Archive for August, 2015

Stolen laptop leads to data breach

August 28th, 2015

The affected information for first group included patient names, medical numbers, dates of birth, ages, patient account numbers, the name of any inpatient procedures done, and the admission and discharge dates of that inpatient procedure for the first group of individuals,. The first group of affected individuals includes those who received treatment at OU Outpatient Surgery Center or the Presbyterian Tower between January 1, 2009, and December 31, 2014.

For the second group, potentially disclosed information included patient last name and first initial, ages, pregnancy-related information, lab results, medications, delivery dates, and problems and allergy lists. The affected individuals included patients for high risk delivery at OU Medical Center from September 24, 2014 until May 31, 2015.

Social Security numbers or addresses were not present in the laptop.  OU Physicians has no reason to suspect any of this information has been mishandled. Notification letters are sent to affected individuals, and organization is offering them a free one-year subscription to credit monitoring. OU Physicians employees are also being re-educated on proper practice for handling patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Non-employee sees Backus Hospital patient information

August 26th, 2015

The breach occurred when an employee brought patient records home with her in an attempt to finish some work remotely. Those records stayed in her home until few days, and may have been seen by non hospital personnel.

Shawn Mawhiney, a spokesperson for Backus Hospital, mentioned that the employee responsible for this breach is being properly disciplined and reeducated on proper handling of patient information.

“The employee took the records home and they are not supposed to do that,” Mawhiney told the news source. “The records then had the potential to be seen by someone in her home. As a health care institution, we take this kind of incident very seriously.”

Patient Kenneth Keely Jr. was shocked at the mishandling of his personal information, according to The Norwich Bulletin.

“I was completely shocked – this came out of nowhere,” Keely said. “Then I read it and it made no sense. First, ‘disciplined’ for what? Why did they have the records for six months and who read it?”

The affected information includes included patient names, medical record numbers, dates of treatment in the emergency room, diagnoses, and treatment information. While Backus has no reason to believe this information was misused in any way, the hospital said it still decided to send out 360 letters to individuals potentially affected by this incident.

According to the Backus Hospital statement:

“We have appropriately disciplined the employee, including reinforcing education regarding our policies and procedures in maintaining the confidentiality of patient information,” the letter states. “We have no indication that your information was used improperly. However, out of an abundance of caution, we wanted to notify you regarding this incident and assure you we take it very seriously.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Akron Children’s Hospital suffers data breach

August 24th, 2015

Akron Children’s Hospital sent PHI data breach notification letters to over 7,600 patients and families. The health data breach involved a misplaced device containing information about medical transports. According to the reports, backup drive went missing which contained voice recordings of conversations between dispatchers and hospital workers during the medical transport of Akron Children’s Hospital patients.

Affected information includes patient names, ages, gender, dates of birth, medical record numbers, location, medical transport times, physician, and chief medical complaints. Only patients who received a medical transport between the nine-month period listed above were affected by this breach. No Social Security numbers or financial information was disclosed in the breach.

Akron Children’s Hospital maintains that there is no reason to believe that the information has been used maliciously.

“We truly regret this situation and value the trust you and our other patient families place in us to care for your children,” the hospital states. “Akron Children’s Hospital is committed to maintaining our patients’ health information in a secure and confidential manner.”

As per the reports, the device was stored in a locked location on the Akron Hospital campus. Akron Children’s Hospital mentioned that it will be encrypting all of their mobile devices and will no longer use mobile devices to store transport voice recordings.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Mobile security in the connected network as per the experts

August 21st, 2015

In recent times more healthcare organizations implement and use connected devices. According to Institute for Critical Infrastructure Technology (ICIT) fellow Michael McNeil – From a mobility perspective, there are a number of different challenges.

“What used to be a stationary or contained type of a device or tool that would be used, now has mobility attached to it,” said McNeil, who is also the global product security and services officer for Phillips Healthcare. “Because of the mobility and its interconnections, the integrity of that data and the accuracy of the information could be at risk.”

McNeil mentioned that healthcare organizations should ensure that they are in alignment with the appropriate legal and regulatory efforts.

“When you look at the fact that there’s clinical data, the transmission of that data, the flexibility of that data, and certain individuals could intercept or manipulate that information, that creates some of our biggest risk and or complexities that hit the dynamics of the ecosystem,” he said.

McNeil also mentioned that healthcare organizations do not always look beyond their own contained network.

“Because organizations typically look at infrastructure of a hospital or a particular setting, traditionally they have stated, ‘Because that is contained in somebody else’s network and environment, our liability and vulnerability and chances of any activities is very low,’” McNeil said. “And because it’s in someone else’s contained network, they sort of push the potential direction of the potential risk off into other parts of the ecosystem.”

McNeil explained that the “ecosystem” includes everyone from medical device manufacturers to healthcare providers, and even regulators.

“The better that we can align with other types of industries, and other types of standards,  making sure that we are deploying solutions within this space, then we also have the ability to make sure that from a mobile perspective it’s designed with the security of their products and solutions,” he said. “That needs to be key.”

The mistake comes when mobile devices, and even connected systems themselves, are not designed with the larger picture in mind, he said.

“That is more of a fallacy of the past that needs to be corrected in terms of the future,” McNeil stated.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Letters sent to incorrect households

August 19th, 2015

According to the reports, protected health information (PHI) of 1,622 Colorado residents was sent to wrong recipients. Letter contained sensitive patient information, and may have included names, addresses, state identification numbers or Medicaid ID numbers, family member names, employers’ names, income, amount of Advanced Premium Tax Credit (APTC), and whether or not residents were approved for various state healthcare programs. Dates of birth for approximately 50 individuals were also disclosed.

Press release mentioned that none of the letters disclosed Social Security numbers. Affected individuals received benefits through the Department of Human Services. The Department has issued notification letters to all affected individuals and provided free credit monitoring. Deloitte was contracted by the state to conduct these mailings that were mishandled, and therefore will be paying for the credit monitoring.

The Department mentioned that there is no evidence to suggest that the disclosed information was mishandled.

“The Department and its partners take the privacy of our members’ information very seriously and is notifying those impacted by this breach,” said Susan E. Birch, MBA, BSN, RN, executive director. “The Department in partnership with its vendors, has taken additional steps to prevent future errors.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Disciplinary action against employees

August 17th, 2015

Carilion Clinic, a not-for-profit clinic located in Roanoke, VA took disciplinary action or fired 14 employees for looking at a high-profile patient file that they had not been given access to.

Chris Turnbull, a clinic spokesperson, did not identify the employees or the patient whose information was breached. But he did explain that patient files tend to be handled by many people in the clinic and that the clinic has compliance officers who monitor the file activity.

As per the internal security measures, whenever an employee accesses the file, the filing system documents the activity and tracks whether the employee had viable cause to access the file. Compliance officers are in charge of tracking privacy concerns by accepting complaints or monitoring high-profile patients.

Carilion Clinic is a HIPAA-covered entity and adhered to appropriate disciplinary standards in properly punishing employees or terminating their employment. Under HIPAA, these employees may also face criminal prosecution, a $50,000 fine, or a one-year prison sentence.

Carilion prohibits employees from accessing information for patients with whom they are not directly working in accordance with HIPAA. Clinic employees are also required to receive annual security training.

“Carilion takes its obligation to protect patient privacy very seriously,” said Vicki Clevenger, Chief Compliance Officer at Carilion. “When Carilion discovers potential issues, an immediate investigation is launched. Aspects of an investigation vary, but may include a review of the electronic medical record(s) in question and interviews with individuals involved.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Phishing Attacks: Easy, But Successful

August 14th, 2015

Companies spent millions of dollars to avoid harm from virus and hacking but mostly ignore the possibility of phishing attacks. Example of phishing attack can be considered as below:

Emails are sent mentioning that a high-ranking official or a friend wants to move money out of Nigeria or some other foreign country. They offer a percentage of the proceeds to the mark as long as he or she first sends a significant sum of money to pay certain fees. The money first promised is never transferred to the victim.

“There’s a perennial appeal to offers of large amounts of money with significant liquidity,” said Stephen Cobb, senior security researcher ESET North America. “All of us at various times have thought that a lot of our troubles would be solved if we only had cash.”

Scams asking for money not only successfully con people, some are conned multiple times by the same scammer, according to Cobb. “A person who puts money in has a vested interest in believing that [the offer] is real. So the scam artist will often try to hit the person a second time, saying there was a roadblock so he needs more money. He (the scam artist) isn’t out any additional money.”

How to detect scam mails:

  • Change Request of Password
  • Request for money
  • All caps in header
  • “Re” in an email that is not a response to another e-mail
  • Messages from overseas, particularly anything from a country one has never visited
  • Request for personal information
  • Offer of a free gift.
  • “click here,” particularly to see a video, picture or article
  • Emails from a known person addressing you differently than they have before

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Health data breach due to missing flash drive

August 12th, 2015

Lawrence General sent breach notification after flash drive containing health information went missing. According to the reports, facility immediately began a thorough investigation. Lawrence General determined that the flash drive contained very limited patient information.

Lawrence General Hospital stated that this breach is very limited in scope and there is no reason to believe that the information has been misused. It is still working to minimize the scope of the situation.

Lawrence General is reeducating staff members and ensuring they understand how to properly handle patient data. Flash drive contained lab testing information such as patient names, lab testing codes, and slide identification numbers. Hospital mentioned that no Social Security numbers, dates of birth, or clinical and financial information have been compromised. The number of affected individuals is not known.

Lawrence General Hospital expressed regret that the incident occurred. It also emphasized its ongoing commitment to health data security and patient privacy.

“We at Lawrence General Hospital value the importance of protecting the privacy and confidentiality of our patients, employees and others who entrust us with their personal information,” the hospital wrote in its press release.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Office break-in leads to data breach

August 10th, 2015

Dr. Olartino Dyoco sent data breach notification letters to patients after certain information was potentially exposed following an office break-in. According to a copy of the breach notification letter, physician office was burglarized and several computers were stolen. Affected information includes patient names, dates of birth, telephone numbers, insurance numbers, treatment codes, and billing information.

“The circumstances that resulted in this breach were unforeseeable, and Dr. Dyoco assures you that he has heightened procedures and safeguards to prevent a recurrence of this situation,” stated the letter, which was dated July 13, 2015. “He added levels of encryption to his computer systems, and advised his staff with regard to security training anything to avoid this situation in the future.”

The incident was reported to the Fresno, California police department. Individuals having questions are encouraged to contact the medical office’s attorney.

The data breach notification letter failed to specify number of patients affected. Also it was not clear whether computers were encrypted. However, the letter did say that patients’ “security, confidentiality, integrity and privacy of patient personal information are highly valued by Dr. Dyoco.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Medical records found in dumpster

August 7th, 2015

Personal documents including medical records were found in a dumpster in Taylorsville, Utah. The incident may cause potential data breach. According to the reports, the records appear to have come from Positive Adjustments, an out-of-business drug and alcohol rehabilitation clinic.

Dr. Scott Cold, DDS, mentioned that his contractor found the documents in a dumpster being used for construction waste.

“These documents for these records were complete with patients names, addresses, phone numbers, dates of birth, Social Security numbers, court documents, treatment documents, all dumped in my dumpster illegally,” Cold said.

As per the other tenants in the building where Positive Adjustments was located, the clinic has been empty for about six months. Cold notified police after finding the documents, but law enforcement said that it would be difficult to pursue charges beyond illegal dumping.

It is essential that PHI security remain a top priority even when a facility changes location. While a specific disposal method is not outlined in the HIPAA Privacy and Security Rules, putting PHI – in any form – in easily accessible areas is not acceptable.

“Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal, and develop and implement policies and procedures to carry out those steps,” according to HHS. “In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the form, type, and amount of PHI to be disposed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.