spokeswoman Mary Rizk mentioned that there is no evidence of information misuse.

“The letters were prepared and sent as quickly as possible; as soon as the incident was discovered by our security/privacy audit and a thorough investigation conducted to determine any individuals who may have been affected,” Rizk said. “As soon as the investigation was complete, and the names of potentially affected individuals determined, the letters were prepared and sent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

 

Phishing Attack Top Data Security Motivator – HIMSS Survey

June 23rd, 2015

The key findings after interviewing 297 healthcare leaders and information security officers across the industry of the survey are –

  • Two-thirds of respondents experienced a significant security incident in this year
  • Healthcare organizations also reported using an average of eleven different technologies to secure their environments
  • More than half said that their facilities have hired a full-time professional to manage the information security functions.
  • Eighty Seven percent reported that their information security had increased as a business priority at their organizations over the past year.
  • Many believes that current security tools will not be sufficient to protect the industry against the types of security threats their organizations expect to face in the future

“The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cyber security threats,” HIMSS Vice President of Technology Solutions Lisa Gallagher said in a statement. “Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks. This means implementing threat data, incorporating new tools and sophisticated analysis into their security process.”

Other finding included –

  • 87 percent of those surveyed said antivirus/malware tools have been implemented to secure their healthcare organizations’ information security environment
  • 80 percent reported using network monitoring to detect and investigate information security incidents
  • 64 percent said that a lack of appropriate cyber security personnel is a barrier to mitigating cyber security events
  • Internal security teams identify more than 50 percent of information security threats

“Indeed, respondents were widely likely to indicate that more innovative and advanced tools are required to secure their environments in the future,” HIMSS stated. “Furthermore, they indicated that healthcare organizations must operate from a perspective which presumes their organization’s perimeter has already been breached.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Unencrypted Flash Drives goes Missing

June 20th, 2015

South Carolina EMS patients may suffer data breach after unencrypted flash drives and hard disk were discovered to be missing from the storage facility. The flash drive contains information which includes names, addresses, and Social Security numbers of patients who rode in an ambulance between 2004 and 2014. Medical details about each call were also included on the back-up drives.

According to the reports, Lancaster County employees found that a safe containing two flash drives and two hard drives were no longer in a storage room in the basement while cleaning out a storage facility.

“Of course, we hate that it happened,” Lancaster County Administrator Steve Willis told the news source. “We are taking steps to make sure that doesn’t ever happen again.”

The statement fails to mention number of individuals affected by this incident

but WSOC reported that the country EMS ran approximately 13,000 transports in 2014. The news source concluded that potentially 100,000 records could have been exposed.

“I think it (the safe) was most likely just inadvertently discarded at that time,” Willis added. “We have no reason to believe anyone’s information was compromised.”

Lancaster County mentioned that the drives have not yet been discovered.

“We deeply regret any inconvenience this may cause,” read a statement on the Lancaster County website. “To help prevent something like this from happening again, we will be using encrypted devices for storing EMS information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Unauthorized access leads to data breach

June 18th, 2015

UC Irvine Medical Center announced data breach when one of its employee viewed thousands of patient records over a four-year period which not included in the job-related purpose. The incident potentially compromised the information of 4,859 patients.

The affected information includes names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, medications, employment status, and the names of patient’s health plans and employers. However, Social Security numbers, driver’s licenses or state ID card numbers, and credit or debit card information were not accessed.

Hospital spokesperson John Murray mentioned that there is no evidence that the records were downloaded or distributed via e-mail. A copy of notification letters being sent to patients was posted on the California Office of Attorney General website. UC Irvine explained the reason behind the notification letters.

“Due to its on-going investigation, local law enforcement asked us not to notify patients right away, because sending out notifications could have interfered with its investigation. Local law enforcement has now informed us that we are free to notify patients.”

The notification letter also mentioned that the hospital has hired independent experts to conduct a thorough investigation. Also, affected patients will also be offered one year of free credit monitoring and identity theft protection.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

PHI exposed after cyber attack

June 16th, 2015

The breached information includes Indianapolis, Gynecology Center, Inc. Fort Wayne, and Rochester Medical Group. Patient names, mailing addresses, email addresses, and dates of birth. Some patients may have also had Social Security numbers, lab results, dictated reports, and medical conditions exposed. The company mentioned that it does not collect or store financial information or credit card information, so that data would not have been affected in the incident.

“Medical Informatics Engineering immediately began an investigation to identify and remediate any identified security vulnerability,” the statement explained. “Medical Informatics Engineering’s team, including independent third-party forensics experts, has been working continuously to investigate the attack and enhance data security and protection.”

MIE referred to the incident as a “sophisticated cyber attack”.

“On June 2, 2015, we began contacting and mailing notice letters disclosing this incident to affected NoMoreClipboard clients,” the company explained. “Affected individuals for whom we have a valid postal address will also be notified of this incident through U.S. mail. We will also be disclosing this incident to certain state and federal regulators.”

According to the statement, MIE will provide complimentary credit monitoring and identity protection services to affected individuals for two years.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records mistakenly posted online

June 13th, 2015

The breached information includes included names, residences, mailing addresses, dates of birth, Social Security and Medicaid numbers, and medical diagnoses or treatment information.

DADS came to know the incident on April 21, 2015 that the information was accessible through a web application meant for internal use only. The company added that it “immediately took down the website and launched an investigation, which is ongoing.”

“DADS has no reason to believe any of the information has been misused,” the statement explained. “DADS has strengthened its policies, procedures and web-application security in an effort to prevent such a breach from occurring again.”

Department spokeswoman Cecilia Cavuto mentioned that it is possible the data was posted when its handling was transferred to another department last fall.

“I don’t think we have the answer to what exactly caused this breach just yet,” Cavuto said. “It looks like the application was developed without the appropriate security. It was supposed to be an internal application, which points to human error.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Facility notifies data breach months later

June 11th, 2015

New York health system suffered data breach when Texas-based firm that had contracted to process and collect payments had five laptops stolen. Global Care Delivery (GCD), Inc. mentioned that laptops were unencrypted. According to the statement by New York Health System, GCD had been contracted with North Shore-LIJ Health System, but did not notify the health system of the incident until months after the breach.

The affected information for approximately 18,000 North Shore includes first and last names, dates of birth, internal account numbers, diagnosis and procedure codes, and insurance identification

numbers. Around 2000 patient’s social security were also included in the breach. However, financial information and credit card were not affected.

As per the reports, laptops have not been recovered, but both facilities said they are not aware of any misuse of the data. The affected individuals are asked to remain alert by obtaining a credit report from one of the major credit to minimize the risks of such incidents in the future, including the encryption of all laptops, reporting agencies and monitoring any accounts for unauthorized activity.

“We are taking all appropriate steps servers and electronic devices maintaining North Shore-LIJ patient information.” stated the notification letter sent to patients.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Email sent to wrong recipient

June 9th, 2015

Jersey City Medical Center employee accidentally emailed patient information to an unintended recipient. The email potentially exposed approximately 1,400 individuals. The affected information includes patient names, health insurance payors, dates of admission and discharge, a one-word description of the medical service department from which the patient received services, and patient Medical Center account number.

The email was intended for internal use which included attached spreadsheet with some patient information. The email did not include any patient social security numbers

, dates of birth, any credit card or banking information, health insurance identification numbers, or patient addresses.

According to the statement:

The unintended recipient informed the Medical Center of the mistake on the same day that the email was sent,” the medical center explained. “The Medical Center attempted to obtain official confirmation that the email was completely deleted and the information was not further disclosed. Unfortunately, such confirmation has not yet been received.

The Medical Center is currently reviewing its e-mailing policies and technological processes, and is retraining staff to minimize the chance of other such incidents. The Jersey City Medical Center sincerely regrets this unfortunate incident because we consider the security of patient information to be of the utmost importance. Patients with questions relating to this incident should contact representatives.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Laptop stolen from employee car

June 6th, 2015

Laptop was stolen from U.S. Healthworks employee car. According to the reports, the device was unencrypted but was password protected. Affected information includes employee names, addresses, dates of birth, job titles, and Social Security numbers.

The statement failed to mention the place of theft and the number of affected patients. U.S. Healthworks are offering one year membership of Experian’s ProtectMyID Alert. This product helps to detect possible misuse of personal information and provides superior identity protection services.

“We deeply regret any inconvenience this may cause you,” the statement read. “To help prevent something like this from happening again, we are enhancing our procedures related to deployment of laptops and full disk encryption.”

U.S. Healthworks mentioned that they are working with law enforcement to locate the laptop. Also, facility believes that they have no reason to believe that any of patients’ information has been accessed or used improperly.

Theft forms important factor in data breaches. So, for BYOD employee the use of encryption software is beneficial. Incident above leads to data breach which can be avoided using encryption software.

Encryption converts the original form of the information into encoded text which can be opened only using authorized codes. Unauthorized person will not be able to translate the data for their own.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.