Archive for October, 2015

EHN suffers data breach

October 31st, 2015

El Paso-based Emergence Health Network (EHN) suffered data breach when its computer servers was assessed by an unauthorized user. Affected information includes first and last names, addresses, dates of birth, Social Security numbers, case numbers, and information indicating that individuals accessed services from Life Management Center/ El Paso MHMR/Emergence Health Network.The incident caused PHI data breach for around 11,100 individuals.

“EHN quickly disconnected the computer server from the internet when the suspicious activity was discovered,” the statement read. “EHN is taking steps to keep this from happening again by using more secure methods for transmitting, maintaining, and safeguarding your protected health information. EHN is cooperating with state and federal agencies to report this breach.”

EHN reports suggests that no information is misused.

“EHN has also already taken appropriate steps to avoid the threat of future data security compromises and is cooperating with officials in minimizing the potential effects of this incident,” explained the second statement.

EHN is sending breach notification to affected individuals.

“We are sorry for any inconvenience this incident may have caused you,” the facility said. “EHN is doing everything we can to fix this and not have it happen again.”

As per the report – What EHN is doing?

EHN quickly disconnected the computer server from the internet when the suspicious activity was discovered. EHN is taking steps to keep this from happening again by using more secure methods for transmitting, maintaining, and safeguarding your protected health information. EHN is cooperating with state and federal agencies to report this breach. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Bon Secours St. Francis Health System suffers data breach

October 29th, 2015

Bon Secours St. Francis Health System in Greenville, South Carolina came to know about data breach when several employees were receiving unpaid balances for an antibiotic cream, and others were reporting their health insurance companies being charged for the antibiotic creams. After investigation, St. Francis Health found out that a hospital employee was responsible for the incident.

According to the statement, the employee accessed the patient information of approximately 1,997 individuals. Affected information includes patient names, dates of birth, drivers license numbers, insurance information, clinical information, and potentially Social Security numbers.

St. Francis Health mentions that it will take several measures to avoid such incidents.

The training will remind our employees that inappropriate use, access or disclosure of patientsinformation will result in serious consequences up to and including termination and, where applicable, the involvement of law enforcement,St. Francis Health explained.

Notification letters are sent to all potentially affected individuals and free credit monitoring services is offered to them.

According to the statement:

We deeply regret that this has happened. Bon Secours St. Francis takes its responsibility for protecting our patientspersonal information and using it in an appropriate manner very seriously,the hospital said in a statement. Please know that our employees work hard every day to provide excellent care to our patients. Words cannot express how deeply disappointed we are that this has occurred.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Unsecured Email leads to data breach

October 27th, 2015

Arkansas-based Nephropathology Associates, PLC (Nephropath) suffered data breach when one of its employees sent an unsecured email to a vendor that included PHI and de-identified information. Nephropath stated in a letter that the PHI should not have been included even though the vendor in question was the intended email recipient.

Nephropath mentioned that the vendor was notified and told to destroy all copies of the information. Affected information includes first and last names, patients’ ages at the time of treatment, Nephropath accession numbers, referring physicians, and pathology diagnoses. Addresses, financial information, and Social Security numbers were not included.

“As a result of this incident Nephropath is reviewing its policies and procedures to protect against future incidents of this nature,” stated the letter, which was signed by Practice Coordinator and Compliance Officer C. Aaron Nichols, MHSA, CMPE. “As part of this process we will be providing additional training to our workforce and the responsible employee.”

According to the reports, 1,260 individuals were affected by the incident.

Nephropath added that the vendor sent written assurance that the information was destroyed and and there is no reason to believe that any physical or digital copies were kept by any parties.

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Center for Disability Rights suffers data breach

October 24th, 2015

Center for Disability Rights (CDR) suffered potential data breach when protected health information (PHI) of individuals with disabilities was allegedly stolen.

An employee of Angels in Your Home, a home care agency serving individuals with disabilities in New York, allegedly stole patient information to take with him to a new home care agency. As per the report Angels’former CEO Marco Altieri, obtained permission from individuals to take their PHI. CDR maintains that this was done fraudulently and without their knowledge.

CDR did not mentioned the specification of health and other personal information disclosed in the breach. But stated that misuse of PHI, including names and contact information of clients was done.

CDR came to know about the incident after being contacted by one of its clients. CDR also states that there is potential to pursue fraud charges.

“Second, giving false pretenses, misrepresenting information, or lying to an individual in order to convince them to switch providers is fraud,”Darling stated. “In the case of using fraud to convince an individual to switch services paid by Medicaid, it is also Medicaid Fraud and consumer fraud.”

CDR is taking legal action related to this incident.

“Every party involved in this appalling situation has secured legal representation, except for the individuals whose protected health information has been compromised, misused, or stolen,”CDR’s Director of Advocacy Stephanie Woodward said in a statement. “We’re committed to assisting the people who have been impacted the most by this breach – disabled people and their workers.”

This is a very personal situation for CDR, according to Darling, because the organization is run by individuals with disabilities.

“Because we are run by people with disabilities, our organizations take the duty to protect personal information of disabled people and their attendants very seriously. Misuse of such information feels personal –because it is,”he says. “No one should experience this, but because we have disabilities we are most at risk for this to occur. And frankly, this has been a growing trend locally that must stop.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Not-for-profit Community suffers data breach

October 22nd, 2015

California not-for-profit Community Catalysts of California, Inc. recently mentioned that a flash drive containing certain client information was stolen from an employees residence. The affected information includes names, addresses, diagnoses, dates of birth, ages, and gender and/or telephone numbers for certain current and former clients. However, drivers license information, state identification, health insurance or financial account numbers were not included.

We take the privacy and security of the information in our possession very seriously and we deeply regret these circumstances and are committed to keeping impacted individuals informed,read a Community Catalysts statement.

Physical safeguards and administrative safeguards are essential to keep patient information safe and secure.

Community Catalysts provides services and advocacy for people with disabilities and Veterans.This includes assistance in several areas, such as mental health support, recreation, client advocacy, education, healthcare support, housing, and employment.

We have taken steps to prevent this type of event from happening again, including retraining our employees on using encrypted device, as required by our company policy,Community Catalysts explained. We are also reviewing our data retention practices to ensure that we are not retaining any documents longer than necessary in order to provide services to our clients.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Medicaid Data Breach in North Carolina

October 20th, 2015

 

Affected information includes a spreadsheet with Medicaid recipientsPHI. Information having first and last name, Medicaid identification number (MID), provider name and provider ID number, and other information related to Medicaid services. Approximately 1,615 individuals had their data compromised, but DHHS added that only two Social Security numbers were compromised and no dates of birth.

Gerlach explained that the delayed data breach notification was because DHHS was investigating thoroughly to ensure that there is full understanding before determining next steps.

There has also been no signs that the spreadsheet was intercepted by unauthorized users.

DHHS says affected patients may take steps to protect themselves by putting a fraud alert on their credit files and by keeping an eye on their bank statements and credit card bills for any unusual or unauthorized activity.

This is not the first Medicaid data breach reported by DHHS.

I deeply apologize for the impact that this has caused to the citizens of the state,DHHS secretary Aldona Wos explained at the time. First and foremost, I firmly believe as secretary, that it is my obligation to ensure that the children and families we serve receive their health care in a protected and secure environment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

OU Medicine Suffers Data Breach

October 17th, 2015

As per the reports, OU Medicine suffered data breach when a laptop potentially storing a spreadsheet containing limited patient information was stolen from a former OU physician. The spreadsheet  in the laptop contained limited information for approximately 9,300 pediatric patients.

Affected Health information includes patient name, diagnosis, treatment code, date of treatment, date of birth, description of urologic medical treatment or procedure, medical record number, and physician name. According to OU Medicine, no addresses, Social Security numbers

, or other billing information was included.

The hospital took precautionary steps by notifying the 9,300 potentially affected individuals via data breach notification letters even though it was not sure whether spreadsheet was present on the laptop. OU Medicine stated that it will provide one year of free credit monitoring to potentially affected individuals.

The physician who owned the stolen laptop had left the department prior to the laptop being stolen. The hospital also mentioned that it does not allow physicians to take medical documents with them after leaving the facility.

The University has policies that generally prohibit the removal of documents that contain patient information from its premises and that require employees to protect patient information on laptops at all times, including by storing it securely,OU Medicine said in its statement.

Facility also expressed regret for the situation.

The University of Oklahoma takes patient privacy seriously,OU said in its statement. The Department is taking additional steps to help prevent similar incidents from occurring and is providing additional training to employees on the importance of securing patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

 

Employee Access and Patient Data Security

October 14th, 2015

Recent research shows that some organizations have loopholes in data access which can cause patient data security issues.

Highlights of the research by IS Decisions are –

63 percent of healthcare staff are still able to logon to different devices and workstations concurrently.

49 percent of surveyed healthcare employees are required to manually logoff

30 percent do not have unique logins

46 percent stated that they believe their actions on the employer’s network can be attributed to them

57 percent of US healthcare staff said their organizations had formal agreements to security policies in their contracts

29 percent of surveyed healthcare professionals did not receive any security training when they were employed

55 percent of existing employees stated they received IT security training

34 percent of US healthcare staff are aware of their organization conducting regular security audits

73 percent of health and pharmaceutical employees said they have access to sensitive or confidential patient information

41 stated that they and their co-workers can see “a lot of” sensitive data

56 percent of IT practitioners said they believe their organizations place just a moderate to low priority on protecting company data, or no priority at all

“To take the standard of security training beyond the base level in on-boarding staff, it is sensible to include adherence to security policies within employee contracts,” the report stated. “This ensures a level of responsibility on the part of the employee, providing a line of culpability in the event that they take action to subvert a policy.”

IS Decision survey has lead to awareness among employee access.

“Healthcare organizations need to protect the patient’s right to privacy while ensuring healthcare professionals get the necessary access to provide the best treatment for their patients,” IS Decisions CEO Francois Amigorena said in a statement. “Information of this critical and confidential nature should only be accessible by authorized users and it really should not be a complicated process.”

Amigorena added that this goal could be achieved by properly implementing and combining access control policies, user identity verifying, and user activity auditing.

“The damage can be greatly reduced by managing data access permissions, making sure employees only have access to the data they need to do their jobs, and by monitoring for unusual activity,” explained Varonis Co-Founder and CEO Yaki Faitelson.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Mailing Error leads to data breach

October 12th, 2015

A Florida health plan suffered potential data breach after a mailing error. The incident caused some members to receive the personal information of other members.

A machine that was programmed to insert two premium statements per envelope led to some statements to be mailed to the wrong individual. Normally, just one statement should have been included in each envelope.

According to the reports, 1,400 individuals received data breach notification from CarePlus. Affected Information potentially includes names, addresses, and CarePlus identification numbers. Social Security numbers were not included in the statements.

As per CarePlus, there is no reason to believe that the disclosed information has been used inappropriately. Extra security measures are added by CarePlus to ensure quality assurance in the mailroom.

Company has notified the individuals about the incident.

According to the statement:

CarePlus is monitoring all claim activity to reduce the possibility of medical identity theft. Any members who have any questions should call CarePlus at 1-800-794-5907, from 8 a.m. to 8 p.m., seven days a week.Anyone who believes their information is being used by someone else is urged to contact CarePlus at once.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Affinity Health Plan data breach

October 9th, 2015

As per the report, AHP members received reminder letters for renewing Child Health Plus for their children which also contained letter in a different language addressed to a different Affinity member.

Due to a printing error that we discovered on Friday, August 14, 2015, the back of the letter you received included a renewal reminder in another language that was mistakenly addressed to a different Affinity member,the letter said. As a result of this error, another Affinity member received a letter mistakenly addressed to you on the back of their August 4, 2015 letter.

Affected information included the childrens names, addresses, and AHP identification numbers. No childs health information was disclosed, nor were Social Security numbers or any billing information. Also, no information regarding the potentially affected children can be accessed via the AHP identification numbers.

AHP expressed regret for the situation as per the company statement.

We sincerely apologize for this error,stated the letter, which was signed by AHPs Retention Department Director Wendy Mezquita. We value you as an Affinity member and look forward to continuing to provide health care coverage for your family.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.