Archive for September, 2015

Health Records exposed on the Internet

September 29th, 2015

Affected information includes patient names, addresses, dates of birth and admission, telephone and fax numbers. E-mail addresses, medical information, medical record numbers, health plan data and beneficiary numbers were also included. Social Security numbers, State License numbers and full face photographic images were included in a few cases as well, the letter stated. Financial information, security codes, and passwords were not part of the exposed information.

California based Silverberg statement letter did not specify how the information appeared online, but simply mentioned that the document scanning device “inadvertently exposed some patient health records to the internet.” The information was immediately taken down upon the exposure discovery, according to the letter.

“We have undertaken an extensive investigation of the matter, including hiring a forensic specialist security firm to assist us in conducting a full investigation of the incident,” Silverberg Surgical and Medical Group explained. “We have taken steps to secure any data that was involved in this incident and we have notified the appropriate state and federal authorities, including the Federal Bureau of Investigation.”

According to the Silverberg. potentially affected individuals will receive complimentary identity monitoring services for one year.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

False medical claims leads to data breach

September 27th, 2015

Unauthorized individuals posed as physicians to file false medical claims and the incident is related to New Jersey-based health insurer. Claims may have led to data breach for some patients.

Horizon Blue Cross Blue Shield of New Jersey announced the incident on its website explaining potential healthcare fraud was detected.. A special investigation’s unit at the insurer find out that these unauthorized individuals obtained Horizon BCBSNJ member identification (ID) numbers, and potentially other personal information.

Approximately 1,100 customers were affected by the incident, and Horizon BCBSNJ stated that it is working with the FBI and the US Attorney’s Office.

Affected information includes names, dates of birth, gender and member ID numbers. However, medical information, financial information and Social Security Numbers were not accessed or disclosed, according to the insurer’s statement.

Data breach notification letters began to be sent out to potentially affected individuals.Horizon BCBSNJ’s Special Investigations Unit would have already reached individuals by phone if their member ID or address were used to file false claims.

“Horizon BCBSNJ has no reason to believe that the personal information obtained was used for any purposes beyond submitting false claims by these specific perpetrators,”the statement read. “The information accessed can only specifically be used to submit claims to Horizon BCBSNJ.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Identity theft and data breach

September 25th, 2015

 

Affected PHI included full name, CVS ID, CVS ExtraCare Health Card number, Rx plan number, Rx plan state, and plan start and end dates.

Molina Healthcare mentioned that this health data breach may lead to identity theft. It also advised all potentially affected individuals to put a fraud alert on his or her credit file. The health insurer also decided to provide the importance to carefully inspecting credit reports.

According to the statement:

Look at your reports when you get them. Look for accounts you do not remember opening. Look requests from creditors that you do not know about. Check for any medical bills that you do not about. Look at all your personal information. Make sure it is correct. Call the credit agency if you any questions about your report.

 If there is something wrong with your report, call your local police or sheriffs office. File an identity theft report. Get a copy of this report. You may need to give a copy to other creditors. This will help clear your records.

If your credit report is OK, you should still check your credit. Check your credit report every three months for the next year. Call one of the numbers above to get your report.

Keep a copy of this letter for your records. It can help if you have future problems with your medical records. You may want to ask for a copy of your medical records from your healthcare providers. It good to have a copy that you can look at in case you ever have problems. You can also get a copy claims or other PHI held by Molina Medicare Options Plus HMO SNP (Molina Healthcare). To get it please call our Member Services department at the toll-free number listed below.

Molina Healthcare regrets this problem. CVS is replacing CVS ExtraCare Health Cards for affected individuals who are current Molina Healthcare members with an OTC benefit, unless your CVS ExtraCare Health Card was already replaced due to a change in your benefits plan. To further help protect your identity, we are offering you a free one-year membership of identity theft protection. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Email hacking leads to potential data breach

September 22nd, 2015

Oakland Family Services is dealing with a potential PHI data breach after one of its employees email was reportedly hacked. The organization reported that an unauthorized individualgained access to an employee email account and possibly viewed patient PHI. According to reports, EMR databases and other agency email accounts and databases were not affected.

Statement mentioned that 16,000 clients will be sent data breach notification letters and 173 had a Social Security number present in the affected email account.

Affected information includes client names, internal client ID numbers, dates of service and types of service provided. Oakland Family Services added that in a few cases, the emails also included dates of birth, telephone numbers, addresses, diagnoses, health plan ID numbers, insurance numbers and Social Security numbers. Financial information was not included in the email account, the provider added.

An internal investigation has shown that the rogue user had access to the account for 23 minutes, it is believed with the intent of perpetuating a phishing scheme,Oakland Family Services explained in a statement. Following a phishing email sent to the employees email contacts, none of which were clients, the hacker exited the account.

The incident was discovered on the same day that the hack took place. Oakland Family Services explained that it immediately terminated the hackers access to the account.

Oakland Family Services Director of Information Technology David Partlo said in a statement that the provider maintains an extensive security program to safeguard clients PHI.” This includes annual staff trainings, regular third-party audits of the Oakland Family Services security protocol, and strong passwords.

We took action within 15 minutes of the intruder gaining access to block him or her from the affected email account and based on this incident, even stronger email protocol has been implemented,” Partlo said. “We feel reassured by the fact it doesnt appear the person gained access in search of PHI, but simply to perpetuate the phishing scheme, based on the amount of time the hacker spent in the account and the actions we know he or she took.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Embarcadero Media Group Attacked by ‘Anonymous’

September 21st, 2015

The websites of Palo Alto Weekly, The Almanac, Mountain View Voice and Pleasanton Weekly were all reportedly attacked at about 10:30 p.m. Thursday. The company temporarily took the websites offline and it is distributing news content through its social media platforms.

After being hacked, the websites featured a message and an image of Guy Fawkes, a symbol typically associated with the hacker group Anonymous. The message explained that the company, “failed to remove content that has been harmful to the well-being and safety of others,” warning that, “failure to honor all requests to remove content will lead to the permanent shutdown of all Embarcadero Media Group websites.”

See our US President, Ebba Blitz being interviewed on Channel4 as hackers took control of the five news websites of Embarcadero Media Group on Thursday night, according to the media outlet.

Sutter Health suffers data breach

September 15th, 2015

According to reports, a former employee reportedly emailed patient information without proper authorization. Around 2,582 patients are potentially affected, and that with the exception of two patients, no Social Security numbers, financial information or drivers license data were included.

A thorough review of the former employees email activity and computer access led to the discovery of the incident. Affected information includes name, date of birth, insurance identification number, date of service and billing code included in the emailed information. One patients California drivers license number was included, while another patients Social Security number and California drivers license number were included.

The employee worked for Sutter Physician Services (SPS), which handles billing for Sutter Healths physician medical foundations, the statement explained.

Our patients trust us to provide their care and protect their privacy,Sutter Health Chief Medical Officer Stephen Lockhart, M.D., Ph.D., said in a statement. We believe protecting patientshealth information is the responsibility of every employee. We require employees to sign confidentiality agreements. In addition, we train them to follow privacy and information security policies and regulations. We deeply regret this incident occurred.

Sutter Health mentioned that there is no evidence that any of the information was used inappropriately. patients who receive a notification letter mailed September 11 will be offered free credit monitoring services for one year.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Stolen laptop and data breach

September 12th, 2015

Affected information includes patient names, dates of birth, dates of treatment, descriptions of patientsconditions, treatments, and outcomes, lab test results, radiological and ultrasound images, medical record numbers, and diagnosis and treatment information. However, Social Security numbers and financial data were not stored on the laptop.

Dr. Christopher Roth, Assistant Professor of Urology, said that the laptop was in his car, parked outside of his house. Information on the laptop was not saved to LSU Health Sciences Center New Orleans server. Data was saved to the laptops hard drive, so the school cannot access specific data stored on the device.

The process to reconstruct and ready notifications took nearly eight weeks to complete,LSU Health explained. It is unknown whether any specific patients data were on the stolen laptop, however those patients the university suspects may have been affected will receive individual notification by mail, along with information about protecting against identity theft.

Dr. Roth patients from July 2009 to July 16, 2015 who did not receive a notification letter are encouraged to reach out to the university.

According to the statement:

The policy was not adhered to in this instance, and appropriate disciplinary action will be taken at the conclusion of the investigation. In addition, the university is reviewing its information security policies and procedures to determine if improvements can be made to further reduce the risk of such a breach in the future. Any changes will be included in the information security training that all employees and students are required to complete.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cyber crime attack at BCBS

September 10th, 2015

Cyber criminals gained unauthorized access to Excellus Information Technology (IT) systems. BCBS added that it has also notified the Federal Bureau of Investigations (FBI) and the data was not removed from the Excellus BCBS systems.

This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS,Excellus BCBS explained. Individuals who do business with us and provided us with their financial account information or Social Security number are also affected.

Excellus BCBS sent out the data breach letters.

Protecting personal information is one of our top priorities and we take this issue very seriously,Excellus BCBS CEO Christopher Booth said in a statement. Were making a broad range of services available today for our members, our employees and other impacted individuals to help protect their information.

Company believe that no information is misused.

We sincerely regret the frustration and concern this incident may cause,Excellus BCBS said on its website. We want you to know that protecting your information is incredibly important to us, as is helping you through this situation with the information and support you need.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ohio provider reports missing padlock

September 7th, 2015

Ohio-based Endocrinology Associates reported a potential data security incident which affected 1,400 individuals. Incident came to notice when a POD containing patient information was missing its padlock.

According to the reports, the provider is currently renovating its location, and is storing patient charts in a rented POD on-site. Endocrinology Associates realized on the mornings that the POD padlock had been removed and started inventory search. Internal investigation found that no patient information was missing, the provider explained that it cannot confirm with certaintythat no charts were opened, reviewed, or copied.

Facility also mentioned that enhanced security measures are implemented to ensure this kind of incident is not repeated.

According to the statement:

As for the content of the physical charts, we do not maintain financial information of our patients in the charts,the statement read. However, some charts did contain social security numbers. To date, we have not received any indication, notice, or response from any patient that their personal health information has been stolen or compromised in any fashion.

We notified our patients by mail of the situation.  We request that any patient report directly to us if they are aware of any information concerning the improper use or access of their personal health information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Missing employee notebook leads to data breach

September 5th, 2015

 

Department of Health and Human Services (HHS) data breach reporting database listed 1,426 individuals affected. CCNW didnt mention the count.

CCNW mentioned that affected patients will receive a data breach notification letter via first class mail. CCNW statement did not mention about identity or credit protection services but recommended that affected patients contact credit bureaus and place Fraud Alerts on their credit report.

CCNW stated that it would take extra measures to properly train employees to handle PHI.

Cancer Care Northwest takes very seriously our role of safeguarding your personal information. We have therefore required all of our employees to receive additional training on the proper handling of protected health information.  We are also reminding our employees that all protected health information is to be kept only in our electronic medical record and have asked that they not use personal notes or notebooks to record patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.