Archive for November, 2015

Stolen laptop leads to data breach

November 4th, 2015

A New York City medical and mental health center recently suffered a potential PHI data breach after a laptop containing patient information was stolen. Affected information includes patient names, medical numbers, test results, and brief clinical notes. The statement made no mention of Social Security numbers and other medical billing information.

Woodhull Medical and Mental Health Center, a part of the New York City Health and Hospitals Corporation (HHC) owns the laptop. Laptop was securely locked and password-protected but was not encrypted. However, HHC mentions that it has no reason to believe that the laptop was stolen for PHI. It was possibly for the market value of the laptop.

Around 1,581 potentially individuals were affected and the notifications about the health data breach was sent via letters. New York City Police Department was also contacted.

Woodhull is implementing several safeguards by –

  • Examining its current security measures to identify weak spots in need of improvement
  • Looking into additional security measures to implement
  • Readministering security awareness training for all staff to underscore the importance of health data security
  • Enlisting the services of Kroll, a third-party identity theft protection agency, to provide identity theft protection services to potentially affected individuals

Woodhull expressed regret that the incident happened.

“We at Woodhull take our role of safeguarding your personal information and using it in an appropriate manner very seriously,” the provider said in its notification letter. “Woodhull apologizes for the concern this incident may have caused and assures you that we are doing everything we can to prevent an incident of this nature from reoccurring.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

API and Security Risk

November 2nd, 2015

What is API?

In computer programming, an application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types.

How it is accessed?

Mobile devices, smart televisions, games consoles and even nodes in the Internet of Things

API Security and Expert Review

APIs present a real security risk, and that hackers steal data by finding easy loopholes.

“What we have seen is applications being broken down into micro-services, and when you do that you are creating many more interfaces and exposing those interfaces. So of course the attack surfaces are much larger,” said Subra Kumaraswamy, head of product security at Apigee, a California-based API security platform vendor. “Hackers no longer attack one application; they can look at lots of services. So there is a bigger risk that they can get access to data.”

API is itself new module which needs extra attention.

APIs present an extra headache to organizations because of their power, Kumaraswamy said. “Before, hackers had to sit behind a console and try different things to find vulnerabilities. But because APIs are programmable, they can program attacks. They can write a system that automates their attacks and tries different things.”

API has become a significant part of business.

“APIs are often made as part of an initiative like mobile, and businesses measure success by user engagement or user adoption,” Kumaraswamy said. “Sometimes that means they don’t pay attention to the security aspects of the API. Businesses need more agility, and security sometimes comes second.”

Security Product and API

Security products are extremely useful for API. Most businesses are belatedly waking up to the API security problem. The market is still relatively immature, though, and only 5 percent to 10 percent of organizations offering APIs use such products, Kumaraswamy estimates.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.